Lucene search
K

710 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 4:10 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...

9.9CVSS6.7AI score0.00691EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 9:47 a.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise

Summary Multiple vulnerabilities were addressed in IBM DataStax Enterprise 6.9.23 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is...

9.9CVSS7.3AI score0.01339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 7:54 p.m.9 views

Security Bulletin: IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82.

Summary IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This...

9.9CVSS5.8AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 10:26 a.m.6 views

Security Bulletin: Multiple Vulnerabilities in Hyper-Converged Database 1.2

Summary Multiple vulnerabilities were addressed in Hyper-Converged Database version 1.2.6 Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the...

9.3CVSS7.7AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/20 7:57 a.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager

Summary Multiple vulnerabilities in the third-party Bouncy Castle libraries used by IBM Tivoli Netcool Configuration Manager have been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle In...

9.9CVSS5.8AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:51 a.m.5 views

Security Bulletin: IBM ApplinX is vulnerable to multiple vulnerabilities due to the use of Bouncy Castle library (CVE-2023-33202, CVE-2025-8916, CVE-2026-5588, CVE-2025-14813, CVE-2026-5598, CVE-2026-0636)

Summary IBM ApplinX is vulnerable to an Uncontrolled Resource Consumption vulnerability, an Allocation of Resources Without Limits or Throttling vulnerability, a Use of a Broken or Risky Cryptographic Algorithm, a Covert Timing Channel vulnerability and an Improper Neutralization of Special...

9.9CVSS7.1AI score0.00932EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/17 2:19 p.m.8 views

CVE-2026-40641

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering...

4.8CVSS5.9AI score0.001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50437

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager version 4.6.0.1 Description Use of a broken or risky cryptographic algorithm allows an unauthenticated attacker with remote access to potentially cause information disclosure and information tampering. Recommendations At...

4.8CVSS5.9AI score0.001EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:10 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)

Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14813, CVE-2026-5598. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...

9.9CVSS5.3AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:18 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-5588)

Summary There are vulnerabilities in bcpkix-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-5588. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion...

7.5CVSS7.1AI score0.00392EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/12 3:1 p.m.9 views

EUVD-2026-36476

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS5.2AI score0.0029EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.32 views

CVE-2026-50086 Aqara unauthenticated AES oracle

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS0.0029EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48910

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The IAM/SSO gateway at 'gw-builder.aqara.com' exposes an unauthenticated AES oracle, allowing bidirectional AES round-trips against the platform's signing key. This occurs due t...

10CVSS5.3AI score0.0029EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 12:9 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IFix 1 Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of...

9.9CVSS6.6AI score0.01127EPSS
Exploits1Affected Software1
Rockylinux
Rockylinux
added 2026/05/29 4:3 p.m.11 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux,...

8.1CVSS6AI score0.00419EPSS
Exploits0
OSV
OSV
added 2026/05/28 3:43 p.m.8 views

RLSA-2026:19219 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

7.5CVSS6.1AI score0.00419EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43767

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dpaa2 caam probe function within the crypto CAAM module. The issue arises because cleanup logic was missing in the dpaa2 dpseci free function for error paths...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References14
NVD
NVD
added 2026/05/22 3:16 p.m.14 views

CVE-2025-46371

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

5.5CVSS0.00067EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 1:43 p.m.6 views

CVE-2025-46371

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

3.6CVSS5.8AI score0.00067EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 1:43 p.m.24 views

CVE-2025-46371

Dell PowerFlex Manager, versions

5.5CVSS5.8AI score0.00067EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder