79 matches found
CVE-2020-4874
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...
IBM Concert Software Encryption Issues Vulnerabilities
IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert Software suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...
CVE-2025-1993
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected...
CVE-2024-31896
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
The vulnerability of the software products of the LLC “NPO ‘MIR’, related to the use of cryptographic algorithms containing defects, allows attackers to execute an attack using brute-force methods.
The vulnerability of the software products developed by LLC “NPO ‘MIR’ lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to execute an attack using brute-force methods...
CVE-2024-27256
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-38320
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-38320 IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
The vulnerability of the IBM DevOps Velocity lifecycle management platform (formerly known as IBM UrbanCode Velocity) relates to the use of cryptographic algorithms that contain defects, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the IBM DevOps Velocity formerly IBM UrbanCode Velocity lifecycle management platform is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to...
CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
GHSA-P2Q9-36VW-C468 olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
The vulnerability of the SCADA system “ENTEK,” related to the use of cryptographic algorithms containing defects, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system “ENTEK” is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
Security Bulletin: IBM Aspera Orchestrator affected by cryptographic and cross-site scripting vulnerabilities (CVE-2023-27283, CVE-2023-27280, CVE-2023-27281)
Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to cryptographic algoritms and cross-site scripting that could allow sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-27283 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to stored cross-site...
HPESBNW04445 rev.7 - Aruba Products Using OpenSSL, Multiple Vulnerabilities
Potential Security Impact: Remote: Denial of Service DoS, Disclosure of Information SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba AirWave Management Platform - See vulnerability summary for affected versions Aruba EdgeConnect Enterprise Software - See vulnerability summary...
CVE-2022-34361 IBM Sterling Secure Proxy information disclosure
IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...
CVE-2022-25674
Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music...
The vulnerability of Emerson DeltaV industrial control stations, related to the use of cryptographic algorithms containing vulnerabilities, allows an intruder to gain access to the system’s control interface.
The vulnerability of Emerson DeltaV industrial control stations lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker operating remotely to gain access to the system’s control interface...
Mitsubishi Electric Air Conditioning Systems
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Air Conditioning Systems Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Exposure of Sensitive Information to an Unauthorized Actor, Channel Accessible by Non-Endpoint 2...
EulerOS 2.0 SP8 : nss-softokn (EulerOS-SA-2021-1155)
According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the application...