CVE-2024-28780

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-28780 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-28780

CVE-2024-28780 affects IBM Cognos Controller (11.0.0–11.0.1 FP3) and IBM Controller (11.1.0) where weaker cryptographic algorithms could allow decryption of highly sensitive information. The IBM security bulletin identifies this under a set of vulnerabilities (tied to decrypting data) and lists r...

CVE-2024-28780 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Broadcom SANnav 安全漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom SANnav that stems from the use of outdated or risky encryption algorithms...

[SECURITY] Fedora 41 Update: openssl-3.2.4-1.fc41

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: xfrm: fixed another kernel-infoleak issue in algorithm dumping. During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30, copytoiter+0x598/0x2a30,...

CVE-2020-15084

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

CVE-2024-47360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through = 1.6.20...

CVE-2024-32125

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4...

Information Disclosure

gvisor.dev/gvisor is vulnerable to Information Disclosure. The vulnerability is due to weak hashing algorithms and small seed/secret sizes, allowing remote attackers to calculate a local IP address and per-boot identifier that could aid in tracking a device in specific situations...

Botan C++ Crypto Algorithms Library 3.7.1

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...

CVE-2024-27256 IBM MQ Operator information disclosure

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-27256 IBM MQ Operator information disclosure

IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-38320 IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-38320

Summary: CVE-2024-38320 affects IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client. Affected versions: 8.1.0.0 through 8.1.23.0. Root cause / vulnerability: Uses weaker than expected cryptographic algorithms that could allow an attac...

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on...

The vulnerability of the IBM DevOps Velocity lifecycle management platform (formerly known as IBM UrbanCode Velocity) relates to the use of cryptographic algorithms that contain defects, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the IBM DevOps Velocity formerly IBM UrbanCode Velocity lifecycle management platform is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to...