Security Bulletin: IBM QRadar SIEM is vulnerable to using broken or risky cryptographic algorithms (CVE-2023-26276)

Summary IBM QRadar SIEM is vulnerable to using broken or risky cryptographic algorithms. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2023-26276 DESCRIPTION: IBM QRadar uses weaker than expected cryptographic algorithms that could allow an attacker t...

CBL Mariner 2.0 Security Update: edk2 / hvloader / openssl / rust (CVE-2023-2650)

The version of edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2650 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data...

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Use of a Broken or Risky Cryptographic Algorithm (CVE-2018-7242)

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. This plugin only works with...

Security Bulletin: Multiple security vulnerabilities have been identified in GSKit, which is shipped with IBM Tivoli Network Manager IP Edition.

Summary GSKit is shipped with IBM Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting GSKit has been published here. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing...

CVE-2023-26276 IBM QRadar information disclosure

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

CVE-2023-26276 IBM QRadar information disclosure

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

CVE-2023-26276

IBM QRadar SIEM 7.5.0 is affected by CVE-2023-26276 due to weaker cryptographic algorithms that could allow decryption of highly sensitive information. The Red Hat/IBM bulletin confirms affected product, version range (7.5.0 to 7.5.0 UP5) and that remediation is available in 7.5.0 UP6. Documented...

IBM QRadar SIEM 加密问题漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by...

CVE-2023-32229

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option signing of the video stream with option MD5, SHA-1 or SHA-256...

AI-Generated Steganography

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

Fedora: Security Advisory for openssl (FEDORA-2023-964eb00fc6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: openssl-3.0.9-1.fc37

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Fedora: Security Advisory for openssl (FEDORA-2023-026c8ba371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AI Is Being Used to ‘Turbocharge’ Scams

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems...

[SECURITY] Fedora 38 Update: openssl-3.0.9-1.fc38

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

The vulnerability of the built-in software of the ARIS controller, related to the use of cryptographic algorithms that contain defects and risks, allows a perpetrator to gain access to critical information.

The vulnerability of the built-in software of the ARIS controller is related to the use of cryptographic algorithms that contain defects and risks. Exploiting this vulnerability could allow a malicious actor to gain access to critical information...

CGAL: Multiple Vulnerabilities

Background CGAL is a C++ library for geometric algorithms and data structures. Description Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...