Azure Linux 3.0 Security Update: m2crypto / python-pygments (CVE-2019-11358)

The version of m2crypto / python-pygments installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-11358 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles...

Siemens SIMATIC Devices Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-50781)

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

EUVD-2020-18321

Malware in sbrugna...

EUVD-2024-0587

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2009-0127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - M2Crypto does not properly check the return value from the OpenSSL EVPVerifyFinal, DSAverify, ECDSAverify, DSAdoverify, and ECDSAdoverify functions, which might...

SUSE SLES15 : Recommended update for python3-M2Crypto (SUSE-SU-SUSE-RU-2025:0800-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:0800-1 advisory. - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, not MIT. - Remove...

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for python3-M2Crypto (SUSE-SU-SUSE-RU-2025:0796-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:0796-1 advisory. - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, n...

SUSE-RU-2025:0796-1 Recommended update for python3-M2Crypto

This update for python3-M2Crypto fixes the following issues: - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, not MIT. - Remove python-M2Crypto.keyring, because PyPI broke GPG support - Build for modern python stack on SLE/Leap - require setuptools -...

Linux Distros Unpatched Vulnerability : CVE-2020-25657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed...

CVE-2019-11358 affecting package m2crypto for versions less than 0.38.0-4

CVE-2019-11358 affecting package m2crypto for versions less than 0.38.0-4. A patched version of the package is available...

CVE-2020-25657 affecting package m2crypto 0.35.2-8

CVE-2020-25657 affecting package m2crypto 0.35.2-8. No patch is available currently...

OPENSUSE-SU-2024:12192-1 python-M2Crypto-doc-0.38.0-3.1 on GA media

These are all security issues fixed in the python-M2Crypto-doc-0.38.0-3.1 package on the GA media of openSUSE Tumbleweed...

RHEL 9 : pywbem (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - m2crypto: Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657 CVE-2023-5078...

ROS-20240521-06

A vulnerability in the RSA Key Exchange Handler component of the encryption and SSL toolkit for Python m2crypto is related to decryption of captured messages on TLS servers using RSA key exchange. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an intruder to t...

RHEL 6 : m2crypto (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - m2crypto: bleichenbacher timing attacks in the RSA decryption API CVE-2020-25657 - m2crypto: Bleichenbach...

RHEL 7 : m2crypto (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - m2crypto: bleichenbacher timing attacks in the RSA decryption API CVE-2020-25657 - m2crypto: Bleichenbach...

SUSE-FU-2024:1448-1 Feature update for python-M2Crypto

This update for python-M2Crypto fixes the following issue: - Build for modern python stack - Adds python311-M2Crypto...

CVE-2020-25657 affecting package m2crypto for versions less than 0.38.0-3

CVE-2020-25657 affecting package m2crypto for versions less than 0.38.0-3. A patched version of the package is available...

Bleichenbacher Timing Attack

M2Crypto is vulnerable to Bleichenbacher Timing Attack. The vulnerability is due insecure padding schemes, resulting in the exposure of confidential or sensitive data...

dj-saml-idp (>=0.21.2 <=0.22.0), django-saml-idp (>=0.23.0 <=1.3.2) +7 more potentially affected by CVE-2023-50781 via m2crypto (>=0.22.3 <=0.40.1)

m2crypto PYPI version =0.22.3, =0.21.2, =0.23.0, =0.1.3, =1.0.0, =0.8.0.dev0, =1.0.0, =5.6.0.dev0, =7.0.0.dev12 Source cves: CVE-2023-50781 Source advisory: OSV:GHSA-944J-8CH6-RF6X...