279 matches found
Intel® IPP Software Advisory
Summary: A potential security vulnerability in some Intel® Integrated Performance Primitives Intel® IPP software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-28887 Description: Uncontrolled...
PUB-A-308436769
Cryptographic vulnerability in standard crypto primitives that allows leaking of plaintext not primitives used in TLS...
Updated netatalk packages fix security vulnerability
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...
Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...
ALSA-2024:3105 Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...
CentOS 8 : python3.11-cryptography (CESA-2024:3105)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:3105 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or...
Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...
ALSA-2024:2337 Moderate: python3.11-cryptography security update
The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...
Fedora 39 : python-cryptography (2023-51706f88e3)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-51706f88e3 advisory. Automatic update for python-cryptography-37.0.2-8.fc39. Changelog Wed Feb 22 2023 Christian Heimes - 37.0.2-8 - Fix CVE-2023-23931: Don't allow updateinto to...
Oracle Linux 7 : python-cryptography (ELSA-2024-12234)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-12234 advisory. 3.2.1-1.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143838 Tenable has extracted the preceding description block...
CVE-2024-2193
A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...
CVE-2024-2193
A new cache speculation vulnerability, known as Spectre-SRC Speculative Race Conditions, was found in hw. Spectre-SRC is similar to the Spectre v1 and allows speculative use-after-free. The difference between this issue and Spectre V1 is that this issue is based on synchronization primitives with...
GhostRace: Speculative Race Conditions
ISSUE DESCRIPTION Researchers at VU Amsterdam and IBM Research have discovered GhostRace; an analysis of the behaviour of synchronisation primitives under speculative execution. Synchronisation primitives are typically formed as an unbounded loop which waits until a resource is available to be...
[SECURITY] Fedora 40 Update: frysk-0.4-94.fc40
Frysk is an execution-analysis technology implemented using native Java and C++. It is aimed at providing developers and sysadmins with the ability to both examine and analyze running multi-host, multi-process, multi-threaded systems. Frysk allows the monitoring of running processes and threads, ...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : python-cryptography vulnerabilities (USN-6673-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6673-1 advisory. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing...
Race condition
In the Linux kernel, the following vulnerability has been resolved: hamradio: defer ax25 kfree after unregisternetdev There is a possible race condition use-after-free like below USE | FREE ax25sendmsg | ax25queuexmit | devqueuexmit | devqueuexmit | devxmitskb | schdirectxmit | ... xmitone |...
Null pointer dereference
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
CVE-2024-26130
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
[SECURITY] Fedora 39 Update: python-cryptography-41.0.7-1.fc39
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...
Oracle Linux 8 / 9 : python-cryptography (ELSA-2024-12079)
The remote Oracle Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-12079 advisory. - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36119159 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable...