CVE-2024-47921

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm...

CVE-2024-47921 Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm...

CVE-2024-47921

CVE-2024-47921 concerns Smadar SPS with CWE-327: Use of a Broken or Risky Cryptographic Algorithm. Affected product: Smadar SPS; reports reference cryptographic weaknesses in the software (CNNVD 202412-3229) and details vary by source (e.g., version 4.0.44.0.64 cited by CNNVD). CVSS 3.1 metrics i...

CVE-2024-47921 Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm...

PT-2024-32897 · Unknown · Smadar Sps

Name of the Vulnerable Software and Affected Versions: Smadar SPS affected versions not specified Description: The issue is related to the use of a broken or risky cryptographic algorithm, as identified by CWE-327. This could potentially lead to security risks due to the weakness in the...

Smadar SPS 加密问题漏洞

Smadar SPS is a smart digital archiving software from Smart Printing Solutions LTD. An encryption issue vulnerability exists in Smadar SPS version 4.0.44.0.64, which arises from the use of a corrupt or risky encryption algorithm...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

CVE-2024-56738 details (Mode C): GNU GRUB (GRUB2) up to version 2.12 is affected because grub_crypto_memcmp is not implemented in constant time, enabling potential side-channel attacks. Connected Nessus entries for EulerOS/Virt show the same CVE-2024-56738 claim and reference. The description doe...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

SUSE CVE-2024-53222

In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in compalgorithmshow LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ 3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0...

DEBIAN-CVE-2024-53222

In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in compalgorithmshow LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ 3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0...

AZL-55192 CVE-2024-53222 affecting package kernel for versions less than 6.6.85.1-1

In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in compalgorithmshow LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ 3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0...

AZL-55506 CVE-2024-53202 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix possible resource leak in fwlogfirmwareinfo The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with cryptofreeshash...

UBUNTU-CVE-2024-53222

In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in compalgorithmshow LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ 3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0...

CVE-2024-53202 firmware_loader: Fix possible resource leak in fw_log_firmware_info()

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix possible resource leak in fwlogfirmwareinfo The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with cryptofreeshash...

CLSA-2024-1735121358 openssl: Fix of CVE-2024-4603

CVE-2024-4603: Check DSA parameters for excessive sizes before validating...

CVE-2024-55539

CVE-2024-55539 affects Acronis Cyber Protect Cloud Agent (Linux) and Acronis Cyber Protect 16 (Linux) via use of a weak algorithm to sign RPM packages. Red Hat and other sources corroborate the impact on the listed builds: Acronis Cyber Protect Cloud Agent before 39185 and Acronis Cyber Protect 1...

SUSE CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

CVE-2024-54150

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...