5397 matches found
ROOT-APP-PYPI-CVE-2026-34073 CVE-2026-34073 in rootio-cryptography - Patched by Root
Root has patched CVE-2026-34073 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-39892 CVE-2026-39892 in rootio-cryptography - Patched by Root
Root has patched CVE-2026-39892 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-0286 CVE-2023-0286 in rootio-cryptography - Patched by Root
Root has patched CVE-2023-0286 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-49083 CVE-2023-49083 in rootio-cryptography - Patched by Root
Root has patched CVE-2023-49083 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...
DEBIAN-CVE-2026-50721
Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
Accelerating the quantum-safe timeline
The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892
Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...
gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal
A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Bouncy Castle (CVE-2026-0636,CVE-2026-5598,CVE-2026-5588&CVE-2026-3505)
Summary IBM App Connect Enterprise Toolkit and Runtime are vulnerable to multiple vulnerabilities due to Bouncy Castle. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy...
SUSE SLED15: libopenssl-3-devel / libopenssl-3-fips-provider / etc (SUSE-SU-2026:2648-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2648-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1...
EulerOS 2.0 SP15 : python-cryptography (EulerOS-SA-2026-2500)
According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the...
EulerOS 2.0 SP15 : kernel (EulerOS-SA-2026-2485)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 bpf: Fix undefined behavior in interpreter sdiv/smod for INTMINCVE-2026-31525...
EulerOS 2.0 SP15 : python-cryptography (EulerOS-SA-2026-2459)
According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the...
Security Bulletin: Vulnerabilities in cryptography, pyOpenSSL & golang affect IBM Storage Protect Plus
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in pyOpenSSL & cryptography. IBM Storage Protect Plus Guest Applications is affected by vulnerabilities in golang Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a...
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...
Oracle Linux 9 : fence-agents (ELSA-2026-19355)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19355 advisory. - bundled PyJWT: upgrade to v2.13.0 to fix CVE-2026-48526 Resolves: RHEL-182313 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157202 - bundled...
CVE-2026-7511
PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...
CVE-2026-6329
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...