Lucene search
K

208 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/11 12:0 a.m.29 views

Siemens SCALANCE OpenSSL Out-of-bounds Read (CVE-2022-4203)

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

4.9CVSS7.3AI score0.01481EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.29 views

CentOS 7 : python3 (RHSA-2023:6823)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6823 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

5.3CVSS7.1AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/28 12:0 a.m.39 views

RHEL 8 : python27:2.7 (RHSA-2023:5992)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5992 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

5.3CVSS7.1AI score0.0079EPSS
Exploits0References4
OSV
OSV
added 2023/10/26 4:15 a.m.29 views

CVE-2023-31421

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...

7.5CVSS7.1AI score
Exploits0References2
Cvelist
Cvelist
added 2023/10/26 3:10 a.m.32 views

CVE-2023-31421 Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...

5.9CVSS7.7AI score0.0027EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.31 views

AlmaLinux 8 : python27:2.7 (ALSA-2023:5994)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5994 advisory. python: TLS handshake bypass CVE-2023-40217 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus h...

5.3CVSS7AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.19 views

Oracle Linux 8 : python3 (ELSA-2023-5997)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5997 advisory. 3.6.8-51.0.1.2 - Security fix for CVE-2023-40217 Resolves: rhbz2235789 Tenable has extracted the preceding description block directly from the Oracle Linux...

5.3CVSS7AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.18 views

Rocky Linux 8 : python3 (RLSA-2023:5997)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5997 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTT...

5.3CVSS7.1AI score0.0079EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.14 views

CentOS 8 : python27:2.7 (CESA-2023:5994)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5994 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

5.3CVSS7.1AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.24 views

Oracle Linux 9 : python3.9 (ELSA-2023-5462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5462 advisory. 3.9.16-1.2 - Security fix for CVE-2023-40217 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

5.3CVSS7AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/14 12:0 a.m.25 views

Oracle Linux 9 : python3.11 (ELSA-2023-5456)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5456 advisory. 3.11.2-2.2 - Security fix for CVE-2023-40217 Resolves: rhbz2235789 Tenable has extracted the preceding description block directly from the Oracle Linux security...

5.3CVSS7AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.31 views

AlmaLinux 8 : python3.11 (ALSA-2023:5463)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5463 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...

5.3CVSS7.1AI score0.0079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/23 12:0 a.m.13 views

SUSE SLED12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2023:3730-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3730-1 advisory. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692. Tenable has extracted the preceding...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References4
Amazon
Amazon
added 2023/09/07 12:0 a.m.6 views

Important: python3.11

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

7.5CVSS7.9AI score0.02187EPSS
Exploits0
Prion
Prion
added 2023/08/25 1:15 a.m.86 views

Code injection

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

5CVSS6.1AI score0.0079EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/08/25 12:0 a.m.42 views

CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.17 views

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication (CVE-2019-1590)

A vulnerability in the Transport Layer Security TLS certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The...

8.1CVSS7.8AI score0.0098EPSS
Exploits0References2
Mageia
Mageia
added 2023/04/11 7:2 p.m.61 views

Updated openssl packages fix security vulnerability

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS7.7AI score0.59501EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.64 views

Security Bulletin: Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in OpenSSL may cause a denial of service when IBM Spectrum Virtualize is acting as a TLS client when connecting to LDAP servers or key servers. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

7.5CVSS7.9AI score0.70561EPSS
Exploits2Affected Software10
Debian CVE
Debian CVE
added 2023/02/24 2:53 p.m.58 views

CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

4.9CVSS7AI score0.01481EPSS
Exploits0
Rows per page
Query Builder