SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libcryptopp (SUSE-SU-2025:4310-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4310-1 advisory. - CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS1v1.5 padding. bsc1218217 Tenable...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-28026)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28026 advisory. 5.4.17-2136.349.3.2 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705546 CVE-2025-40019 Tenable has extracted t...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. An attacker can recover all...

CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

Decryption Thorough Polynomial Ambiguity: Noise-Enhanced High-Memory Convolutional Codes for Post-Quantum Cryptography

We present a novel approach to post-quantum cryptography that employs directed-graph decryption of noise-enhanced high-memory convolutional codes. The proposed construction generates random-like generator matrices that effectively conceal algebraic structure and resist known structural attacks...

gokey 安全漏洞

gokey is a Go language library open-sourced by Cloudflare. A security vulnerability exists in gokey versions prior to 0.2.0, which stems from a flaw in the seed decryption logic that could lead to password entropy reduction and password recovery attacks...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28025)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28025 advisory. - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38712788 CVE-2025-40019 Tenable has extracted the precedi...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28024)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28024 advisory. 5.15.0-314.193.5.5 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705933 CVE-2025-40019 Tenable has extracted th...

Unbreakable Enterprise kernel security update

5.15.0-314.193.5.5 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705933 CVE-2025-40019...

Unbreakable Enterprise kernel security update

5.4.17-2136.349.3.2 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705546 CVE-2025-40019...

Security Bulletin: Vulnerability in NX-OS Firmware and DCNM Software used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code and NDFC code levels listed below. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing...

Security update for libcryptopp

This update for libcryptopp fixes the following issues: CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS1v1.5 padding. bsc1218217 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:4310-1 Security update for libcryptopp

This update for libcryptopp fixes the following issues: - CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS1v1.5 padding. bsc1218217...

OPENSUSE-SU-2025:20116-1 Security update for rnp

This update for rnp fixes the following issues: - update to 0.18.1: CVE-2025-13470: PKESK public-key encrypted session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only boo1253957, CVE-2025-13402...

IBM Concert Encryption Issues Vulnerabilities

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...

CVE-2025-36150

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13470

A flaw was found in RNP. This vulnerability allows for the trivial decryption of data encrypted using public-key encryption, fully compromising confidentiality, via an uninitialized symmetric session key in Public-Key Encrypted Session Key PKESK packets, which results in an all-zero byte array...

CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Inside Track 加密问题漏洞

Inside Track is a horse racing betting engine by the individual developer Lumina Mescuwa. Inside Track suffers from an encryption issue vulnerability that stems from the VDF encryption system not enforcing a sequential delay, which could lead to immediate decryption...

CVE-2025-36150

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...