CVE-2022-43843

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080...

Code injection

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080...

CVE-2022-43843

IBM Spectrum Scale Data Access Services (DAS) is affected by CVE-2022-43843 due to the use of weaker-than-expected cryptographic algorithms in TLS, potentially allowing decryption of highly sensitive information. Affected product: IBM Spectrum Scale, versions 5.1.5.0 through 5.1.5.1. Root cause: ...

CVE-2022-43843 IBM Spectrum Scale information disclosure

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080...

GO-2023-2379 Denial of service due to malicious parameters in github.com/lestrrat-go/jwx

The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password brute-force...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale Data Access Services (DAS) where insecure communication in TLS connections is used. (CVE-2022-43843)

Summary A security vulnerability has been identified in IBM Spectrum Scale Data Access Services DAS where insecure communication in TLS connections is used. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-43843 DESCRIPTION: IBM Spectrum Scale uses weaker than...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

A New Trick Uses AI to Jailbreak AI Models—Including GPT-4

Adversarial algorithms can systematically probe large language models like OpenAI’s GPT-4 for weaknesses that can make them misbehave...

[SECURITY] [DLA 3669-1] cryptojs security update

Debian LTS Advisory DLA-3669-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin November 27, 2023 https://wiki.debian.org/LTS Package : cryptojs Version : 3.1.2+dfsg-2+deb10u1 CVE ID : CVE-2023-46233 Debian Bug : 1055525 Thomas Neil James Shadwell reported that...

CVE-2023-38361 IBM CICS TX Advanced information disclosure

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770...

Remote Code Execution (RCE)

vantage6node is vulnerable to Remote Code Execution RCE. The system fails to validate the execution of a child task if it has a specified parent task ID which could be exploited by an attacker who gains unauthorized access to the system. By setting a fake parent task ID for a malicious task, the...

vantage6-server node accepts non-whitelisted algorithms from malicious server

Impact A node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a fake parentid and send a task of a non-whitelisted algorithm. The node will then execute it because the parentid that is set prevents checks from bein...

PYSEC-2023-304

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

The vulnerability of the JWT implementation in Python PyJWT, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the integrity of the data.

The vulnerability of the JWT implementation in Python PyJWT is related to the absence of blocking for certain formats of the secret key. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

PT-2023-30525 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.1.2 Description: The issue arises when a node does not check if an image is allowed to run if a parent id is set. A malicious party that breaches the server may modify it to set a fake parent id and send a task of...

GHSA-CFC2-WR2V-GXM5 AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

PT-2023-9800 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions prior to 2.14.1 Description: The issue in AsyncSSH allows attackers to control the extension info message via a man-in-the-middle attack, enabling them to conduct algorithm downgrade attacks during user authentication. This...

NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...

The vulnerability of Java Secure Socket Extension (JSSE) and IBMJCEPlus, components of the IBM SDK Java Technology development environment, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Java Secure Socket Extension JSSE and IBMJCEPlus, part of the IBM SDK Java Technology development tools, is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

Security Bulletin: "Weak or Unsupported ciphers" vulnerability may affect IBM CICS TX Advanced 10.1

Summary "Weak or Unsupported ciphers" vulnerability may affect IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2023-38361 DESCRIPTION: IBM CICS TX Advanced uses weaker than expected cryptographic algorithms that could all...