Understanding the Error Sensitivity of Privacy-Aware Computing

Homomorphic Encryption HE enables secure computation on encrypted data without decryption, allowing a great opportunity for privacy-preserving computation. In particular, domains such as healthcare, finance, and government, where data privacy and security are of utmost importance, can benefit fro...

Quantum Hilbert Transform

The Hilbert transform has been one of the foundational transforms in signal processing, finding it's way into multiple disciplines from cryptography to biomedical sciences. However, there does not exist any quantum analogue for the Hilbert transform. In this work, we introduce a formulation for t...

CVE-2024-38764

Cross-Site Request Forgery CSRF vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9...

CVE-2023-21856

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite component: General Ledger Update Transform, Reports. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

CVE-2020-12889

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case...

CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...

GDNTT: an Area-Efficient Parallel NTT Accelerator Using Glitch-Driven Near-Memory Computing and Reconfigurable 10T SRAM

With the rapid advancement of quantum computing technology, post-quantum cryptography PQC has emerged as a pivotal direction for next-generation encryption standards. Among these, lattice-based cryptographic schemes rely heavily on the fast Number Theoretic Transform NTT over polynomial rings,...

Firefox XSLTProcessor JavaScript Use-After-Free

Firefox suffers from a use-after-free vulnerability when running JavaScript during XSLT transform. Included is a proof of concept that triggers a use-after-free by deleting nodes from the source document during transform, while those nodes are referenced in Xpath node list. Various other proof of...

📄 Craft CMS Image Transform Pre-Authenticaton Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 3.x, 4.x, and 5.x prior to 5.6.17 via the image transform endpoint. It injects a PHP Meterpreter payload into the Craft session, then triggers its execution by abusing the Yii behavior...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

Fast and Robust Speckle Pattern Authentication by Scale Invariant Feature Transform Algorithm in Physical Unclonable Functions

Nowadays, due to the growing phenomenon of forgery in many fields, the interest in developing new anti-counterfeiting device and cryptography keys, based on the Physical Unclonable Functions PUFs paradigm, is widely increased. PUFs are physical hardware with an intrinsic, irreproducible disorder...

AGATE: Stealthy Black-Box Watermarking for Multimodal Model Copyright Protection

Recent advancement in large-scale Artificial Intelligence AI models offering multimodal services have become foundational in AI systems, making them prime targets for model theft. Existing methods select Out-of-Distribution OoD data as backdoor watermarks and retrain the original model for...

A Unified Hardware Accelerator for Fast Fourier Transform and Number Theoretic Transform

The Number Theoretic Transform NTT is an indispensable tool for computing efficient polynomial multiplications in post-quantum lattice-based cryptography. It has strong resemblance with the Fast Fourier Transform FFT, which is the most widely used algorithm in digital signal processing. In this...

The vulnerability of the z_erofs_shifted_transform() function in the fs/erofs/decompressor.c module, which is part of the Linux kernel’s file system support, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the zerofsshiftedtransform function in the fs/erofs/decompressor.c module, which is part of the Linux kernel’s file system support, relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality...

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to writing beyond buffer boundaries in memory, allowing a malicious actor to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools lies in the issue of writing beyond buffer boundaries in memory when processing DFT format files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Out-of-Bounds

Overview mindspore is a MindSpore is an open source deep learning training/inference framework that could be used for mobile, edge and cloud scenarios. Affected versions of this package are vulnerable to Out-of-Bounds through the mindspore.numpy.fft.hfftn and mindspore.numpy.fft.rfft2 functions. ...

Incorrect Authorization

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Authorization due to missing checks in transformMiddleware which ignore certain query parameters. An attacker can access unauthorized files by including a ?raw?? ...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-26708: mptcp: fix inconsistent state on fastopen race bsc1222672. CVE-2024-40980: dropmonitor: replace spinlock by rawspinlock bsc1227937. CVE-2024-44974:...

firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access...