PT-2024-4665 · Python +9 · Python +9

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.10.14 Python versions prior to 3.11.9 Python versions prior to 3.12.3 Python versions prior to 3.13.0a5 Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the...

Oracle HTTP Server (October 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is...

Oracle HTTP Server (Apr 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Apr 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: SSL Module zlib . The supported version that is affected is...

K15638: Python vulnerability CVE-2013-4238

Security Advisory Description The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL server...

SUSE CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

SUSE CVE-2013-4238

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

SUSE CVE-2013-4248

The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

Oracle HTTP Server (Jan 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jan 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Expat. The supported version tha...

GHSA-W3J6-8J34-Q43X Apache Libcloud does not verify SSL certificates for HTTPS connections

libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack. This is due to an upstream issue with python's SSL module rather than directly with libclo...

Apache Libcloud does not verify SSL certificates for HTTPS connections

libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack. This is due to an upstream issue with python's SSL module rather than directly with libclo...

Oracle HTTP Server (Apr 2022 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener Apache HTTP Server. Supported versions that a...

Mageia: Security Advisory (MGASA-2013-0250)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle HTTP Server (Oct 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL...

SUSE: Security Advisory (SUSE-SU-2014:0337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:1618-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle HTTP Server (Apr 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by a vulnerability as referenced in the April 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL Module Dell...

SUSE: Security Advisory (SUSE-SU-2015:1344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-7691 · Ericsson +2 · Erlang/Otp +2

Name of the Vulnerable Software and Affected Versions: Erlang/OTP versions prior to 23.2.2 Description: An issue was discovered in the ssl application, which accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. This could allow a remote attacker to gain...

Oracle Fusion Middleware Oracle HTTP Server (Oct 2020 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as referenced in the October 2020 CPU advisory: - A denial of service DoS vulnerability exists in the SSL Module OpenSSL. An unauthenticated, remote attacker with network access via HTTPS,...

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service, which allows a hacker to cause a service failure.

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTPS protocol...