CLSA-2026-1776958842 python3: Fix of CVE-2022-37454

CVE-2022-37454: port xkcp fix for buffer overflows in the bundled sha-3 keccak sponge implementation...

ROS-20240731-06

A vulnerability in the SHA-3 cryptographic hash function of the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code during...

ROS-20240731-05

A vulnerability in the SHA-3 cryptographic hash function of the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code during...

Fedora 37 : pypy3.8 (2023-943556a733)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-943556a733 advisory. Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html Security fix for CVE-2022-37454, CVE-2022-45061. Tenable has extracted the...

Fedora 37 : pypy3.9 (2023-af5206f71d)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af5206f71d advisory. Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html Security fix for CVE-2022-37454, CVE-2022-45061, CVE-2022-42919. Tenable h...

BIT-PYTHON-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...

BIT-PHP-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...

Ubuntu 20.04 LTS / 22.04 LTS : PyPy vulnerability (USN-6524-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6524-1 advisory. Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash,...

Ubuntu 20.04 LTS / 22.04 LTS : pysha3 vulnerability (USN-6525-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6525-1 advisory. Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash,...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-004)

The version of python38 installed on the remote host is prior to 3.8.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2023-004 advisory. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that...

Amazon Linux 2 : php (ALASPHP8.1-2023-001)

The version of php installed on the remote host is prior to 8.1.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-001 advisory. In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a...

EulerOS Virtualization 3.0.6.0 : python3 (EulerOS-SA-2023-2229)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system...

Oracle Linux 8 : php:7.4 (ELSA-2023-2903)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2023-1896)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1927)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : php:7.4 (RHSA-2023:2903)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2903 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

RHEL 9 : php:8.1 (RHSA-2023:2417)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2417 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

GLSA-202305-02 : Python, PyPy3: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-02 Python, PyPy3: Multiple Vulnerabilities - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shel...