PT-2023-23229 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.6.0 Description: The issue affects Apache InLong, allowing attackers to change the immutable name and type of nodes. This can be exploited by attackers, but there is no information provided about the...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-1827)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-1809)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

attackers can change the immutable name and type of cluster

Proof of Concept 1 admin creates a cluster 2 admin adds user1 as one owner 3 attack login as user1 4 user1 edit the the cluster 5 user1 finds that the name and type can not be changed. 6 user1 still edits the cluster and using the burpsuit to hijack the request 7 the request content can be like...

FreeBSD : py-cryptography -- allows programmers to misuse an API (a32ef450-9781-414b-a944-39f2f61677f2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a32ef450-9781-414b-a944-39f2f61677f2 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developer...

SUSE SLES12 Security Update : python-cffi (SUSE-SU-2023:0837-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0837-1 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

Fedora 38 : python-cryptography (2023-749dd47c79)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-749dd47c79 advisory. Security fix for CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

Fedora 36 : python-cryptography (2023-672f668f51)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-672f668f51 advisory. Security fix for CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

MGASA-2023-0071 Updated python-cryptography packages fix security vulnerability

Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as 'bytes' to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an...

OESA-2023-1113 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which...

OESA-2023-1088 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which...

OESA-2023-1090 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which...

OESA-2023-1085 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which...

SUSE CVE-2015-4516

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 aka ES5 API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs...

SUSE CVE-2020-26268

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

SUSE CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

SUSE CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

Memory Corruption

cryptography is vulnerable to Memory Corruption. The vulnerability exists due to the updateinto function in ciphers.py, because it accepts objects which implement the buffer protocol, but provide only immutable buffers which would allow immutable objects to be mutated, resulting in corrupted...

AZL-35127 CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

AZL-13353 CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...