11310 matches found
EUVD-2026-40291
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...
Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise
Summary Multiple vulnerabilities were addressed in IBM DataStax Enterprise 6.9.23 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is...
CVE-2026-53302
A flaw was found in the Linux kernel's cryptographic module, specifically within the EIP93 hardware accelerator driver. An error in how the system allocates resources for HMAC Keyed-Hash Message Authentication Code operations can lead to a critical system failure. When certain cryptographic...
Oracle Linux 9 : gnutls (ELSA-2026-50346)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50346 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty
Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and...
CVE-2026-53046
A flaw was found in the Linux kernel's ksmbd component. This vulnerability, a use-after-free, occurs when the ksmbd component incorrectly handles asynchronous async cryptographic operations, specifically with hardware crypto engines like the Qualcomm Crypto Engine QCE. When the QCE returns an...
CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm
The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...
CVE-2026-9220
The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...
DEBIAN-CVE-2026-7511
PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...
CVE-2026-53016
A flaw was found in the Linux kernel's cryptographic coprocessor CCP driver. When processing AFALG rfc3686-ctr-aes-ccp requests, the ccpaescomplete function attempts to restore more data than the allocated buffer for the Initialization Vector IV can hold. This leads to a buffer overrun, which can...
CVE-2026-6094
Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...
Tridium Niagara Use of a Broken or Risky Cryptographic Algorithm (CVE-2025-3938)
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...
PT-2026-52126
Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue exists where the software fails to properly verify cryptographic signatures, allowing authenticated remote attackers to execute arbitrary code in the context of SYSTEM. The flaw ...
EUVD-2026-34311
OHttpVersionChunkDraft: Missing Final-Chunk Enforcement Leads to Undetected Stream Truncation...
Security Bulletin: IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82.
Summary IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This...
openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects
A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...
CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
UBUNTU-CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...