RLSA-2024:2337 Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-28102 DESCRIPTION: JWCrypto is vulnerable to a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Python Cryptographic Authority [CVE-2023-50782]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Python Cryptographic Authority cryptography, caused by a flaw when decrypting captured messages in TLS servers that use RSA key exchanges CVE-2023-50782. Python Cryptographic...

Security Bulletin: Vulnerability in cryptography affects IBM Process Mining CVE-2023-50782

Summary There is a vulnerability in cryptography that could allow an attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50782...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to weakened security in Python Cryptographic Authority [CVE-2023-38325]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to weakened security in Python Cryptographic Authority, caused by an encoding mismatch regarding critical options with OpenSSH CVE-2023-38325. Python Cryptographic Authority is used for cryptography in our our...

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Process Mining . CVE-2023-38325

Summary There is a vulnerability in Python Cryptographic Authority cryptography that could allow a remote authenticated attacker to launch attacks on the system . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerabili...

Security Bulletin: Storage Virtualize ansible collection is affected by a vulnerability in the Python Cryptographic Authority package [CVE-2023-38325]

Summary The Python Cryptographic Authority package is used by paramiko, a third party library, which is used by Ansible collection for Storage Virtualize for authentication to target systems. This library is vulnerable to CVE-2023-38325. Vulnerability Details CVEID:CVE-2023-38325 DESCRIPTION:...

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Python Cryptographic Authority package [CVE-2023-38325]

Summary The Python Cryptographic Authority package is used by the z/TPF real-time insights dashboard starter kit when connecting to a MySQL database from Python. The starter kit was updated to address the vulnerability described by CVE-2023-38325. Vulnerability Details CVEID:CVE-2023-38325...

Security Bulletin: Python Cryptographic Authority cryptography is vulnerable to IBM X-Force ID: 239927 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Python Cryptographic Authority cryptography which is vulnerable to IBM X-Force ID: 239927. IBM has addressed the vulnerability. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is vulnerable to a buffer...

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore may be affected by a Python Cryptographic Authority cryptography buffer overflow vulnerability has been addressed. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is...

RHEL 8 : python-cryptography (RHSA-2021:1608)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1608 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic...

Python Cryptographic Authority: Reflected Xss bypass Content-Type: text/plain

Hello Team: -------------- 1 - vulnerable subdomain : ci.cryptography.io 2 - after i tested this subdomain i found many payloads injected by me reflected but not executed 3 - so that i taked alook at the response and i found Content-Type: text/plain 4 - so i searched about bypass Content-Type:...

CVE-2018-1000807

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...

CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

PYSEC-2018-24

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

PYSEC-2018-23

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...

Memory corruption

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

CVE-2018-1000807

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...