Astra Linux - уязвимость в ca-certificates

Certifi is a curated collection of Root Certificates designed to validate the reliability of SSL certificates and verify the identity of TLS hosts. On December 7, 2022, Certifi removed Root Certificates from “TrustCor” from the root store. These certificates are currently being removed from...

EUVD-2022-0037

Malicious code in bioql PyPI...

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Certifi (CVE-2022-23491)

Summary Certifi is used by IBM Storage Ceph for certificates and authentication . CVE-2022-23491 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: Certifi is a curated collection of Root Certificate...

python-certifi: untrusted root certificates

A flaw was found in python-certifi. Untrusted certificates from TrustCor have been found in the root certificates store...

Linux Distros Unpatched Vulnerability : CVE-2022-23491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi...

SUSE-SU-2025:20022-1 Security update for ca-certificates-mozilla

This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs bsc1227525 - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs bsc1220356 Added: - CommScope Public Trust ECC Root-0...

CLSA-2024-1730915716 Update of nss

update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "OISTE WISeKey Global Root GC CA" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed certificates: - Certificate "Security Communication Root CA" - Certificate "Camerfirma Chambers of...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to unknown impact and attack vector due to Python certifi ( CVE-2022-23491 )

Summary Python certifi is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack...

openSUSE: Security Advisory for python (SUSE-SU-2023:0139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Update of ca-certificates

update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial ...

Amazon Linux 2 : ca-certificates (ALAS-2023-2203)

The version of ca-certificates installed on the remote host is prior to 2021.2.50-72. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2203 advisory. An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root...

Important: ca-certificates

Issue Overview: An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root certificates from TrustCor from the root store. CVE-2023-32803 Affected Packages: ca-certificates Issue Correction: Run yum update ca-certificates or yum update --advisor...

Important: ca-certificates

Issue Overview: An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root certificates from TrustCor from the root store. CVE-2023-32803 Affected Packages: ca-certificates Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

OESA-2023-1457 python-certifi security update

Certifi provides Mozilla carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project Security Fixes: Certifi is a curated collection of Root Certificates for...

ROS-20230619-03

A vulnerability in Certifi's specialized certificate collection is related to the presence of a TrustCor certificate in the list of root certificates, the certificate was removed because TrustCor was also in the business of in the spyware business. Exploitation of the vulnerability could allow an...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin:Vulnerability in certifi-2018.4.16 affects IBM Integrated Analytics System [ CVE-2022-23491]

Summary The certifi-2018.4.16 package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable vulnerabiltiy CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a...

Mageia: Security Advisory (MGASA-2023-0140)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0140 Updated python-certifi packages fix security vulnerability

Disable bundled Trustcor root cerificate signatures generated after Wednesday November 30 00:00:00 2022. CVE-2022-23491...