Honeywell Saia Burgess PG5 PCD

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable on adjacent network/low attack complexity Vendor: Honeywell Equipment: Saia Burgess PG5 PCD Vulnerabilities: Authentication Bypass, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report known as “OT:ICEFALL” that...

Information Disclosure

rocketchip2.12 is vulnerable to information disclosure. The vulnerability exists due to the insecure cryptographic algorithm used in RocketCore.scala, allowing an attacker to gain sensitive information through the malicious Zk extensions...

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

Design/Logic Flaw

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access...

CVE-2022-31230

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access...

CVE-2022-31230

The CVE-2022-31230 entry concerns Dell PowerScale OneFS (versions 8.2.x–9.2.x) with a broken or risky cryptographic algorithm. The vulnerability could allow a remote unprivileged attacker to gain full system access. The issue is documented in NVD and supported by Dell EMC advisory DSA-2022-118. T...

Motorola Solutions MDLC

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MDLC Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Plaintext Storage of a Password CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found...

New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University ...

Frequency Scaling Timing Power Side-Channels

Bulletin ID: AMD-SB-1038 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of the academic research paper titled “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86”. AMD has been notified the researchers intend to submit their paper to...

CVE-2022-24296

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditionin...

CVE-2022-24296

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditionin...

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditionin...

CVE-2022-24296

The CVE-2022-24296 issue affects multiple Mitsubishi Electric air conditioning systems (G-150AD, AG-150A-A/J, GB-50AD/ADA-J, EB-50GU-A/J, AE-200J/A/E, AE-50J/A/E, EW-50J/A/E, TE-200A/TE-50A, TW-50A; versions up to specified priors). Root cause: Use of a broken or risky cryptographic algorithm (CW...

CVE-2022-24296

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditionin...

Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithm...

Security Bulletin: IBM Elastic Storage System 3000 is affected by weak crypto algorithm (CVE-2020-4349)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI that could allow an unauthorised user to execute commands . A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4349 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 throu...

GHSA-HHR2-F668-FF2W Use of a weak cryptographic algorithm in Gradle

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

Use of a weak cryptographic algorithm in Gradle

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm

The PHP JOSE Library by Gree Inc. prior to 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens...