The vulnerability of the microprogramming software of the asynchronous server Moxa NPort 5600 is related to the use of cryptographic algorithms that contain vulnerabilities, allowing attackers to gain unauthorized access to the device.

The vulnerability of the microprogramming software of the asynchronous server Moxa NPort 5600 is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device...

Oracle Linux 9 : openssl (ELSA-2023-12768)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12768 advisory. 3.0.7-16.0.1 - Replace upstream references Orabug: 34340177 Tenable has extracted the preceding description block directly from the Oracle Linux...

Design/Logic Flaw

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

CVE-2023-38730 IBM Spectrum Copy Data Management information disclosure

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

CVE-2023-38730

IBM Spectrum Copy Data Management (SCDM) versions 2.2.0.0–2.2.19.0 use weaker cryptographic algorithms, enabling potential disclosure of highly sensitive data. The root cause is the use of insufficiently strong cryptography (e.g., weak DH moduli discussed in the IBM bulletin), affecting confident...

CVE-2023-38730 IBM Spectrum Copy Data Management information disclosure

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...

Security Bulletin: IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms

Summary IBM SCDM allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time depending on modulus size and attacker resources. This may allow an attacker to...

Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an...

HCL DRYiCE iAutomate Encryption Issue Vulnerability

HCL Technologies DRYiCE MyCloud is a Hybrid Cloud Lifecycle Management product from HCL Technologies, USA. A security vulnerability exists in HCL DRYiCE iAutomate that stems from the use of broken encryption algorithms...

Vulnerability fixed in AMD processors

A vulnerability has been fixed in the microcode of AMD processors. The vulnerability has been named "Inception" and enables a local, authenticated malicious person to manipulate the operation of the Predictive Algorithms, which could circumvent measures in place to prevent unauthorized instructio...

TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio TETRA standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed...

CVE-2021-38933

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574...

CVE-2021-38933

CVE-2021-38933 affects IBM Sterling Connect:Express for UNIX 1.5.x. The IBM security bulletin notes use of weaker cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Remediation: upgrade to Connect:Express for UNIX 1.5.0.1609 or newer. Current exploit details...

CVE-2023-3108

CVE-2023-3108 affects the Linux kernel, specifically the get_user_pages_fast path in the skcipher_recvmsg interface for symmetric-key ciphers (crypto/algif_skcipher.c). The flaw allows a local user to crash the system. Public details in the provided documents confirm the vulnerable component and ...

CVE-2023-3108 Kernel: a race condition in crypto module in the function skcipher_recvmsg

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

Security Bulletin: IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary IBM Sterling Connect:Express uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID:CVE-2021-38933 DESCRIPTION: IBM Sterling Connect:Direct uses weaker than expected cryptographic algorithms that...

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency CISA said. "An attacker can often exploit these vulnerabilities to tak...

Security Bulletin: IBM QRadar SIEM is vulnerable to using broken or risky cryptographic algorithms (CVE-2023-26276)

Summary IBM QRadar SIEM is vulnerable to using broken or risky cryptographic algorithms. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2023-26276 DESCRIPTION: IBM QRadar uses weaker than expected cryptographic algorithms that could allow an attacker t...

CBL Mariner 2.0 Security Update: edk2 / hvloader / openssl / rust (CVE-2023-2650)

The version of edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2650 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data...