198 matches found
Fedora 41 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-347164df1c)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-347164df1c advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
Fedora: Security Advisory (FEDORA-2024-ff98facbc6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-bf524bf5c0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-rustls-native-certs-0.8.0-1.fc40
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 39 Update: rust-rustls-native-certs0.7-0.7.3-1.fc39
Rustls-native-certs allows rustls to use the platform native certificate store...
Fedora 39 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-ff98facbc6)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff98facbc6 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
Fedora 40 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-bf524bf5c0)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-bf524bf5c0 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
The vulnerabilities of the functions cert_store_stats() and get_ca_certs() in the SSL module of the Python programming language interpreter (CPython) allow a malicious individual to gain unauthorized access to protected information.
The vulnerability of the certstorestats and getcacerts functions in the SSL module of the Python programming language interpreter CPython is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
BIT-PYTHON-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
nss security update
3.90.0-6fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35862190 - Update FIPS module name for Oracle Linux Orabug: 35862190 3.90.0-6 - Fix ecc DER wrapping. 3.90.0-5 - Pick up validated constant time implementations of p256, p384, and p521 from upsream - Mo...
CVE-2024-29757
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-29757
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-29757
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-29757
The CVE-2024-29757 vulnerability is an Elevation of Privilege issue in Google Android Pixel firmware, caused by whitelisting of debugging certificates. Affected component (Pixel Companion) can bypass certain permissions, enabling local escalation of privilege without additional execution privileg...
PT-2024-2444
Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.8.3 Description A flaw in the GnuTLS library is related to shortcomings in handling exceptional states when analyzing the cert list size parameter in the gnutls x509 trust list verify crt2 function. This issue can be...
PT-2024-4665 · Python +9 · Python +9
Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.10.14 Python versions prior to 3.11.9 Python versions prior to 3.12.3 Python versions prior to 3.13.0a5 Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the...
curl security update
7.61.1-30.el88.3 - GSS delegation too eager connection re-use CVE-2023-27536 - fix host name wildcard checking CVE-2023-28321 - rebuild certs with 2048-bit RSA keys...
grub2 security update
2.06-46.0.4.el91.3 - Bump SBAT metadata for grub to 3 Orabug: 34872719 - Fix CVE-2022-3775 Orabug: 34871953 - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image Orabug: 34360986 - Replaced bugzilla.oracle.com references Orabug:...
DEBIAN-CVE-2023-0430
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...