Siemens Ruggedcom ROX Improper Input Validation (CVE-2024-5642)

CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being not...

BIT-PYTHON-MIN-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

BIT-PYTHON-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

EUVD-2024-16193

Malicious code in bioql PyPI...

EUVD-2022-28111

Malicious code in bioql PyPI...

EUVD-2024-46822

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-20200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean valu...

SUSE-SU-2025:20531-1 Security update for python-requests

This update for python-requests fixes the following issues: - Avoid problems with certificate caching in sslcontext. bsc1246104, ghpsf/requests6767 Update to 2.32.4: CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong...

Security update for python-requests

This update for python-requests fixes the following issues: Avoid problems with certificate caching in sslcontext. bsc1246104, ghpsf/requests6767 Update to 2.32.4: CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong...

Security update for python-requests

This update for python-requests fixes the following issues: Add patch to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 Remove Requires on python-py. update to 2.32.3: Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. Fixe...

Azure Linux 3.0 Security Update: python3 (CVE-2024-0397)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0397 advisory. - A defect was discovered in the Python ssl module where there is a memory race condition with the...

Medium: python

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

Security update for python311, python-rpm-macros

This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb bsc1221854 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges bsc1226448 - CVE-2024-0397: Fixed memory race condition...

BIT-PYTHON-MIN-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

Medium: python3.11

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

Fedora: Security Advisory (FEDORA-2024-6dedbc5cf9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : python3.9 (2024-7db9258d37)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7db9258d37 advisory. This is a security release of Python 3.11 ----------------------------------------- Note: The release you're looking at is Python 3.11.10, a securit...

Python Buffer Over-Read Vulnerability (Jul 2024) - Linux

Python is prone to a buffer over-read vulnerability in SSLContext.setnpnprotocols. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...