Exploit for Out-of-bounds Read in Openssl

--- Cybersecurity Labs Portfolio This repository contain...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from compiler optimizations and time-side channels introduced by CPU architectural limitations...

EUVD-2017-6233

Malware in sbrugna...

EUVD-2017-4610

Malware in sbrugna...

EUVD-2014-5301

Malware in sbrugna...

EUVD-2025-20782

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-40530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerou...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic module Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by a flaw with BER-encoded signatures are allowed. By...

Security Bulletin: A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information (CVE-2020-15522).

Summary A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information. IBM Robotic Process Automation uses Bouncy Castle for encrytion. This bulletin identifies the security fixes to apply to address the vulnerability...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to exposing sensitive information due to Masterminds GoUtils ( CVE-2021-4238 )

Summary Masterminds GoUtils is used by IBM Cloud Pak for Data as part of the platform. CVE-2021-4238. Vulnerability Details CVEID:CVE-2021-4238 DESCRIPTION: Masterminds GoUtils could allow a remote attacker to obtain sensitive information, caused by an issue with randomly-generated alphanumeric...

Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782

Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic...

Security Bulletin: This Power System update is being released to address CVE-2021-3505

Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...

Security Bulletin: Information Disclosure vulnerability affect IBM Business Automation Workflow - CVE-2023-31582

Summary IBM Business Automation Workflow packages is vulnerable version of jose4j. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to obtain sensitive information, caused by allowing of a low iteration count of 1000 or less. By utilize cryptographic...

Security Bulletin: IBM InfoSphere Information Server is affected but not vulnerable to a vulnerability in jose.4j

Summary An information disclosure vulnerability in jose.4j used by InfoSphere Information Server was addressed. Vulnerability Details IBM X-Force ID: 254437 DESCRIPTION: jose.4.j could allow a remote attacker to obtain sensitive information, caused by a chosen ciphertext attack in RSA15. By utili...

Security Bulletin: This Power System update is being released to address CVE 2021-45486

Summary A security problem was fixed for the Virtualization Management Interface VMI for vulnerability CVE-2021-45486 that could allow a remote attacker to reveal sensitive information Vulnerability Details CVEID:CVE-2021-45486 DESCRIPTION: Linux Kernel could allow a local attacker to obtain...

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2021-45485 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive...

CVE-2021-38925

IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171...

Security Bulletin: A vulnerability in Bouncy Castle affect IBM Watson Machine Learning Accelerator

Summary A vulnerability exists in the Bouncy Castle version used by IBM Watson Machine Learning Accelerator. Bouncy Castle upgrade to version 1.69 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2020-15522 DESCRIPTION: Bouncy Castle BC Java,...

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in BaseMailer.php at line 346. 🕵️‍♂️ Proof of Concept ?php echo...

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in CaptchaAction.php at line 217. 🕵️‍♂️ Proof of Concept ?php...