Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked...

FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the be233fc6-bae7-11ed-a4fb-080027f5fec9 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

[SECURITY] Fedora 36 Update: openssl-3.0.8-1.fc36

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

K14363514: OpenSSL vulnerability CVE-2017-3736

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perfo...

K83623027: OpenSSL vulnerability CVE-2021-3449

Security Advisory Description An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a...

The Impact of Artificial Intelligence on Cybersecurity

Abstract: Artificial Intelligence AI has been a game-changer in many industries, and cybersecurity is no exception. AI has revolutionized the way organizations approach security, providing new and innovative solutions for detecting and mitigating cyber threats. However, with its increasing use, i...

Dell EMC Unity Encryption Issue Vulnerability

Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...

CURL-CVE-2023-23916 HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

SUSE CVE-2009-0049

Belgian eID middleware eidlib 2.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

SUSE CVE-2015-0291

The sigalgs implementation in t1lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by using an invalid signaturealgorithms extension in the ClientHello message during a renegotiation...

SUSE CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

SUSE CVE-2016-2850

Botan 1.11.x before 1.11.29 does not enforce TLS policy for 1 signature algorithms and 2 ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

SUSE CVE-2018-12433

DISPUTED cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the...

SUSE CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

SUSE CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...

SUSE CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

Vulnerability of the options.kex_algorithms component in the OpenSSH cryptographic protection server, allowing a hacker to execute arbitrary code.

The vulnerability of the options.kexalgorithms component in the OpenSSH cryptographic protection server is related to a memory reclamation error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Security Bulletin: IBM CICS TX Standard is vulnerable to attack because it uses weak crytopgraphic algorithms (CVE-2022-34320).

Summary IBM CICS TX Standard could allow an attack because it uses weak crytopgraphic algorithms. The fix removes this vulnerability CVE-2022-34320 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34320 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms tha...

Security Bulletin: IBM CICS TX Standard is vulnerable to an attacker decrypting highly sensitive information . (CVE-2022-34310) .

Summary IBM CICS TX Standard could allow an attacker to decrypt highly sensitive information . The fix removes this vulnerability CVE-2022-34310 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-34310 DESCRIPTION: IBM CICS TX uses weaker than expected cryptographic algorithms that...