CVE-2022-43305

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

CVE-2022-33160

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568...

CVE-2022-34361

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

CVE-2022-34319

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463...

CVE-2022-32753

IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444...

CVE-2022-22462

IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078...

The vulnerability of microprogramming software in devices for integration and control of automation and data collection systems, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of microprogramming software in devices for integration and control of automation systems and data collection servers is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a malicious actor to compromise the...

CVE-2022-22461

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007...

CVE-2022-34309

IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440...

CVE-2013-1649

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack...

CVE-2019-25030

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

GenoArmory: a Unified Evaluation Framework for Adversarial Attacks on Genomic Foundation Models

We propose the first unified adversarial attack benchmark for Genomic Foundation Models GFMs, named GenoArmory. Unlike existing GFM benchmarks, GenoArmory offers the first comprehensive evaluation framework to systematically assess the vulnerability of GFMs to adversarial attacks. Methodologicall...

IBM Concert Software Encryption Issues Vulnerabilities

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert Software suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...

kernel: zram: free secondary algorithms names

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [email protected]: kfreeNULL is legal...

CVE-2025-43005

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data...

CVE-2025-43005

CVE-2025-43005 affects SAP GUI for Windows via insecure obfuscation in GuiXT for storing credentials. This can lead to information disclosure with Low confidentiality impact. The issue is exploitable by an unauthenticated attacker and is classified with a Local attack vector and No privileges req...

ALSA-2025:7076 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 For more details...

CVE-2025-1993

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected...

CVE-2025-1993 IBM App Connect Enterprise Certified Container information disclosure

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected...