35 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-55960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...
Oracle Business Intelligence Enterprise Edition (OAS 7.6) (October 2025 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 7.6.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics...
Oracle Business Intelligence Enterprise Edition (OAS 8.2) (October 2025 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 8.2.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics...
EUVD-2024-51115
Malicious code in bioql PyPI...
Security Bulletin: OpenSSL 3.2 RPK Verification Bypass May Allow MITM Attacks in TLS/DTLS Connections, which affects IBM watsonx.data
Summary Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl
Summary IBM Watson Discovery Cartridge contains a vulnerable version of cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the serv...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a man-in-the-middle vulnerability in RFC7250 Raw Public Keys [CVE-2024-12797]
Summary IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a man-in-the-middle vulnerability in RFC7250 Raw Public Keys RPKs, due to server authentication failure which is susceptible to man-in-the-middle attack CVE-2024-12797. RFC7250 Raw Public Keys are used in our Speech service...
Security Bulletin: IBM Maximo Application Suite uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.
Summary IBM Maximo Application Suite uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using...
K000151201: OpenSSL vulnerability CVE-2024-12797
Security Advisory Description Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-12797
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux228x8664.whl CVE-2024-12797. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...
Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797)
Summary There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server...
Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.
Summary IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using...
Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to authenticate a server may fail to notice that the server was not authenticated.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Clients that enable server-side raw public keys can still find out that raw public key verification. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.10 LTS and 12.10.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-12797)
The version of cloud-hypervisor-cvm / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12797 advisory. - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server M...
SUSE CVE-2024-12797
Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...
OpenSSL RPKs Vulnerability (20250211) - Windows
OpenSSL is prone to a vulnerability in the RFC7250 Raw Public Keys RPKs handshake. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...