137 matches found
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2025-1458)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALSA-2025:7118 Important: osbuild and osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
python3.11-cryptography security update
An update is available for python3.11-cryptography. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-cryptography packages contain a Python Cryptograph...
CVE-2024-55912
IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...
Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2024-9143)
Use of the low-level GF2m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the...
a62-emotion (>=0.9.2 <=0.11.4), aba-cli-scrapper (>=0.1.0 <=0.7.6) +1827 more potentially affected by CVE-2024-12797 via cryptography (>=42.0.0 <=44.0.0)
cryptography PYPI version =42.0.0, =0.9.2, =0.1.0, =2.3.57, =0.1.0, =0.4.0, =0.1.0, =1.1.1, =0.2.0, =0.1.0, =0.1.0, =1.7.0, =1.7.2 and more Source cves: CVE-2024-12797 Source advisory: OSV:GHSA-79V4-65XG-PQ4G...
EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-2819)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...
CVE-2024-21530
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...
Security Bulletin: Vulnerability in Cryptography package affects watsonx.data
Summary The Cryptography package is vulnerable to a denial of service, caused by a NULL pointer dereference in the pkcs12.serializekeyandcertificates process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26130 DESCRIPTION: cryptography is vulnerable to a denial of service,...
UBUNTU-CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
Siemens SIPROTEC 5 devices weak encryption vulnerability
SIPROTEC 5 devices offer a range of integrated protection, control, measurement and automation functions for substations and other applications. A weak cryptography vulnerability exists in Siemens SIPROTEC 5 devices due to affected devices supporting weak cryptography on multiple ports 443/tcp fo...
CBL Mariner 2.0 Security Update: python-cryptography (CVE-2023-49083)
The version of python-cryptography installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49083 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python...
python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
A flaw was discovered in python-cryptography. A NULL pointer dereference can be triggered when a PKCS12 key and certificate do not match. Specifically, if the pkcs12.serializekeyandcertificates function is called with a non-matching certificate and private key and an encryption algorithm with...
Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782
Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic...
Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-49083
Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-49083.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a...
a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2298 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)
cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.3.2, =0.0.1, =0.1.1, =0.1.15 and more Source cves: CVE-2024-26130 Source advisory: OSV:GHSA-6VQW-3V5J-54X4...
a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2298 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)
cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.3.2, =0.0.1, =0.1.1, =0.1.15 and more Source cves: CVE-2024-26130 Source advisory: OSV:PYSEC-2024-225...