[SECURITY] Fedora 39 Update: openssl-3.1.4-4.fc39

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 41 Update: openssl-3.2.2-7.fc41

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

“Simply staggering” surveillance conducted by social media and streaming services, FTC finds

The US Federal Trade Commission FTC released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order t...

The vulnerability of the PowerScale OneFS operating system, related to the use of cryptographic algorithms containing defects, allows a perpetrator to disclose protected information.

The vulnerability of the PowerScale OneFS operating system is related to the use of cryptographic algorithms that contain defects. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsofts details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum...

Dell InsightIQ Encryption Problem Vulnerability (CNVD-2024-38774)

Dell InsightIQ is a performance monitoring and reporting tool from Dell USA. Dell InsightIQ suffers from a cryptographic issue vulnerability that arises from the use of corrupt or risky encryption algorithms. An unauthenticated remote access attacker could exploit the vulnerability to cause...

IBM Maximo Application Suite Encryption Issue Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An encryption issue vulnerability exists in IBM Maximo Application Suite versions 8.10, 8.11, and 9.0,...

CVE-2024-37068

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques...

CVE-2024-37068

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques...

CVE-2024-37068 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques...

CVE-2024-37068

CVE-2024-37068 affects IBM Maximo Application Suite – Manage Component (MAS) versions 8.10, 8.11, and 9.0. The root cause is the use of weaker-than-expected cryptographic algorithms, enabling potential decryption of highly sensitive information via man-in-the-middle techniques. Impact is informat...

Security Bulletin: There is a vulnerability in Manage Componenet used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-37068)

Summary There is a vulnerability in Manage Componenet used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-37068 DESCRIPTION: IBM Maximo Application Suite - Manage Component uses weaker than expected cryptographic algorithms that could allow ...

PT-2025-11274 · Ibm · Ibm Security Qradar Edr

Name of the Vulnerable Software and Affected Versions: IBM Security QRadar version 3.12 EDR Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt sensitive credential information. Recommendations: For IBM Security...

CVE-2024-37305

A flaw was found in oqs-provider, which is an OpenSSL 3 provider that contains post-quantum algorithms. The issue occurs from the way oqs-provider handles lengths decoded with DECODEUINT32 at the start of serialized hybrid traditional + post-quantum keys and signatures. As a result, malformed inp...

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Directory (CVE-2022-32753, CVE-2022-32756, CVE-2022-32754)

Summary Security Vulnerabilities discovered in Web Admin Tool provided by IBM Security Verify Directory products have been resolved. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an...

CVE-2024-39745

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-39745 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-39745 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-39745

The CVE-2024-39745 issue affects IBM Sterling Connect:Direct Web Services versions 6.0–6.3, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The root cause is the use of insufficient crypto strength in these releases. Impact, as ...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE which is affected by CVE-2024-39745. Vulnerability Details CVEID:CVE-2024-39745 DESCRIPTION: IBM Sterling Connect:Direct Web Services uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...