Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:0530
HistoryJan 25, 2024 - 6:08 p.m.

(RHSA-2024:0530) Important: Red Hat build of Cryostat security update

2024-01-2518:08:29
access.redhat.com
19
rhsa-2024-0530
red hat
cryostat 2
rhel 8
security update
denial of service
cve-2023-4043
cve-2023-39326
cvss score

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON

An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.

Security Fix(es):

  • parsson: Denial of Service due to large number parsing (CVE-2023-4043)

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 33
oraclelinux 7
nessus 78
osv 19
openvas 31
almalinux 6
ibm 5
ubuntu 4
rocky 1
mageia 3
debian 3
redos 2
amazon 2
atlassian 2
rosalinux 1
centos 2
redhat
redhat
(RHSA-2024:0843) Critical: Release of OpenShift Serverless 1.31.1
2024-02-15 12:52:31
(RHSA-2024:0097) Moderate: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update
2024-01-09 16:02:54
(RHSA-2024:0576) Moderate: avahi security update
2024-01-30 12:53:20
oraclelinux
oraclelinux
avahi security update
2023-12-15 00:00:00
java-17-openjdk security and bug fix update
2024-01-22 00:00:00
avahi security update
2024-05-03 00:00:00
nessus
nessus
Rocky Linux 8 : avahi (RLSA-2023:7836)
2024-01-09 00:00:00
AlmaLinux 9 : java-17-openjdk (ALSA-2024:0267)
2024-01-20 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2024:0325-1)
2024-02-06 00:00:00
osv
osv
openjdk-17 vulnerabilities
2024-02-27 02:04:18
java-17-openjdk-17.0.10.0-1.1 on GA media
2024-06-15 00:00:00
Moderate: avahi security update
2023-12-14 00:00:00
openvas
openvas
openSUSE: Security Advisory for java (SUSE-SU-2024:0325-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0325-1)
2024-02-06 00:00:00
Ubuntu: Security Advisory (USN-6661-1)
2024-02-27 00:00:00
almalinux
almalinux
Moderate: avahi security update
2023-12-14 00:00:00
Important: java-17-openjdk security and bug fix update
2024-01-17 00:00:00
Moderate: avahi security update
2024-04-30 00:00:00
ibm
ibm
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
2024-03-15 13:52:35
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to multiple CVEs in Avahi
2023-07-28 14:38:12
Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale
2024-04-29 09:30:18
ubuntu
ubuntu
OpenJDK 17 vulnerabilities
2024-02-27 00:00:00
Avahi vulnerabilities
2023-11-20 00:00:00
OpenJDK 21 vulnerabilities
2024-02-27 00:00:00
rocky
rocky
avahi security update
2024-01-09 04:07:32
mageia
mageia
Updated avahi packages fix security vulnerabilities
2024-01-25 14:21:08
Updated java-17-openjdk packages fix security vulnerabilities
2024-03-14 02:14:37
Updated java 1.8.0, 11 & latest packages fix security vulnerabilities
2024-03-15 05:49:05
debian
debian
[SECURITY] [DSA 5613-1] openjdk-17 security update
2024-02-01 22:40:03
[SECURITY] [DLA 3728-1] openjdk-11 security update
2024-01-31 15:32:31
[SECURITY] [DSA 5604-1] openjdk-11 security update
2024-01-23 21:54:17
redos
redos
ROS-20240910-02
2024-09-10 00:00:00
ROS-20240730-14
2024-07-30 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2024-02-01 19:57:00
Medium: avahi
2023-08-03 18:09:00
atlassian
atlassian
Bundled JRE in Bitbucket 8.0+ is vulnerable to OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20919
2024-05-23 06:45:36
Bundled JRE in Bitbucket 8.16+ is vulnerable to OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20919
2024-04-22 06:45:05
rosalinux
rosalinux
Advisory ROSA-SA-2024-2455
2024-07-23 11:22:51
centos
centos
java security update
2024-01-26 18:12:38
java security update
2024-01-26 18:11:41

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.3

Confidence

Low

EPSS

0.005

Percentile

77.0%

JSON
Related for RHSA-2024:0530
redhat33oraclelinux7nessus78osv19openvas31almalinux6ibm5ubuntu4rocky1mageia3debian3redos2amazon2atlassian2rosalinux1centos2