23 matches found
CVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...
EUVD-2023-0059
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in Cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-38325]
Summary The Cryptography package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-38325 Vulnerability Details CVEID:CVE-2023-38325 DESCRIPTION: The cryptography package before 41.0.2 for Python mishandles SSH certificates th...
Man-In-The-Middle (MITM)
github.com/rancher/flee is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to improper certificate validation and Fleet automatically trusting remote server SSH certificates if not listed in the knownhosts file, allowing potential spoofing by an attacker...
Fedora 40 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-11f1c85512)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-11f1c85512 advisory. - Update python-cryptography to 41.0.3, https://cryptography.io/en/latest/changelog/ - Security fix for CVE-2023-3832 SSH certificate encoding/parsi...
OESA-2023-1957 libgit2 security update
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fixes: libgit2 is a cross-platform, linkable library...
Fedora 39 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-31d5d51a2d)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-31d5d51a2d advisory. - Update python-cryptography to 41.0.3, https://cryptography.io/en/latest/changelog/ - Security fix for CVE-2023-3832 SSH certificate encoding/parsi...
Fedora 38 : python-yfinance (2023-2b0f2e4bc3)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2b0f2e4bc3 advisory. Update to 0.2.28 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
SUSE CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
Code injection
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
CVE-2023-38325
CVE-2023-38325 : The cryptography package (Python) before 41.0.2 mishandles SSH certificates with critical options. Public IBM/IBM Cloud Pak for Data System 2.0 advisories confirm this CVE applies to IBM Cloud Pak for Data System 2.0 (versions 2.0.0.0–2.0.2.1.IF2) and that a security patch is ava...
CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
python-cryptography 信任管理问题漏洞
python-cryptography is a Python code library for cryptographic applications from the Cryptographic team. A security vulnerability exists in python-cryptography versions prior to 41.0.2, which stems from incorrectly handling SSH certificates with critical options...
CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...
GitHub: Authentication bypass on gist.github.com through SSH Certificates
An authentication bypass vulnerability was found in GitHub Enterprise Server that allowed unauthorized access to modify other users' secret gists through SSH certificates. The vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15,...