Lucene search
K

134 matches found

OSV
OSV
added 2024/06/17 3:9 p.m.18 views

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

7.4CVSS6.6AI score0.00804EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2024/06/17 3:9 p.m.19 views

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

7.4CVSS6.7AI score0.00804EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.171 views

Oracle HTTP Server Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Third Party curl. Easily exploitable vulnerability allow...

9.8CVSS7.4AI score0.78483EPSS
Exploits6References4
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.6 views

PT-2024-4665 · Python +9 · Python +9

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.10.14 Python versions prior to 3.11.9 Python versions prior to 3.12.3 Python versions prior to 3.13.0a5 Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the...

9.8CVSS6.4AI score0.20459EPSS
Exploits15References237
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.38 views

Oracle HTTP Server (October 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is...

9.8CVSS6.7AI score0.73461EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.89 views

Oracle HTTP Server (Apr 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Apr 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: SSL Module zlib . The supported version that is affected is...

9.8CVSS7.1AI score0.64509EPSS
Exploits2References6
F5 Networks
F5 Networks
added 2023/02/21 4:17 p.m.57 views

K15638: Python vulnerability CVE-2013-4238

Security Advisory Description The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL server...

4.3CVSS7.8AI score0.05347EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.3 views

SUSE CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...

4.3CVSS6.4AI score0.02068EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4238

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

5.3CVSS8.4AI score0.05347EPSS
Exploits1References35
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.6 views

SUSE CVE-2013-4248

The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

4.3CVSS6.9AI score0.03588EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.150 views

Oracle HTTP Server (Jan 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jan 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Expat. The supported version tha...

10CVSS7.7AI score0.52331EPSS
Exploits13References12
Github Security Blog
Github Security Blog
added 2022/05/17 5:39 a.m.25 views

Apache Libcloud does not verify SSL certificates for HTTPS connections

libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack. This is due to an upstream issue with python's SSL module rather than directly with libclo...

4.3CVSS6.3AI score0.01379EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/17 5:39 a.m.11 views

GHSA-W3J6-8J34-Q43X Apache Libcloud does not verify SSL certificates for HTTPS connections

libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle MITM attack. This is due to an upstream issue with python's SSL module rather than directly with libclo...

8.7CVSS6.2AI score0.01379EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.51 views

Oracle HTTP Server (Apr 2022 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener Apache HTTP Server. Supported versions that a...

9.8CVSS7.3AI score0.82295EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2013-0250)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.8AI score0.05347EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2021/10/22 12:0 a.m.98 views

Oracle HTTP Server (Oct 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL...

7.8CVSS6.9AI score0.07107EPSS
Exploits4References6
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2014:0337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8AI score0.05347EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2013:1618-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.8AI score0.05347EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/04/23 12:0 a.m.189 views

Oracle HTTP Server (Apr 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by a vulnerability as referenced in the April 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL Module Dell...

7.5CVSS6.6AI score0.02207EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2015:1344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.24148EPSS
Exploits7References7
Rows per page
Query Builder