Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. An attacker can recover all...

CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

Decryption Thorough Polynomial Ambiguity: Noise-Enhanced High-Memory Convolutional Codes for Post-Quantum Cryptography

We present a novel approach to post-quantum cryptography that employs directed-graph decryption of noise-enhanced high-memory convolutional codes. The proposed construction generates random-like generator matrices that effectively conceal algebraic structure and resist known structural attacks...

gokey 安全漏洞

gokey is a Go language library open-sourced by Cloudflare. A security vulnerability exists in gokey versions prior to 0.2.0, which stems from a flaw in the seed decryption logic that could lead to password entropy reduction and password recovery attacks...

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28025)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28025 advisory. - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38712788 CVE-2025-40019 Tenable has extracted the precedi...

Unbreakable Enterprise kernel security update

5.15.0-314.193.5.5 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705933 CVE-2025-40019...

Unbreakable Enterprise kernel security update

5.4.17-2136.349.3.2 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705546 CVE-2025-40019...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28024)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28024 advisory. 5.15.0-314.193.5.5 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705933 CVE-2025-40019 Tenable has extracted th...

Security Bulletin: Vulnerability in NX-OS Firmware and DCNM Software used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code and NDFC code levels listed below. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing...

Security update for libcryptopp

This update for libcryptopp fixes the following issues: CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS1v1.5 padding. bsc1218217 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:4310-1 Security update for libcryptopp

This update for libcryptopp fixes the following issues: - CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS1v1.5 padding. bsc1218217...

OPENSUSE-SU-2025:20116-1 Security update for rnp

This update for rnp fixes the following issues: - update to 0.18.1: CVE-2025-13470: PKESK public-key encrypted session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only boo1253957, CVE-2025-13402...

IBM Concert Encryption Issues Vulnerabilities

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...

CVE-2025-36150

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13470

A flaw was found in RNP. This vulnerability allows for the trivial decryption of data encrypted using public-key encryption, fully compromising confidentiality, via an uninitialized symmetric session key in Public-Key Encrypted Session Key PKESK packets, which results in an all-zero byte array...

CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Inside Track 加密问题漏洞

Inside Track is a horse racing betting engine by the individual developer Lumina Mescuwa. Inside Track suffers from an encryption issue vulnerability that stems from the VDF encryption system not enforcing a sequential delay, which could lead to immediate decryption...

CVE-2025-36150

IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IACR Nullifies Election Because of Lost Decryption Key

The International Association of Cryptologic Research--the academic cryptography association that's been putting conferences like Crypto back when "crypto" meant "cryptography" and Eurocrypt since the 1980s--had to nullify an online election when trustee Moti Yung lost his decryption key. For thi...

IBM Concert 加密问题漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...