Lucene search
K

198 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

Fedora 41 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-347164df1c)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-347164df1c advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...

6.9CVSS5.2AI score0.00622EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/10/21 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2024-ff98facbc6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS7.1AI score0.00622EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/10/21 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2024-bf524bf5c0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/10/19 1:54 a.m.10 views

[SECURITY] Fedora 40 Update: rust-rustls-native-certs-0.8.0-1.fc40

Rustls-native-certs allows rustls to use the platform native certificate store...

7.2AI score
Exploits0
Fedora
Fedora
added 2024/10/19 1:20 a.m.13 views

[SECURITY] Fedora 39 Update: rust-rustls-native-certs0.7-0.7.3-1.fc39

Rustls-native-certs allows rustls to use the platform native certificate store...

6.9CVSS7.2AI score0.00622EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.5 views

Fedora 39 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-ff98facbc6)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff98facbc6 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...

6.9CVSS5.2AI score0.00622EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.5 views

Fedora 40 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-bf524bf5c0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-bf524bf5c0 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...

5.6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/10 12:0 a.m.7 views

The vulnerabilities of the functions cert_store_stats() and get_ca_certs() in the SSL module of the Python programming language interpreter (CPython) allow a malicious individual to gain unauthorized access to protected information.

The vulnerability of the certstorestats and getcacerts functions in the SSL module of the Python programming language interpreter CPython is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

7.4CVSS6.7AI score0.00804EPSS
Exploits0References19Affected Software4
OSV
OSV
added 2024/06/20 11:18 a.m.44 views

BIT-PYTHON-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

7.4CVSS6.8AI score0.00804EPSS
Exploits0References13
OSV
OSV
added 2024/06/17 3:9 p.m.29 views

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

7.4CVSS6.7AI score0.00804EPSS
Exploits0References15
Oracle linux
Oracle linux
added 2024/04/19 12:0 a.m.39 views

nss security update

3.90.0-6fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35862190 - Update FIPS module name for Oracle Linux Orabug: 35862190 3.90.0-6 - Fix ecc DER wrapping. 3.90.0-5 - Pick up validated constant time implementations of p256, p384, and p521 from upsream - Mo...

4.3CVSS7AI score0.00816EPSS
Exploits0
NVD
NVD
added 2024/04/05 8:15 p.m.9 views

CVE-2024-29757

there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.3CVSS6.8AI score0.00081EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/05 8:2 p.m.9 views

CVE-2024-29757

there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.2AI score0.00081EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/05 8:2 p.m.10 views

CVE-2024-29757

there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1AI score0.00081EPSS
Exploits0References1
CVE
CVE
added 2024/04/05 8:2 p.m.110 views

CVE-2024-29757

The CVE-2024-29757 vulnerability is an Elevation of Privilege issue in Google Android Pixel firmware, caused by whitelisting of debugging certificates. Affected component (Pixel Companion) can bypass certain permissions, enabling local escalation of privilege without additional execution privileg...

7.3CVSS7AI score0.00081EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-2444

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.8.3 Description A flaw in the GnuTLS library is related to shortcomings in handling exceptional states when analyzing the cert list size parameter in the gnutls x509 trust list verify crt2 function. This issue can be...

5.3CVSS6.3AI score0.00718EPSS
Exploits0References90
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.8 views

PT-2024-4665 · Python +9 · Python +9

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.10.14 Python versions prior to 3.11.9 Python versions prior to 3.12.3 Python versions prior to 3.13.0a5 Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the...

9.8CVSS6.4AI score0.20459EPSS
Exploits15References237
Oracle linux
Oracle linux
added 2023/08/10 12:0 a.m.97 views

curl security update

7.61.1-30.el88.3 - GSS delegation too eager connection re-use CVE-2023-27536 - fix host name wildcard checking CVE-2023-28321 - rebuild certs with 2048-bit RSA keys...

5.9CVSS7.1AI score0.0181EPSS
Exploits2
Oracle linux
Oracle linux
added 2023/06/13 12:0 a.m.35 views

grub2 security update

2.06-46.0.4.el91.3 - Bump SBAT metadata for grub to 3 Orabug: 34872719 - Fix CVE-2022-3775 Orabug: 34871953 - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image Orabug: 34360986 - Replaced bugzilla.oracle.com references Orabug:...

8.6CVSS6.9AI score0.00872EPSS
Exploits0
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

DEBIAN-CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

6.5CVSS6.5AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder