454 matches found
CVE-2023-49880
In the Message Entry and Repair MER facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183...
IBM Financial Transaction Manager for SWIFT Services Security Vulnerability
IBM Financial Transaction Manager for SWIFT Services is a financial transaction manager product from International Business Machines IBM. The product is primarily used for monitoring, tracking and reporting financial payments and transactions. A security vulnerability exists in IBM Financial...
Amazon Linux 2023 : python3-cryptography (ALAS2023-2023-459)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-459 advisory. cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer...
Medium: python-cryptography
Issue Overview: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects su...
Replay Attack because EIP712 DOMAIN_SEPARATOR stored as immutable
Lines of code Vulnerability details Impact Loss of fund due to replay attacks. Approvals made on one chain could be replayed when there is a fork without owner's consent. Proof of Concept The issue is in the ERC1155PermitSignatureExtension.sol which is inherited by the OceanERC1155.sol and...
USN-6539-1 python-cryptography vulnerabilities
It was discovered that the python-cryptography Cipher.updateinto function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. CVE-2023-23931 It was...
USN-6539-1: python-cryptography vulnerabilities
It was discovered that the python-cryptography Cipher.updateinto function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. CVE-2023-23931 It was...
Malicious code in immutable-seaport (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d0c3932175941cfb3e5c2e6d1807cec6b147c92543a4a46e15833d6fe6837bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8597 Malicious code in immutable-seaport (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d0c3932175941cfb3e5c2e6d1807cec6b147c92543a4a46e15833d6fe6837bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
PT-2023-12740 · Suse · Suse
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a potential limited loss of guest memory integrity due to SMM configuration not being immutable as intended when SNP is enabled...
python-cryptography security update
36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 - Fix FTBFS due to failing testloadinvalideckeyfrompem and testdecryptinvaliddecrypt...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
Moderate: Red Hat Security Advisory: python-cryptography security update
An update for python-cryptography is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : python-cryptography (RHSA-2023:6615)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6615 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and...
ALSA-2023:6615 Moderate: python-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...
CVE-2023-46232
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...
Code injection
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...
CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...