Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

Hash Collision Weakness

Dragonfly is vulnerable to Hash Collision Weakness. The vulnerability is due to the use of insecure hash functions such as MD5 for verifying downloaded files, which allows an attacker to craft malicious files with colliding hashes and replace legitimate files without detection...

Debian devscripts 安全漏洞

Debian devscripts is a Debian community package that contains a collection of packages for system maintenance and scripting. A security vulnerability exists in Debian devscripts that stems from the uscan tool skipping OpenPGP authentication when verifying upstream sources...

Invariant-Based Cryptography

We propose a new symmetric cryptographic scheme based on functional invariants defined over discrete oscillatory functions with hidden parameters. The scheme encodes a secret integer through a four-point algebraic identity preserved under controlled parameterization. Security arises not from...

Towards Stateless Clients in Ethereum: Benchmarking Verkle Trees and Binary Merkle Trees with SNARKs

Ethereum, the leading platform for decentralized applications, faces challenges in maintaining decentralization due to the significant hardware requirements for validators to store Ethereum's entire state. To address this, the concept of stateless clients is under exploration, enabling validators...

PT-2024-34163

Name of the Vulnerable Software and Affected Versions: gnark versions 0.11.0 and earlier Description: The issue is related to excessive memory allocation during the deserialization of Groth16 verification keys in gnark, leading to a denial of service DoS. This can cause the program to crash with ...

GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

ALSA-2024:0463 Moderate: rpm security update

The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...

CVE-2023-36344

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...

Design/Logic Flaw

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

veranstaltung.wiso-consulting.de Cross Site Scripting vulnerability OBB-3376523

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

alscanada.ca Cross Site Scripting vulnerability OBB-3307769

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-35108

Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile...

ssadayo.co.kr Cross Site Scripting vulnerability OBB-2867439

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Northwave Log4j CVE-2021-44228 checker Friday 10 December 202...

[SECURITY] Fedora 35 Update: python-rsa-4.7.2-1.fc35

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

[SECURITY] Fedora 33 Update: python-rsa-4.7.2-1.fc33

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The...

Fedora Update for python-ecdsa FEDORA-2019-8fcf21a816

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: python-ecdsa-0.13.3-1.fc29

This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs signing key and verifying key, sign messages, and verify the signatures. The key...