Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Operator package issues.. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a weak security (CVE-2024-39689)

Summary There is a weak security in Certifi python-certifi used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses certifi-2023.7.22-py3-none-any.whl which is vulnerable to this CVE-2024-39689

Summary IBM Maximo Application Suite - AI Broker Component includes certifi-2023.7.22-py3-none-any.whl which is vulnerable to this CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to unknown impact and attack vector due to Python certifi ( CVE-2022-23491 )

Summary Python certifi is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack...

Fedora: Security Advisory (FEDORA-2024-599bb2cb73)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001

Summary The following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization...

Fedora 40 : mingw-python-certifi (2024-599bb2cb73)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-599bb2cb73 advisory. Update to 2024.7.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

RHEL 9 : python-certifi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-certifi: Removal of e-Tugra root certificate CVE-2023-37920 Note that Nessus has not tested for this issue b...

RHEL 7 : python-certifi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-certifi: Removal of e-Tugra root certificate CVE-2023-37920 Note that Nessus has not tested for this issue b...

openSUSE: Security Advisory for python (SUSE-SU-2023:0139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-certifi: Removal of e-Tugra root certificate CVE-2023-37920...

ALSA-2024:0133 Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-certifi: Removal of e-Tugra root certificate CVE-2023-37920...

Critical Photon OS Security Update - PHSA-2023-3.0-0704

Updates of 'python-certifi' packages of Photon OS have been released...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to untrusted root certificates due Python Certifi (CVE-2022-23491, CVE-2023-37920)

Summary The Python Certifi package is present during IBM Storage Fusion HCI's deployment for TLS certificate validation. Vulnerabilities in this library could lead to the use of untrusted root certificates. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with...

fence-agents security update

4.10.0-55.2 - python-certifi: Removal of e-Tugra root certificate CVE-2023-37920 - python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

Moderate: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...