ABB M2M Gateway TLS Handshake bypass in embedded Python (CVE-2023-40217)

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

BIT-PYTHON-MIN-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerabilities (USN-6513-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6513-1 advisory. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a...

Oracle Linux 7 : python3 (ELSA-2023-6823)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6823 advisory. - Remove the 'getfile' feature of pydoc Orabug: 33182027CVE-2021-3426 - Fix buffer overflow in PyCArgrepr Orabug: 32551171CVE-2021-3177 - Test fixups for...

PT-2023-7210 · Ibm · Ibm Aix

Name of the Vulnerable Software and Affected Versions: IBM AIX version 7.3 Description: The issue is related to the Python implementation in IBM AIX, which could allow a non-privileged local user to cause a denial of service due to insufficient input validation. A race condition in the SSLSocket...

Security Bulletin: Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)

Summary Vulnerability with Python CVE-2023-40217 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2023:3730-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3730-1 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5...

CVE-2023-40217

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

Python TLS Handshake Bypass (CVE-2023-40217)

The version of Python installed on the remote Windows host is potentially affected by a vulnerability that primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly,...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2015:2101 Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

CVE-2015-3230

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

CVE-2014-0625

The SSLSocket implementation in the 1 JSAFE and 2 JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service memory consumption by triggering application-data processing during the TLS handshake, a time at which the data is internal...

Code injection

The SSLSocket implementation in the 1 JSAFE and 2 JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service memory consumption by triggering application-data processing during the TLS handshake, a time at which the data is internal...

CVE-2014-0625

The SSLSocket implementation in the 1 JSAFE and 2 JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service memory consumption by triggering application-data processing during the TLS handshake, a time at which the data is internal...

CVE-2014-0625

The CVE-2014-0625 issue affects RSA BSAFE SSL-J (JSAFE/JSSE) 5.x before 5.1.3 and 6.x before 6.0.2, where SSLSocket processing during TLS handshakes can buffer application data, leading to memory-based DoS. The SUSE/Security advisory and ESA-2014-009 describe a memory-denial vulnerability in the ...