Scalance Xm-400, Xr-500 Security Vulnerabilities

RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0560 advisory. google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization...

RHEL 8 : Release of OpenShift Serverless Client kn 1.20.0 (Moderate) (RHSA-2022:0432)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0432 advisory. golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) golang:...

RHEL 7 : rh-haproxy18-haproxy (RHSA-2019:1436)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1436 advisory. haproxy: Information disclosure in check_request_for_cacheability function in proto_http.c (CVE-2018-11469) haproxy: Out-of-bounds...

RHEL 7 / 8 : OpenShift Virtualization 4.8.5 RPMs (RHSA-2022:1329)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1329 advisory. golang: net: lookup functions may return invalid host names (CVE-2021-33195) golang: net/http/httputil: ReverseProxy forwards...

RHEL 8 : Release of OpenShift Serverless Client kn 1.17.0 (Moderate) (RHSA-2021:3555)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3555 advisory. serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 (CVE-2021-3703) golang: encoding/xml: infinite loop when...

RHEL 8 : Red Hat OpenStack Platform (etcd) (RHSA-2023:1275)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1275 advisory. etcd is a highly-available key value store for shared configuration. The following Important impact security fix(es) are applicable to Red...

RHEL 8 / 9 : OpenShift Container Platform 4.13.10 (RHSA-2023:4734)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4734 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) Note that Nessus has not tested for this issue but has instead...

RHEL 8 : Satellite 6.12 Release (Important) (RHSA-2022:8506)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8506 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: go/parser: stack exhaustion in all Parse*...

RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2023:3447)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3447 advisory. A highly-available key value store for shared configuration Security Fix(es): * Information discosure via debug function (CVE-2021-28235) ...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...

RHEL 8 / 9 : OpenShift Container Platform 4.13.0 (RHSA-2023:1325)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1325 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 6 / 7 : httpd24-httpd (RHSA-2019:4126)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4126 advisory. httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) httpd: mod_session_cookie does not respect expiry time...

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-neutron) (RHSA-2023:0275)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0275 advisory. OpenStack Networking (neutron) is a virtual network service for OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically request...

RHEL 8 : RHUI 4.3.0 - Security Fixes, Bug Fixes, and Enhancements Update (Low) (RHSA-2023:0742)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0742 advisory. Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Important) (RHSA-2023:5810)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5810 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

RHEL 9 : openshift-gitops-kam (RHSA-2023:7344)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7344 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Red Hat Product OCP Tools 4.11 Openshift Jenkins (RHSA-2023:6171)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6171 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) maven-shared-utils: Command injection via Commandline class...

RHEL 8 : Red Hat OpenShift Data Foundation 4.9.0 (RHSA-2021:5085)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5085 advisory. kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565) golang: net: lookup...

RHEL 8 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Important) (RHSA-2023:4470)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4470 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 9 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: html/template: improper...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...

RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) (RHSA-2023:5965)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5965 advisory. A highly-available key value store for shared configuration Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5208)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5208 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

RHEL 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3540)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3540 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: net/http, net/textproto,...

RHEL 8 / 9 : OpenShift Container Platform 4.12.3 (RHSA-2023:0727)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0727 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 / 9 : skupper-cli and skupper-router (RHSA-2023:6165)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6165 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...

RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 7 : CloudForms 4.6.8 (RHSA-2019:0315)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0315 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

RHEL 7 : rh-nodejs10-nodejs (RHSA-2019:2939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2939 advisory. nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) nodejs: Slowloris HTTP Denial of Service (CVE-2018-12122) nodejs:...

RHEL 7 : skydive (RHSA-2019:2796)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2796 advisory. Skydive is an open source real-time network topology and protocols analyzer. Security Fix(es): * HTTP/2: flood using PING frames results in...

RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:2912 advisory. nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons (CVE-2016-1000232) nodejs-tough-cookie: Regular...

RHEL 7 : python-django (RHSA-2019:0082)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0082 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2019:2745)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2745 advisory. HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) HTTP/2: flood using PRIORITY frames results in...

RHEL 7 : rh-nginx114-nginx (RHSA-2018:3681)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3681 advisory. nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843) nginx: Excessive CPU usage via flaw in HTTP/2...

RHEL 6 / 7 : rh-nodejs6-nodejs-tough-cookie (RHSA-2017:2913)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2913 advisory. nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010) Note that Nessus has not tested for this issue but has instead relied...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. curl: TLS session resumption client cert bypass (CVE-2016-5419) curl: Re-using connection with wrong client cert (CVE-2016-5420) ...

RHEL 7 : pyOpenSSL (RHSA-2019:0085)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0085 advisory. The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Security...

RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2018:3730)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3730 advisory. ruby: HTTP response splitting in WEBrick (CVE-2017-17742) ruby: Unintentional file and directory creation with directory traversal in...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2018:2949)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2949 advisory. nodejs: HTTP parser allowed for spaces inside Content-Length header values (CVE-2018-7159) nodejs: Inspector DNS rebinding vulnerability...

RHEL 7 : rh-ruby25-ruby (RHSA-2018:3731)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3731 advisory. ruby: HTTP response splitting in WEBrick (CVE-2017-17742) ruby: Unintentional file and directory creation with directory traversal in...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. nodejs: HTTP request splitting (CVE-2018-12116) nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) nodejs: Slowloris...

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:3729)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3729 advisory. ruby: HTTP response splitting in WEBrick (CVE-2017-17742) ruby: Unintentional file and directory creation with directory traversal in...

RHEL 7 : rh-nginx112-nginx (RHSA-2018:3680)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3680 advisory. nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843) nginx: Excessive CPU usage via flaw in HTTP/2...

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences

Impact DoS vuln via OOM using jq in ignoreDifferences. ignoreDifferences: - group: apps kind: Deployment jqPathExpressions: - 'until(true == false; [.] + [1])' Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.10.8 v2.9.13...

CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...

Mattermost fails to limit the size of a request path

Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request...

CVE-2024-4183

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...