47 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Certifi (CVE-2022-23491)
Summary Certifi is used by IBM Storage Ceph for certificates and authentication . CVE-2022-23491 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: Certifi is a curated collection of Root Certificate...
Photon OS 3.0: Python PHSA-2023-3.0-0704
An update of the python package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0704. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2022-23491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to unknown impact and attack vector due to Python certifi ( CVE-2022-23491 )
Summary Python certifi is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack...
Photon OS 5.0: Python3 PHSA-2023-5.0-0179
An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0179. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
openSUSE: Security Advisory for mozilla (SUSE-SU-2023:0130-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python (SUSE-SU-2023:0139-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for mozilla (SUSE-SU-2023:0119-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to untrusted root certificates due Python Certifi (CVE-2022-23491, CVE-2023-37920)
Summary The Python Certifi package is present during IBM Storage Fusion HCI's deployment for TLS certificate validation. Vulnerabilities in this library could lead to the use of untrusted root certificates. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with...
Oracle Database Server (October 2023 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle Spatial and Graph cURL component of Oracle Database Server. Supported versions that are affected are 19.3-19.2...
Amazon Linux AMI : ca-certificates (ALAS-2023-1795)
The version of ca-certificates installed on the remote host is prior to 2018.2.22-65.1.30. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1795 advisory. An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root...
Security Bulletin: Certifi component is vulnerable to CVE-2022-23491 used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Certifi which is vulnerable to CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vector. CVS...
Important: ca-certificates
Issue Overview: An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root certificates from TrustCor from the root store. CVE-2023-32803 Affected Packages: ca-certificates Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...
Security Bulletin: Vulnerability in certifi-2018.4.16-py2.py3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2022-23491]
Summary The certifi-2018.4.16-py2.py3 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable an unspecified vulnerability in Certifi ( CVE-2022-23491)
Summary Potential unspecified vulnerability in Certifi CVE-2022-23491has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's...
Security Bulletin: A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491)
Summary A vulnerability in Certifi package may affect the IBM Storage Scale call home feature. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vecto...
Security Bulletin:Vulnerability in certifi-2018.4.16 affects IBM Integrated Analytics System [ CVE-2022-23491]
Summary The certifi-2018.4.16 package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable vulnerabiltiy CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a...
Security Bulletin: IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-1304 DESCRIPTION: e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write...
Mageia: Security Advisory (MGASA-2023-0140)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0140 Updated python-certifi packages fix security vulnerability
Disable bundled Trustcor root cerificate signatures generated after Wednesday November 30 00:00:00 2022. CVE-2022-23491...