Moderate: libgcrypt security, bug fix, and enhancement update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt 1.8.5. BZ1764918 Security Fixes: libgcrypt: ECDSA timing attack allowing private key leak CVE-2019-13627 For more...

RLSA-2020:4482 Moderate: libgcrypt security, bug fix, and enhancement update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt 1.8.5. BZ1764918 Security Fixes: libgcrypt: ECDSA timing attack allowing private key leak CVE-2019-13627 For more...

libgcrypt security, bug fix, and enhancement update

An update is available for libgcrypt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libgcrypt library provides general-purpose implementations of various...

Security Bulletin: Rational Developer for System z - Add support for TLS v1.2 with MS-CAPI in HCE

Summary IBM Rational Developer for System z has added support for TLS v1.2 with MS-CAPI in the Host Connection Emulator Vulnerability Details CVEID: CVE-2017-1796 DESCRIPTION: IBM Developer for z Systems uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt...

CVE-2020-4254

IBM Security Guardium Big Data Intelligence 1.0 SonarG uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560...

Code injection

IBM Security Guardium Big Data Intelligence 1.0 SonarG uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560...

Akamai's Polymorphic AI Framework Preemptively Manages Bots

Too many security efforts react to threats as they come. While security teams often succeed through Herculean efforts, being constantly under siege takes its toll on your resources. The relentless barrage of bot attacks will eventually crack the human- and system-based methods to block or mitigat...

The vulnerability in the implementation of the TLS (Transport Layer Security) protocol for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the TLS Transport Layer Security protocol implementation in Windows operating systems is related to the use of weak hashing algorithms. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

CVE-2020-4613

IBM Data Risk Manager iDNA 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925...

CVE-2020-4613

IBM Data Risk Manager iDNA 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925...

Design/Logic Flaw

IBM Data Risk Manager iDNA 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925...

CVE-2020-4614

CVE-2020-4614 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Remediation is to upgrade to v2.0.6.4 and then apply subsequent fixpacks (2.0.6.5, 2.0.6.6) in order, as detailed in ...

CVE-2020-1596

A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to...

CVE-2020-1596

A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to...

Information disclosure

A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to...

CVE-2020-1596

Technical details for CVE-2020-1596 are not provided in the connected documents. The initial description lacks product/version/root-cause specifics; monitor for updates.

TLS Information Disclosure Vulnerability

A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to...

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

PT-2020-4161 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A information disclosure issue exists due to the use of weak hash algorithms by TLS components. This could allow an attacker to obtain information to further compromise a user's encrypted...