libgcrypt bug fix and enhancement update

An update is available for libgcrypt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libgcrypt library provides general-purpose implementations of various...

[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

PT-2022-5293 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue is related to insufficient protection of service data, which could allow a remote attacker to gain unauthorized access to sensitive information. It is also noted that the...

SUSE-SU-2022:3767-1 Recommended update for bind

This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cac...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

gnutls security update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

ALSA-2022:7105 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 For more details about the security issues, including the...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 For more details about the security issues, including the...

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The Office 365 Message Encryption messages are encrypted in insecure Electronic Codebook ECB mode of...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

Democritus Project d8s-algorithms Code Execution Vulnerability

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-algorithms version 0.1.0, which stems from the presence of a potential code execution package democritus-dicts...

CVE-2022-42040

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

PYSEC-2022-43019

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

PYSEC-2022-43038

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

d8s-python (>=0.2.0 <=0.9.0) potentially affected by CVE-2022-42040 via d8s-algorithms (>=0.3.0 <=0.7.0)

d8s-algorithms PYPI version =0.3.0, =0.2.0, =0.9.0 Source cves: CVE-2022-42040 Source advisory: OSV:PYSEC-2022-43019...

PYSEC-2022-43019

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...

CVE-2022-42040

The CVE-2022-42040 entry concerns the Python package d8s-algorithms (PyPI) with version 0.1.0 affected by a backdoor injected by a third party (democritus-dicts), enabling potential remote code execution. Connected sources consistently describe the issue as a backdoor compromising the package dis...

PT-2022-26216 · Pypi · D8S-Algorithms +1

Name of the Vulnerable Software and Affected Versions: d8s-algorithms version 0.1.0 Description: The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. Recommendations: Fo...