Fedora 44 : coturn (2026-379e214a37)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-379e214a37 advisory. Coturn 4.9.0 - Multiple security fixes - Fix to Web Admin password check - Cleanup of deprecated OpenSSL APIs - Fix for CVE-2026-27624: Bypass...

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

BIT-PYTHON-MIN-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

TencentOS Server 3: mysql:8.0 (TSSA-2025:0204)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0204 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2024-5642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This...

Linux Distros Unpatched Vulnerability : CVE-2024-4741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A us...

Siemens SIMATIC and SCALANCE Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2024-5535)

Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this iss...

Amazon Linux 2 : python (ALAS-2025-2744)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2744 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the...

Amazon Linux 2 : python3 (ALAS-2025-2743)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2743 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for th...

Siemens SCALANCE M-800 Use After Free (CVE-2024-4741)

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

SUSE-SU-2024:3470-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module bsc1228780. - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API bsc1227233. - CVE-2024-7592: Fixed Email...

SUSE SLES12 Security Update : python36 (SUSE-SU-2024:3353-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3353-1 advisory. - CVE-2024-5642: Fixed invalid value sent to underlying OpenSSL API may cause a buffer overread when NPN is used bsc1227233 Tenable has...

SUSE-SU-2024:3353-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2024-5642: Fixed invalid value sent to underlying OpenSSL API may cause a buffer overread when NPN is used bsc1227233...

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

CVE-2024-5535 SSL_select_next_proto buffer overread

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

USN-6673-1: python-cryptography vulnerabilities | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS1 v1.5. A remote attacker could...

USN-6673-2: python-cryptography vulnerability

USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding i...

openSUSE Security Update : freeradius-server (openSUSE-2017-972)

This update for freeradius-server fixes the following issues : - update to 3.0.15 bsc1049086 - Bind the lifetime of program name and python path to the module - CVE-2017-10978: FR-GV-201: Check input / output length in makesecret bsc1049086 - CVE-2017-10983: FR-GV-206: Fix read overflow when...

SUSE-SU-2017:2202-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - update to 3.0.15 bsc1049086 Bind the lifetime of program name and python path to the module CVE-2017-10978: FR-GV-201: Check input / output length in makesecret bsc1049086 CVE-2017-10983: FR-GV-206: Fix read overflow when decoding DH...