Security Bulletin: Vulnerabilities in brace-expansion, tmp, urllib3, pycryptodomex and cross-site request forgery might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in brace-expansion, tmp, urllib3, pycryptodomex, and cross-site request forgery. Vulnerabilities include launching remote attacks, arbitrary file and directory writes, obtain sensitive information, disabl...

TencentOS Server 4: python-pycryptodomex (TSSA-2024:0922)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0922 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

openSUSE Security Advisory (SUSE-SU-2024:0557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:13568-1 python310-pycryptodomex-3.19.1-2.1 on GA media

These are all security issues fixed in the python310-pycryptodomex-3.19.1-2.1 package on the GA media of openSUSE Tumbleweed...

pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex

A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack...

CentOS 8 : resource-agents (CESA-2024:2952)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2952 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response...

Oracle Linux 9 : fence-agents (ELSA-2024-2132)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2132 advisory. - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix...

pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex

A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack...

Moderate Photon OS Security Update - PHSA-2024-3.0-0754

Updates of 'python3-pycryptodomex', 'ruby' packages of Photon OS have been released...

pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex

A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack...

Moderate Photon OS Security Update - PHSA-2024-4.0-0595

Updates of 'python3-pycryptodomex', 'python3-pycryptodome' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2024-5.0-0251

Updates of 'python3-pycryptodomex', 'python3-pycryptodome' packages of Photon OS have been released...

pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex

A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack...

RHEL 9 : fence-agents (RHSA-2024:1155)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1155 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex

A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack...

SUSE SLES15 / openSUSE 15 Security Update : python-pycryptodomex (SUSE-SU-2024:0557-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0557-1 advisory. - PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

SUSE-SU-2024:0557-1 Security update for python-pycryptodomex

This update for python-pycryptodomex fixes the following issues: - CVE-2023-52323: Fixed a side-channel in the OAEP decryption, exploitable by a Manger attack bsc1218564...

Amazon Linux 2023 : python3-pycryptodomex, python3-pycryptodomex-selftest (ALAS2023-2024-494)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-494 advisory. PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Tenable has extracted the preceding description block directl...

Medium: python-pycryptodomex

Issue Overview: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Affected Packages: python-pycryptodomex Issue Correction: Run dnf update python-pycryptodomex --releasever 2023.3.20240122 or dnf update...

Medium: python-pycryptodomex

Issue Overview: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Affected Packages: python-pycryptodomex Issue Correction: Run dnf update python-pycryptodomex --releasever 2023.3.20240122 to update your...