Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35540
https://github.com/dotnetcore/AgileConfig/issues/91
ht…
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-36599
https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3e…
Impact
A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this w…
Ward Beullens found a practical key-recovery attack against Rainbow.
The level I parametersets are removed from liboqs starting from version 0.7.2.
Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop.
This means all the oqs::sig…
Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary
As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of pa…
Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol.
As a result, the secret key of SIKEp751 can be recovered in a matter of hours.
The SIKE and SIDH schemes will be removed from oqs 0.7.2.
An efficient key …
Before Chrome browser was even launched, the Chrome team was working behind the scenes to create a different browsing experience: one that was both personalized and helpful. This mission has remained central to the Chrome team’s values as we continuous…
Many of us have experienced the frustration of visiting a web page that seems like it has what we’re looking for, but doesn’t live up to our expectations. The content might not have the insights you want, or it may not even seem like it was created for…
大日本印刷株式会社(以下、DNP)は、愛知県春日井市(以下、春日井市)の高蔵寺ニュータウンにて実施し…
三菱電機株式会社(以下、三菱電機)の自動車機器事業販売子会社であるメルコオートモーティブソリューショ…
