The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

The vulnerability of the IBM WebSphere Application Server application server, related to the use of cryptographic algorithms containing vulnerabilities, allows attackers to disclose protected information.

The vulnerability of the IBM WebSphere Application Server application server is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

CVE-2024-38443

C/sorting/binaryinsertionsort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements...

CVE-2024-38443

C/sorting/binaryinsertionsort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements...

The Algorithms security breach

The Algorithms is a library of The Algorithms open source. It is a collection of open source implementations of various algorithms. A security vulnerability exists in The Algorithms that stems from the presence of a deeply recursive segmentation error...

CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...

CVE-2024-34113

Adobe ColdFusion is affected by CVE-2024-34113 (Weak Cryptography for Passwords) affecting ColdFusion 2023u7, 2021u13 and earlier. The issue stems from insufficiently strong cryptographic algorithms or flawed implementation used for password protection, enabling potential decryption or guessing o...

CVE-2024-36405

CVE-2024-36405 affects the liboqs reference Kyber KEM implementation. A control-flow timing leak arises when the Kyber KEM is compiled with Clang 15–18 under certain options (including -Os and -O1), enabling a local attacker to measure decapsulation timings and recover the entire ML-KEM 512 secre...

OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

OpenSSL 1.0.2 < 1.0.2zc Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zc. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zc advisory. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS...

Fedora: Security Advisory for rust-rpick (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

GO-2024-2877 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd...

[SECURITY] Fedora 39 Update: rust-rpick-0.9.0-3.fc39

Helps you pick items from a list by various algorithms. Example uses: pick a restaurant you haven't been to in a while, or an album to listen to...

[SECURITY] Fedora 39 Update: rust-libcramjam-0.3.0-3.fc39

Compression library combining a plethora of algorithms in a similar as possible API...

The vulnerability of the application programming interface of the Delinea Secret Server management software allows a perpetrator to bypass the authentication process.

The vulnerability of the application programming interface of the Delinea Secret Server management software relates to the use of cryptographic algorithms with a hard-programmed key for encryption. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures...

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we dont know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

[SECURITY] Fedora 40 Update: rust-rpick-0.9.0-3.fc40

Helps you pick items from a list by various algorithms. Example uses: pick a restaurant you haven't been to in a while, or an album to listen to...

[SECURITY] Fedora 40 Update: rust-libcramjam-0.3.0-3.fc40

Compression library combining a plethora of algorithms in a similar as possible API...