2241 matches found
CVE-2023-50939
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129...
CVE-2021-41106
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...
CVE-2024-41763
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
GNU Privacy Guard 2.5.16
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
TP-Link TL-WR820N 2.80 Weak Cryptography
TP-Link TL-WR820N version 2.80 uses weak cryptographic algorithms for SSH...
SUSE CVE-2023-54250
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
EUVD-2023-60391
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
CVE-2023-54250
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
CVE-2023-54250
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
UBUNTU-CVE-2023-54250
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...
CVE-2023-54250
In the Linux kernel ksmbd component, CVE-2023-54250 concerns an out-of-bounds access in decode_preauth_ctxt(). The issue is that the code checks only the eight-byte SMB2_neg_context header and the client-controlled DataLength, which can exceed the SMB request boundary; this is insufficient to gua...
CVE-2025-14175
The CVE-2025-14175 entry concerns the SSH server on TP-Link TL-WR820N v2.80, where weak cryptographic algorithm support is reported. The vulnerability enables an adjacent attacker to intercept and decrypt SSH traffic, impacting confidentiality. The CVSS v4.0 vector indicates an adjacent network a...
Are We Ready to Be Governed by Artificial Intelligence?
Artificial Intelligence AI overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and small. This has occurr...
CVE-2022-50731 crypto: akcipher - default implementation for setting a private key
In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the default implementation from setpubkey: it is assumed that an implementation must always have this callback defined as there are no u...
Post-Quantum Cryptography in the 5G Core
In this work, the conventional cryptographic algorithms used in the 5G Core are replaced with post-quantum alternatives and the practical impact of this transition is evaluated. Using a simulation environment, we model the registration and deregistration of varying numbers of user equipments UEs...
CVE-2025-13532
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...
Target Cipher Inventory
This plugin collects cryptographic ciphers and algorithms discovered during the scan as a machine parsable JSON file attachment. TRUSTED...
Post-quantum X509 Signature Algorithms
This plugin detects which post-quantum TLS signature algorithms are supported by the remote service. TRUSTED...
AMS Development GAMS 安全漏洞
AMS Development GAMS is an algebraic modeling system from AMS Development India. AMS Development GAMS suffers from a security vulnerability that stems from checksums and the use of insecure algorithms that could lead to the generation of an unlimited valid license...