EUVD-2014-0094

Malware in sbrugna...

EUVD-2014-0095

Malware in sbrugna...

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.

...

Linux Distros Unpatched Vulnerability : CVE-2013-6444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...

Linux Distros Unpatched Vulnerability : CVE-2013-6418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the- middle attackers to spoof a peer via an arbitrary...

OPENSUSE-SU-2024:13977-1 python310-pywbem-1.7.2-1.1 on GA media

These are all security issues fixed in the python310-pywbem-1.7.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11263-1 python36-pywbem-1.1.1-2.7 on GA media

These are all security issues fixed in the python36-pywbem-1.1.1-2.7 package on the GA media of openSUSE Tumbleweed...

RHEL 9 : pywbem (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - m2crypto: Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657 CVE-2023-5078...

RHEL 6 : pywbem (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pywbem: failure to check certificate hostname CVE-2013-6444 - PyWBEM 0.7 and earlier uses a separate...

RHEL 7 : pywbem (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pywbem: failure to check certificate hostname CVE-2013-6444 - PyWBEM 0.7 and earlier uses a separate...

SUSE CVE-2013-6418

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate...

SUSE CVE-2013-6444

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

new packages: pywbem

An update is available for pywbem. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

PyWBEM TOCTOU vulnerability in certificate validation

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

GHSA-GH2C-6M38-C78J PyWBEM TOCTOU vulnerability in certificate validation

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

PyWBEM TOCTOU vulnerability in certificate validation

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate...

GHSA-F9Q5-46QG-74X4 PyWBEM TOCTOU vulnerability in certificate validation

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate...

Advisory ROSA-SA-2021-1958

Software: pywbem 0.7.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-6418 CVE-Crit: HIGH CVE-DESC: PyWBEM 0.7 and earlier versions use a separate connection to validate X.509 certificates, which allows "attacker-in-the-middle" attackers to trick a peer node with an arbitrary certificate. CVE-STATUS: default...

SUSE: Security Advisory (SUSE-SU-2014:0580-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

pywbem bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...