7 matches found
Linux Distros Unpatched Vulnerability : CVE-2013-6418
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the- middle attackers to spoof a peer via an arbitrary...
RHEL 6 : pywbem (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pywbem: failure to check certificate hostname CVE-2013-6444 - PyWBEM 0.7 and earlier uses a separate...
RHEL 7 : pywbem (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pywbem: failure to check certificate hostname CVE-2013-6444 - PyWBEM 0.7 and earlier uses a separate...
Advisory ROSA-SA-2021-1958
Software: pywbem 0.7.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-6418 CVE-Crit: HIGH CVE-DESC: PyWBEM 0.7 and earlier versions use a separate connection to validate X.509 certificates, which allows "attacker-in-the-middle" attackers to trick a peer node with an arbitrary certificate. CVE-STATUS: default...
SUSE: Security Advisory (SUSE-SU-2014:0580-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-6418
CVE-2013-6418 affects PyWBEM 0.7 and earlier, where certificate validation occurs over a separate connection, enabling MITM spoofing of peers via arbitrary X.509 certificates. Impact is partial confidentiality/integrity risk as described in linked advisories; exploitation details are not provided...
SuSE 11.3 Security Update : python-pywbem (SAT Patch Number 9079)
This update fixes a TOCTOU vulnerability during certificate validation. CVE-2013-6418 has been assigned to this issue. This update also introduces a new dependency on python-m2crypto. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...