RUSTSEC-2024-0430 Use of insecure cryptographic algorithms

This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...

[SECURITY] Fedora 41 Update: ColPack-1.0.10-25.fc41

ColPack is a package comprising of implementation of algorithms for specialized vertex coloring problems that arise in sparse derivative computation. It is written in an object-oriented fashion heavily using the Standard Template Library STL. It is designed to be simple, modular, extendable and...

[SECURITY] Fedora 40 Update: ColPack-1.0.10-25.fc40

ColPack is a package comprising of implementation of algorithms for specialized vertex coloring problems that arise in sparse derivative computation. It is written in an object-oriented fashion heavily using the Standard Template Library STL. It is designed to be simple, modular, extendable and...

CVE-2021-39081

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2021-39081 IBM Cognos Analytics Mobile information disclosure

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2021-39081 IBM Cognos Analytics Mobile information disclosure

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

The vulnerability of the software for data protection in Dell RecoverPoint for virtual machines stems from the use of cryptographic algorithms that have defects. This allows a hacker to execute arbitrary code.

The vulnerability of the Dell RecoverPoint data protection software for virtual machines relates to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

New Advances in the Understanding of Prime Numbers

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters...

kernel: xfrm: fix one more kernel-infoleak in algo dumping

A vulnerability was found in the xfrm module in the Linux Kernel. This issue was discovered during fuzz testing, where uninitialized memory containing potentially sensitive data was inadvertently copied to user-space. This issue occurs when dumping IPsec algorithm data structures, exposing random...

CVE-2024-54137

Removed by vendor...

Protecting Against Bot-Enabled API Abuse

APIs have become the backbone of modern digital ecosystems, powering everything from mobile apps to e-commerce platforms. However, as APIs grow in importance, they also become prime targets for malicious actors. Increasingly, bots are being weaponized to exploit vulnerabilities, overwhelm systems...

CVE-2024-41775

CVE-2024-41775 affects IBM Cognos Controller 11.0.0–11.0.1. The issue is described as using weaker than expected cryptographic algorithms, enabling an attacker to decrypt highly sensitive information. The IBM security bulletin recommends upgrading to IBM Cognos Controller 11.0.1 FP3 (and notes av...

CVE-2024-41775 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41775 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Moderate: Red Hat Security Advisory: libgcrypt security update

An update for libgcrypt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2024:9404 Moderate: libgcrypt security update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

zram: free secondary algorithms names

...

SUSE CVE-2024-50110

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...

CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

CVE-2024-7010 Timing Attack in mudler/localai

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...