2861 matches found
Security update for cargo-c
This update for cargo-c fixes the following issues: CVE-2025-3416: use-after-free in Md::fetch and Cipher::fetch of rust-openssl crate bsc1242675. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Security update for rustup
This update for rustup fixes the following issues: CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
CVE-2025-2900
IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation...
IBM Semeru Runtime 安全漏洞
IBM Semeru Runtime is an open source Java runtime environment provided by IBM , based on the Eclipse Adoptium project , support for a variety of operating systems and architectures , to provide high-performance and high-reliability running platform for Java applications . A denial of service...
Lightweight Hybrid Block-Stream Cryptographic Algorithm for the Internet of Things
In this thesis, a novel lightweight hybrid encryption algorithm named SEPAR is proposed, featuring a 16-bit block length and a 128-bit initialization vector. The algorithm is designed specifically for application in Internet of Things IoT technology devices. The design concept of this algorithm i...
CVE-2025-2545
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...
A Novel Cipher for Enhancing MAVLink Security: Design, Security Analysis, and Performance Evaluation Using a Drone Testbed
We present MAVShield, a novel lightweight cipher designed to secure communications in Unmanned Aerial Vehicles UAVs using the MAVLink protocol, which by default transmits unencrypted messages between UAVs and Ground Control Stations GCS. While existing studies propose encryption for MAVLink, most...
PT-2025-29020
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.15.0-rc3+ and earlier Description: The Linux kernel contains a flaw within the sun8i-ce-cipher module related to error handling in the sun8i ce cipher prepare function. This issue manifests as two DMA cleanup problems ...
CVE-2024-42177
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...
From Cyber Threat to Data Shield: Constructing Provably Secure File Erasure with Repurposed Ransomware Cryptography
Ransomware has emerged as a persistent cybersecurity threat,leveraging robust encryption schemes that often remain unbroken even after public disclosure of source code. Motivated by the technical resilience of such mechanisms, this paper presents SEER Secure and Efficient Encryption-based Erasure...
GHSA-4FCV-W3QC-PPGG rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
RUSTSEC-2025-0022 Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
Security Bulletin: SHA-1 cipher suites detected in older versions of SPSS Statistics (CVE-2024-31896)
Summary The Statistics server supports SHA-1 cipher suites. SHA-1 was officially deprecated by NIST in 2011, but many applications still rely on it. Up until 2017, only theoretical attacks have been known against SHA-1, which is why many applications still rely on it. Recently, a practical attack...
Malicious code in codex-cipher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ce020b1fc0f9d126255429ca44d4407527446d2650c546670d79bc9c84056cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2624 Malicious code in codex-cipher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ce020b1fc0f9d126255429ca44d4407527446d2650c546670d79bc9c84056cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The Combined Cipher Machine
Interesting article--with photos!--of the US/UK "Combined Cipher Machine" from WWII...
Linux Distros Unpatched Vulnerability : CVE-2010-4180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in...
OESA-2025-1191 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...