Rogue Session

asyncssh is vulnerable to a Rogue Session. The vulnerability is caused by a state machine flaw in the the AsyncSSH server while authenticating a client in which results in the client being forced to to log into the attacker's account without the client being able to detect this. An attacker can...

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

RHEL 7 : python3 (RHSA-2023:6823)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6823 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

OpenJDK: certificate path validation issue during client authentication (8309966)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

[SECURITY] Fedora 39 Update: fizz-2023.10.16.00-1.fc39

Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 both wire-compatible with the final specification, and 23. All major handshake modes are supported, includ ing PSK resumption, early data, client authentication, and HelloRetryRequest...

java-17-openjdk security and bug fix update

1:17.0.9.0.9-2.0.1 - Update to jdk-17.0.9+9 GA - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client authentication JDK-8309966 CVE-2023-22081 - OpenJDK: Additional zip64...

java-17-openjdk security and bug fix update

1:17.0.9.0.9-2.0.1 - Update to jdk-17.0.9+9 GA - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client authentication JDK-8309966 CVE-2023-22081 - OpenJDK: Additional zip64...

RHEL 8 : python27:2.7 (RHSA-2023:5992)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5992 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

java-11-openjdk security and bug fix update

1:11.0.21.0.9-2.0.1 - Update to jdk-11.0.21+9 GA - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 - OpenJDK: Additional zip64 files validation 8313765 RHBZ2237170 - OpenJDK: Print an exception when encountering nu...

AlmaLinux 8 : python27:2.7 (ALSA-2023:5994)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5994 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus h...

java-11-openjdk security and bug fix update

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-11-openjdk packages provide the OpenJDK 11 Java Runtime...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

[SECURITY] Fedora 38 Update: fizz-2023.10.16.00-1.fc38

Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 both wire-compatible with the final specification, and 23. All major handshake modes are supported, includ ing PSK resumption, early data, client authentication, and HelloRetryRequest...

[SECURITY] Fedora 37 Update: fizz-2023.10.16.00-1.fc37

Fizz is a TLS 1.3 implementation. Fizz currently supports TLS 1.3 drafts 28, 26 both wire-compatible with the final specification, and 23. All major handshake modes are supported, includ ing PSK resumption, early data, client authentication, and HelloRetryRequest...

Oracle Linux 8 : python27:2.7 (ELSA-2023-5994)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5994 advisory. babel Cython numpy pytest python2 2.7.18-13.0.1.2 - Security fix for CVE-2023-40217 python2-pip python2-rpm-macros python2-setuptools python2-six python-attrs...

Oracle Linux 8 : python3 (ELSA-2023-5997)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5997 advisory. 3.6.8-51.0.1.2 - Security fix for CVE-2023-40217 Resolves: rhbz2235789 Tenable has extracted the preceding description block directly from the Oracle Linux...

Rocky Linux 8 : python3 (RLSA-2023:5997)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTT...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...