25 matches found
SUSE CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
Astra Linux - уязвимость в python3.11, python3.7, python2.7
A defect was discovered in the Python “ssl” module, where there is a memory race condition involving the methods “certstorestats” and “getcacerts” of the ssl.SSLContext class. This race condition can occur when these methods are called simultaneously with the loading of certificates into the...
MiracleLinux 7 : python-2.7.5-69.0.1.el7.AXS7 (AXSA:2018-3246:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3246:03 advisory. A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the- middle attacker could use this flaw to recover some...
EUVD-2024-16193
Malicious code in bioql PyPI...
Security update for python-requests
This update for python-requests fixes the following issues: Add patch to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 Remove Requires on python-py. update to 2.32.3: Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. Fixe...
Linux Distros Unpatched Vulnerability : CVE-2024-0397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and getcacerts. The race...
Medium: python3
Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...
BIT-PYTHON-MIN-2024-0397 Memory race condition in ssl.SSLContext certificate store methods
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-2971)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and...
EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-2985)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and...
Oracle Database Server (Jul 2024 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be...
DEBIAN-CVE-2024-0397
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
AZL-42784 CVE-2024-0397 affecting package python3 for versions less than 3.12.3-1
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
AZL-42796 CVE-2024-0397 affecting package python3 for versions less than 3.9.19-3
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...
python: TLS handshake bypass
Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...
Python SSL Denial of Service (CVE-2019-5010)
A denial of service vulnerability exists in the Python SSL module. The vulnerability is due to improper handling of malformed DistributionPoint extension within X.509 certificates. Successful exploitation of this vulnerability could lead to denial-of-service conditions on the target server...
Red Hat Software Collections Python Certificate Acquisition Vulnerability
Red Hat Software Collections is a suite of dynamic languages, open source databases, and web development tools from Red Hat.Python is a set of open source, object-oriented programming languages from the Python Software Foundation that is extensible, supports modules and packages, and supports...
Low: python-tornado
Issue Overview: A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate suc...
RHEL 6 : cloud-init (RHSA-2015:0042)
Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...
Low: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update
Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...