The vulnerability of the IBM QRadar SIEM system for event collection and analysis, related to the use of cryptographic algorithms containing defects, allows attackers to bypass the cryptographic mechanisms used for encryption protection.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to bypass the cryptographic security measures...

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to cause SSH servers to fail...

The vulnerability of the microprogramming software of the asynchronous server Moxa NPort 5600 is related to the use of cryptographic algorithms that contain vulnerabilities, allowing attackers to gain unauthorized access to the device.

The vulnerability of the microprogramming software of the asynchronous server Moxa NPort 5600 is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device...

Oracle Linux 9 : openssl (ELSA-2023-12768)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12768 advisory. 3.0.7-16.0.1 - Replace upstream references Orabug: 34340177 Tenable has extracted the preceding description block directly from the Oracle Linux...

Design/Logic Flaw

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

CVE-2023-38730 IBM Spectrum Copy Data Management information disclosure

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

CVE-2023-38730 IBM Spectrum Copy Data Management information disclosure

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

CVE-2023-38730

IBM Spectrum Copy Data Management (SCDM) versions 2.2.0.0–2.2.19.0 use weaker cryptographic algorithms, enabling potential disclosure of highly sensitive data. The root cause is the use of insufficiently strong cryptography (e.g., weak DH moduli discussed in the IBM bulletin), affecting confident...

Security Bulletin: IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms

Summary IBM SCDM allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time depending on modulus size and attacker resources. This may allow an attacker to...

Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an...

HCL DRYiCE iAutomate Encryption Issue Vulnerability

HCL Technologies DRYiCE MyCloud is a Hybrid Cloud Lifecycle Management product from HCL Technologies, USA. A security vulnerability exists in HCL DRYiCE iAutomate that stems from the use of broken encryption algorithms...

Vulnerability fixed in AMD processors

A vulnerability has been fixed in the microcode of AMD processors. The vulnerability has been named "Inception" and enables a local, authenticated malicious person to manipulate the operation of the Predictive Algorithms, which could circumvent measures in place to prevent unauthorized instructio...

TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio TETRA standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed...

CVE-2021-38933

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574...

CVE-2021-38933

CVE-2021-38933 affects IBM Sterling Connect:Express for UNIX 1.5.x. The IBM security bulletin notes use of weaker cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Remediation: upgrade to Connect:Express for UNIX 1.5.0.1609 or newer. Current exploit details...

CVE-2023-3108

CVE-2023-3108 affects the Linux kernel, specifically the get_user_pages_fast path in the skcipher_recvmsg interface for symmetric-key ciphers (crypto/algif_skcipher.c). The flaw allows a local user to crash the system. Public details in the provided documents confirm the vulnerable component and ...

CVE-2023-3108

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108 Kernel: a race condition in crypto module in the function skcipher_recvmsg

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

Security Bulletin: IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID:CVE-2021-38933 DESCRIPTION: IBM Sterling Connect:Direct uses weaker than expected cryptographic algorithms that...

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...