41 matches found
openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)
No description is available for this CVE...
openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)
No description is available for this CVE...
IBM Concert has a weak cryptographic algorithm vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A weak cryptographic algorithm vulnerability exists in IBM Concert versions 1.0.0 through 2.1.0, which could be exploited by an attacker to decrypt...
Siemens S7-1500 Use of Uninitialized Variable (CVE-2025-39931)
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37808)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37808 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...
PT-2025-43618
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the crypto/af alg subsystem. A change introduced by commit 1b34cbbf4f01 altered data types from bool to 1-bit bitfields of type u32. This...
CVE-2025-43909
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Ris...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-33102 DESCRIPTION: IBM Concert Software uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CWE:CWE-327:...
UBUNTU-CVE-2022-48781
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - get rid of algmemoryallocated algmemoryallocated does not seem to be really used. algproto does have a .memoryallocated field, but no corresponding .sysctlmem. This means skhasaccount returns true, but all...
Upgraded Q -> 2 from #279 [1683710498041]
Judge has assessed an item in Issue 279 as 2 risk. The relevant finding follows: L-06 EllipticCurve.validateSignature has wrong and needless code blocks if P2 == 0 return false; uint256 Px = inverseModP2, p; Px = mulmodP0, mulmodPx, Px, p, p; Px = p0 inverseP2^2 is not correct here. Fortunately, ...
Design/Logic Flaw
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...
Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by weak crypto algorithm (CVE-2020-4379)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4379 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorith...
CVE-2022-22559
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure...
CVE-2021-33018
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information...
IBM Security Identity Governance and Intelligence 加密问题漏洞
IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. A weak cryptographic algorithm vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. An attacker could exploit this vulnerability to decrypt highly...
Security Bulletin: IBM Elastic Storage Server GUI is affected by weak crypto algorithm (CVE-2020-4379)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storager Server GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4379 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms...
Moxa EDS-G516E and EDS-510E series weak cryptographic algorithm vulnerability
Moxa EDS-G516E and EDS-510E series are both Ethernet switches manufactured by Moxa. A weak cryptographic algorithm vulnerability exists in the Moxa EDS-G516E and EDS-510E series, which can be exploited by attackers to obtain sensitive information...
CVE-2015-8970
crypto/algifskcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AFALG socket before an accept system call is processed, which allows local users to cause a denial of service NULL pointer dereference and system crash via a crafted applicatio...