Lucene search
+L

137 matches found

OpenVAS
OpenVAS
added 2025/05/19 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2025-1458)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.01118EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 12:0 a.m.6 views

ALSA-2025:7118 Important: osbuild and osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS8.2AI score0.01533EPSS
Exploits0References8
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.6 views

python3.11-cryptography security update

An update is available for python3.11-cryptography. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-cryptography packages contain a Python Cryptograph...

7.5CVSS6.4AI score0.00985EPSS
Exploits1
OSV
OSV
added 2025/05/02 1:15 a.m.3 views

CVE-2024-55912

IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

5.9CVSS8.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/12 11:41 p.m.10 views

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

4.3AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2025/04/12 11:41 p.m.14 views

CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

4CVSS5.9AI score0.00189EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2025/04/12 12:0 a.m.8 views

p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...

4CVSS7.3AI score0.00189EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.16 views

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2024-9143)

Use of the low-level GF2m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the...

4.3CVSS7.2AI score0.05966EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/02/11 6:6 p.m.3 views

a62-emotion (>=0.9.2 <=0.11.4), aba-cli-scrapper (>=0.1.0 <=0.7.6) +1827 more potentially affected by CVE-2024-12797 via cryptography (>=42.0.0 <=44.0.0)

cryptography PYPI version =42.0.0, =0.9.2, =0.1.0, =2.3.57, =0.1.0, =0.4.0, =0.1.0, =1.1.1, =0.2.0, =0.1.0, =0.1.0, =1.7.0, =1.7.2 and more Source cves: CVE-2024-12797 Source advisory: OSV:GHSA-79V4-65XG-PQ4G...

6.3CVSS6.9AI score0.02439EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.14 views

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-2819)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

7.5CVSS6.3AI score0.01118EPSS
Exploits0References2
OSV
OSV
added 2024/10/02 5:0 a.m.6 views

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

4.5CVSS4.7AI score0.0014EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 8:53 p.m.28 views

Security Bulletin: Vulnerability in Cryptography package affects watsonx.data

Summary The Cryptography package is vulnerable to a denial of service, caused by a NULL pointer dereference in the pkcs12.serializekeyandcertificates process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26130 DESCRIPTION: cryptography is vulnerable to a denial of service,...

7.5CVSS7.4AI score0.00831EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/08/22 4:15 p.m.3 views

UBUNTU-CVE-2024-45191

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...

5.3CVSS5.8AI score0.00454EPSS
Exploits1References6
CNVD
CNVD
added 2024/07/10 12:0 a.m.8 views

Siemens SIPROTEC 5 devices weak encryption vulnerability

SIPROTEC 5 devices offer a range of integrated protection, control, measurement and automation functions for substations and other applications. A weak cryptography vulnerability exists in Siemens SIPROTEC 5 devices due to affected devices supporting weak cryptography on multiple ports 443/tcp fo...

8.2CVSS6.6AI score0.00205EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.28 views

CBL Mariner 2.0 Security Update: python-cryptography (CVE-2023-49083)

The version of python-cryptography installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49083 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python...

7.5CVSS6.3AI score0.00985EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.3 views

python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

A flaw was discovered in python-cryptography. A NULL pointer dereference can be triggered when a PKCS12 key and certificate do not match. Specifically, if the pkcs12.serializekeyandcertificates function is called with a non-matching certificate and private key and an encryption algorithm with...

7.5CVSS7.1AI score0.00831EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/29 6:30 a.m.36 views

Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782

Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic...

7.5CVSS7.3AI score0.01118EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 7:33 a.m.34 views

Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-49083

Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-49083.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a...

7.8CVSS7.4AI score0.05533EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2024/02/21 6:4 p.m.5 views

a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2298 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)

cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.3.2, =0.0.1, =0.1.1, =0.1.15 and more Source cves: CVE-2024-26130 Source advisory: OSV:GHSA-6VQW-3V5J-54X4...

7.5CVSS6.8AI score0.00831EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/21 5:15 p.m.6 views

a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2298 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)

cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.3.2, =0.0.1, =0.1.1, =0.1.15 and more Source cves: CVE-2024-26130 Source advisory: OSV:PYSEC-2024-225...

7.5CVSS6.8AI score0.00831EPSS
Exploits0
Rows per page
Query Builder