Lucene search
K

134 matches found

Positive Technologies
Positive Technologies
added 2021/01/15 12:0 a.m.3 views

PT-2021-7691 · Ericsson +2 · Erlang/Otp +2

Name of the Vulnerable Software and Affected Versions: Erlang/OTP versions prior to 23.2.2 Description: An issue was discovered in the ssl application, which accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. This could allow a remote attacker to gain...

9.8CVSS8.4AI score0.03151EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2020/11/02 12:0 a.m.349 views

Oracle Fusion Middleware Oracle HTTP Server (Oct 2020 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as referenced in the October 2020 CPU advisory: - A denial of service DoS vulnerability exists in the SSL Module OpenSSL. An unauthenticated, remote attacker with network access via HTTPS,...

9.8CVSS6.5AI score0.53336EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2020/02/11 12:0 a.m.7 views

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service, which allows a hacker to cause a service failure.

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTPS protocol...

5.3CVSS6.2AI score0.01489EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2019/01/15 9:1 a.m.32 views

Denial Of Service (DoS) Via CPU Consumption

Red Hat Storage is vulnerable to a denial of service attack. The attack is due to the flaw in the way Python's SSL module implementation performed matching of certain certificate names, allowing the attacker to input a valid certificate containing multiple wildcard characters resulting in excessi...

4.3CVSS5.7AI score0.04857EPSS
Exploits0References23Affected Software70
Veracode
Veracode
added 2019/01/15 8:51 a.m.35 views

Man-in-the-Middle (MitM)

python is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists as the ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

5.9CVSS9AI score0.05741EPSS
Exploits5References27Affected Software1
FreeBSD
FreeBSD
added 2019/01/15 12:0 a.m.46 views

Python -- NULL pointer dereference vulnerability

Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...

7.5CVSS1.6AI score0.20743EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/12/15 10:34 p.m.5 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/11/13 5:35 p.m.13 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2017/08/07 12:0 a.m.62 views

python security and bug fix update

2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...

10CVSS0.8AI score0.2548EPSS
Exploits8
Broadcom
Broadcom
added 2017/01/03 12:0 a.m.8 views

BSA-2017-105

Security Advisory ID : BSA-2017-105 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attacker...

7.5CVSS7.6AI score0.18802EPSS
Exploits0
CNVD
CNVD
added 2016/04/22 12:0 a.m.5 views

Oracle Fusion Middleware HTTP Server Component Data Read Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. Oracle HTTP Server is one of the open source technology based on Apache Web server components. A data read vulnerability exists...

3.7CVSS6.8AI score0.01365EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/12/30 12:0 a.m.69 views

VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)

The remote VMware ESXi host is affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Python function readstatus in library httplib and in function readline in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these...

6.4CVSS7.2AI score0.081EPSS
Exploits3References8
Oracle linux
Oracle linux
added 2015/11/23 12:0 a.m.63 views

python security, bug fix, and enhancement update

2.7.5-34.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-34 - Revert fix for rhbz1117751 as it leads to regressions Resolves: rhbz1117751 2.7.5-33 - Only restore SIGPIPE when Popen called with restoresigpipe Resolves: rhbz1117751 2.7.5-32 - Backport SSLSocket.version...

7.5CVSS0.3AI score0.24148EPSS
Exploits8
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.37 views

Amazon Linux: Security Advisory (ALAS-2015-521)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.6AI score0.04857EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.36 views

Amazon Linux: Security Advisory (ALAS-2013-220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.9AI score0.05347EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/08/06 12:0 a.m.46 views

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)

This update to python 2.7.9 fixes the following issues : - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9 : - contains full backport of ssl module from Python 3.4 PEP466 - HTTPS certificate validation enabled by default PEP476 - SSLv3...

9.8CVSS7.4AI score0.24148EPSS
Exploits7References13
Amazon
Amazon
added 2015/05/05 12:0 a.m.64 views

Low: python-tornado

Issue Overview: A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate suc...

4.3CVSS6.8AI score0.04857EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/01/14 12:0 a.m.44 views

RHEL 6 : cloud-init (RHSA-2015:0042)

Updated cloud-init packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Common for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...

4.3CVSS7.2AI score0.04857EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/11/12 12:0 a.m.38 views

CentOS 6 : python (CESA-2013:1582)

Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

4.3CVSS7.3AI score0.05347EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2014/09/18 6:23 p.m.44 views

Low: Red Hat Security Advisory: Red Hat Storage 2.1 security, bug fix, and enhancement update

Updated glusterfs, geo-replication, and native client packages that fix one security issue, several bugs, and adds an enhancement are now available Red Hat Storage 2.1. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...

4.3CVSS6.5AI score0.04857EPSS
Exploits0References8
Rows per page
Query Builder