SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

[SECURITY] Fedora 43 Update: php-phpseclib-2.0.52-1.fc43

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

USN-7542-1 krb5 vulnerability

It was discovered that Kerberos allowed the usage of weak cryptographic standards. An attacker could possibly use this issue to expose sensitive information. This update introduces the allowrc4 and allowdes3 configuration options, and disables the usage of RC4 and 3DES ciphers by default. Users a...

Best Practical Solutions Request Tracker 加密问题漏洞

Best Practical Solutions Request Tracker is an open source, enterprise-grade work order tracking system for customer service, IT service management and business process tracking from Best Practical Solutions. An encryption issue vulnerability exists in Best Practical Solutions Request Tracker...

SUSE CVE-2005-3671

The Internet Key Exchange version 1 IKEv1 implementation in Openswan 2 openswan-2 before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.041.5.4-1.23, allow remote attackers to cause a denial of service via 1 a crafted packet using 3DES with an invalid key length, or 2 unspecified inputs when...

Hiro: blockstack.org - is vulnerable to (CVE-2016-2183, CVE-2016-6329)

Descriptions Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is...

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...