SUSE-SU-2024:1368-1 Security update for shim

This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of fde-tpm-helper-macros to the distro with suseversion 1600 and above bsc1219460 Update to version 15.8: Security issues fixed: - mok: fix LogError invocation...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to the incorrect implementation of the authentication algorithm. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the /squashfs-root/etc-ro/custom.conf file of the Telnet service of the TOTOLINK N200RE microprogramming device allows a intruder to gain unauthorized access to protected information.

The vulnerability of the /squashfs-root/etc-ro/custom.conf file of the Telnet service for the TOTOLINK N200RE microprogramming device router software is related to the use of a vulnerable cryptographic algorithm in the configuration files. Exploiting this vulnerability could allow an attacker to...

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-3652

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...

New Lattice Cryptanalytic Technique

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer...

CVE-2024-30261

...

ROS-20240412-06

A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...

CVE-2023-29483

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Impact If an attacker can alter the integrity option passed to fetch, they can let fetch accept requests as valid even if they have been tampered. Patches Fixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3. Fixes has been released in v5.28.4 and v6.11.1...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to an insecure cryptographic algorithm and to information disclosure due to DB2 (CVE-2023-47152)

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2024-3130

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130

CVE-2024-3130 affects CoolKit eWeLlink app prior to 5.4.x. The vulnerability is due to hard-coded credentials in the Android/iOS client, enabling a local attacker to access sensitive data via a decryption algorithm and a key obtainable after decompiling the app. Impact is confidential data exposu...

Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I cant remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...

Dell PowerScale OneFS Encryption Issue Vulnerability (CNVD-2024-16188)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from an encryption issue vulnerability that stems from the use of a corrupted encryption algorithm, which can be exploited by an...

CVE-2024-25963

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure...

CVE-2024-25963

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure...

CVE-2024-29886

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...