EUVD-2024-51115

Malicious code in bioql PyPI...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 42.0.5 of cryptography package is vulnerable to CVE-2024-12797. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public...

Tenable Identity Exposure < 3.77.11 Multiple Vulnerabilities (TNS-2025-07)

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.11. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2025-07, including the following: - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may...

K000151201: OpenSSL vulnerability CVE-2024-12797

Security Advisory Description Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS...

Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797)

Summary There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server...

Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.

Summary IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-12797)

Summary IBM Security SOAR uses an older version of the Python cryptography/openssl library which has a known vulnerability. An update has been released which address this issue. It is recommended upgrading to Version 51.0.5.1 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-127...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-12797)

The version of cloud-hypervisor-cvm / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12797 advisory. - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server M...

OpenSSL RPKs Vulnerability (20250211) - Windows

OpenSSL is prone to a vulnerability in the RFC7250 Raw Public Keys RPKs handshake. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL RPKs Vulnerability (20250211) - Linux

OpenSSL is prone to a vulnerability in the RFC7250 Raw Public Keys RPKs handshake. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

CVE-2024-12797

CVE-2024-12797 concerns OpenSSL’s RFC7250 Raw Public Keys (RPKs) handling. The issue occurs in TLS/DTLS when a client enables server-side RPKs and the server selects an RPK instead of an X.509 chain, plus the client’s SSL_VERIFY_PEER mode; in such cases the handshake may not abort as expected, le...

CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

TANDBERG Video Communication Server 4.2.1/4.3.0 Multiple Remote Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39389/info TANDBERG Video Communication Server is prone to multiple remote vulnerabilities, including: 1. A file-disclosure vulnerability. 2. A security vulnerability that may allow attackers to conduct server impersonati...