CVE Find’s Post

[CVE-2024-7180: HIGH] Critical vulnerability found in TOTOLINK A3600R 4.1.2cu.5182_B20201102, allowing remote buffer overflow via manipulation of comment argument in /cgi-bin/cstecgi.cgi. Exploit disclosed publicly as vendor did not respond. Vulnerability identifier: VDB-272601. https://lnkd.in/eKvVkvTD

[CVE-2024-7462: HIGH] Critical buffer overflow vulnerability identified in TOTOLINK N350RT 9.3.5u.6139_B20201216 could be exploited remotely by manipulating the ssid argument in setWizardCfg function of /cgi-bin/cstecgi.cgi. The public disclosure of this exploit under identifier VDB-273555 poses a significant risk. The vendor has not responded despite being informed of this issue. https://lnkd.in/eG2CTZcu

[CVE-2024-7337: HIGH] Critical vulnerability found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 allows remote attackers to trigger a buffer overflow via manipulation of the http_host argument in the file /cgi-bin/cstecgi.cgi. Exploit public, identifier VDB-273260. No vendor response despite early contact. https://lnkd.in/eN_R2dSV

Why do we need a separate method for symmetric key encryption and another for hashing? With the sponge function of ASCON, we can implement both in a single method: https://lnkd.in/d3nSBxZT

XChaCha20 With symmetric key, Bob and Alice have the same key. NaCl uses the XChaCha20 method, and which supports stream encryption (and which does not require padding as a block cipher does, and is also faster than block cipher modes). ChaCha20 was created by Daniel J. Bernstein, and has an eight byte or 16 byte nonce. XChaCha20 (eXtended-nonce ChaCha) is an update to ChaCha20 and uses a 24-byte nonce. It has a lower probability of nonce misuse than ChaCha20. The cipher text is made up of the cipher message (and which is the same length of the plaintext message) is the same number of bytes as the message (five bytes), and that the cipher text has an extra 16 bytes (used for AEAD - Authenticated Encryption with Associated Data). The MAC bytes used Poly1305 and provide an integrity check for the cipher. https://lnkd.in/dPUg94AK

[CVE-2024-52759: CRITICAL] D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. https://lnkd.in/eAG7TGjY

It’s the perfect time to try out an #ebpf based process runtime tool like Tetragon. Give it a spin now to check if you’re running a vulnerable XZ backfired OpenSSH. Afterwards take a look into how Tetragon can mitigate theee types of vulnerabilities in the future here https://lnkd.in/eJHeVaWc .

Homomorphic encryption supports batch mode, where we can efficiently process a range of ciphertext values. In this case, we can convert an array into a plaintext array using a batch mode. Once we have this we can then convert this into a ciphertext array. In this case we will take a sequence of numbers and then convert these to ciphertext value, and then square each value in a batch mode. We can then decrypt and find the square value. BFV/BGV: https://lnkd.in/gpiBa3sd CKKS: https://lnkd.in/gqhDFRgf

In this case study, you'll learn how the Nexxen team uses ApplicationSets in ArgoCD. The team explains how they group them, organize prod and non-prod environments and their strategy for scaling. More: https://lnkd.in/eWE6FCE2

[CVE-2024-9553: HIGH] Critical vulnerability found in D-Link DIR-605L 2.13B01 BETA allows remote buffer overflow attack via manipulation of argument curTime in formdumpeasysetup function. Public exploit disclosed, urging immediate action to secure systems. https://lnkd.in/eTFZcaTe