OESA-2024-1213 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the...

CentOS 8 : python3 (CESA-2023:5997)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

CentOS 8 : python3.11 (CESA-2023:5463)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5463 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

EulerOS 2.0 SP5 : python (EulerOS-SA-2024-1160)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 - An XML External Entity XXE issue was discovered in Pyth...

RHEL 8 : python27:2.7 (RHSA-2023:5993)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5993 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

K000138264: SSH vulnerability CVE-2023-48795

Security Advisory Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2023-3227)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects...

EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2023-3481)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It...

Siemens SCALANCE OpenSSL Out-of-bounds Read (CVE-2022-4203)

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Impact of Terrapin SSH Attack

The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products through machine-in-the-middle or MitM attacks to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user...

OESA-2023-1942 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, a...

CentOS 7 : python3 (RHSA-2023:6823)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6823 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-3509)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD -- Prefix Truncation Attack in the SSH protocol

Problem Description: The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers...

OESA-2023-1912 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, a...

VulnCheck KEV: CVE-2021-33044

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication...

Updated java openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Segmentation fault in ciMethodBlocks. CVE-2022-40433 Certificate path validation issue during client authentication. CVE-2023-22081 IOR deserialization issue in CORBA. CVE-2023-22067...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerabilities (USN-6513-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6513-1 advisory. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a...

OpenJDK: certificate path validation issue during client authentication (8309966)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...