Fedora 40 : golang-github-onsi-ginkgo-2 (2023-1c1be955d7)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c1be955d7 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...
6.5AI Score
Fedora 40 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-5f984129b2)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f984129b2 advisory. NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge...
7AI Score
Fedora 38 : python2.7 (2023-01b481a31e)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-01b481a31e advisory. An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490)...
7AI Score
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...
5.8AI Score
Oracle Linux 7 : tigervnc (ELSA-2024-2080)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2080 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when...
7.2AI Score
Apache Tomcat 8.5.0 < 8.5.64 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.64. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.64_security-8 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly...
6.5AI Score
Apache Tomcat 9.0.0.M1 < 9.0.44 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.44. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.44_security-9 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly...
6.5AI Score
Fedora 40 : golang-github-prometheus-prom2json (2023-14a33318b8)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-14a33318b8 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP...
6.7AI Score
Fedora 40 : gitleaks (2024-4901258366)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4901258366 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...
6.5AI Score
Fedora 37 : pypy3.8 (2023-943556a733)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-943556a733 advisory. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to...
8.7AI Score
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-600 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are...
5.9AI Score
Fedora 40 : golang-github-rogpeppe-internal (2023-9177748962)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9177748962 advisory. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP...
6.8AI Score
Fedora 40 : xq (2024-e9ca3462aa)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e9ca3462aa advisory. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an...
6.2AI Score
Fedora 40 : golang-gvisor (2024-80e062d21a)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-80e062d21a advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...
6.8AI Score
Fedora 40 : xorg-x11-server-Xwayland (2024-01a9916e9e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-01a9916e9e advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when...
7.4AI Score
AlmaLinux 8 : tigervnc (ALSA-2024:2037)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2037 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...
7.7AI Score
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6179 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) maven-shared-utils: Command...
7.6AI Score
RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2023:5982)
The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5982 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection...
8AI Score
RHEL 8 : openshift-pipelines-client (RHSA-2023:6781)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6781 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.6AI Score
RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.6 RPMs (RHSA-2023:7521)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7521 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2:...
7.6AI Score
RHEL 8 / 9 : OpenShift Container Platform 4.12.39 (RHSA-2023:5679)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5679 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...
7.7AI Score
RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.12.1 (RHSA-2023:6059)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6059 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.6AI Score
RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...
7.4AI Score
RHEL 8 : openshift-gitops-kam (RHSA-2023:6782)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6782 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.6AI Score
RHEL 8 : Release of OpenShift Serverless Client kn 1.30.2 (RHSA-2023:6298)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6298 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...
7.7AI Score
RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate...
7.6AI Score
RHEL 8 : Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) (RHSA-2023:5970)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5970 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.7AI Score
RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.10.6 (RHSA-2023:7699)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7699 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.7AI Score
RHEL 8 : Red Hat OpenShift Container Storage 4.6 update (Moderate) (RHSA-2020:5606)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5606 advisory. golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) golang: data race...
7AI Score
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5805 advisory. golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) golang: net/http, x/net/http2:...
7.6AI Score
RHEL 8 : OpenShift Container Platform 4.11.52 (RHSA-2023:5717)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5717 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.7AI Score
RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) golang: ReadUvarint and...
7.1AI Score
RHEL 8 : Satellite 6.12.5.2 Async Security Update (Important) (RHSA-2023:5979)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5979 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection (CVE-2022-2068) ...
8.3AI Score
RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) (RHSA-2023:5964)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5964 advisory. golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) golang: net/http, mime/multipart: denial of service from...
8.8AI Score
RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection (CVE-2022-2068) ...
8.4AI Score
Fedora 39 : golang-gvisor (2024-9cc0e0c63e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9cc0e0c63e advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...
6.8AI Score
Fedora 38 : golang-gvisor (2024-d652859efb)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d652859efb advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...
6.8AI Score
RHEL 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.6AI Score
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) (RHSA-2023:5967)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5967 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.6AI Score
RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. openssl: c_rehash script allows command injection (CVE-2022-1292) openssl: the c_rehash script allows command injection...
8.3AI Score
RHEL 9 : openshift-gitops-kam (RHSA-2023:7344)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7344 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.6AI Score
RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) (RHSA-2023:5965)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5965 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...
7.6AI Score
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) maven-shared-utils: Command...
8.1AI Score
RHEL 8 / 9 : skupper-cli and skupper-router (RHSA-2023:6165)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6165 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...
7.6AI Score
RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-swift) (RHSA-2023:1277)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1277 advisory. OpenStack Object Storage (swift) aggregates commodity servers to work together in clusters for reliable, redundant, and large-scale...
6.5AI Score
putty is vulnerable to Denial Of Service (DoS). The vulnerability is due to remote SSH-1 servers accessing freed memory locations via an SSH1_MSG_DISCONNECT message in PuTTY, allows remote SSH-1 servers to trigger a denial of service...
6.6AI Score
0.007EPSS
K000139423 : OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004
Security Advisory Description CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to...
3.1CVSS
5.4AI Score
0.0005EPSS
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. curl: TLS session resumption client cert bypass (CVE-2016-5419) curl: Re-using connection with wrong client cert (CVE-2016-5420) ...
9.5AI Score
Exploit for Out-of-bounds Write in F5 Nginx Ingress Controller
evilMP4 Explore CVE-2022-41741 with the Evil MP4 repository....
7.7AI Score
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who...
8.6CVSS
8.7AI Score
0.0004EPSS