RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0560 advisory. google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization...
9.9CVSS
7.4AI Score
0.012EPSS
RHEL 8 : Release of OpenShift Serverless Client kn 1.20.0 (Moderate) (RHSA-2022:0432)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0432 advisory. golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) golang:...
9.8CVSS
7.2AI Score
0.004EPSS
RHEL 7 : rh-haproxy18-haproxy (RHSA-2019:1436)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1436 advisory. haproxy: Information disclosure in check_request_for_cacheability function in proto_http.c (CVE-2018-11469) haproxy: Out-of-bounds...
7.5CVSS
7.3AI Score
0.009EPSS
RHEL 7 / 8 : OpenShift Virtualization 4.8.5 RPMs (RHSA-2022:1329)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1329 advisory. golang: net: lookup functions may return invalid host names (CVE-2021-33195) golang: net/http/httputil: ReverseProxy forwards...
7.5CVSS
7AI Score
0.007EPSS
RHEL 8 : Release of OpenShift Serverless Client kn 1.17.0 (Moderate) (RHSA-2021:3555)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3555 advisory. serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 (CVE-2021-3703) golang: encoding/xml: infinite loop when...
7.5CVSS
7.1AI Score
0.009EPSS
RHEL 8 : Red Hat OpenStack Platform (etcd) (RHSA-2023:1275)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1275 advisory. etcd is a highly-available key value store for shared configuration. The following Important impact security fix(es) are applicable to Red...
7.5CVSS
9.4AI Score
0.005EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.13.10 (RHSA-2023:4734)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4734 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) Note that Nessus has not tested for this issue but has instead...
7.5CVSS
6.9AI Score
0.002EPSS
RHEL 8 : Satellite 6.12 Release (Important) (RHSA-2022:8506)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8506 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
9.3AI Score
0.138EPSS
RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) golang: go/parser: stack exhaustion in all Parse*...
9.1CVSS
8AI Score
0.005EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2023:3447)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3447 advisory. A highly-available key value store for shared configuration Security Fix(es): * Information discosure via debug function (CVE-2021-28235) ...
9.8CVSS
8.5AI Score
0.024EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...
3.3CVSS
4.5AI Score
0.0005EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.13.0 (RHSA-2023:1325)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1325 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
9.1CVSS
9.7AI Score
0.024EPSS
RHEL 6 / 7 : httpd24-httpd (RHSA-2019:4126)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:4126 advisory. httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) httpd: mod_session_cookie does not respect expiry time...
7.5CVSS
7.1AI Score
0.831EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-neutron) (RHSA-2023:0275)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0275 advisory. OpenStack Networking (neutron) is a virtual network service for OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically request...
6.5CVSS
5.8AI Score
0.001EPSS
RHEL 8 : RHUI 4.3.0 - Security Fixes, Bug Fixes, and Enhancements Update (Low) (RHSA-2023:0742)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0742 advisory. Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and...
7.5CVSS
7.7AI Score
0.005EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5810 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
8.6AI Score
0.732EPSS
RHEL 9 : openshift-gitops-kam (RHSA-2023:7344)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7344 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...
7.5CVSS
7.6AI Score
0.732EPSS
RHEL 8 : Red Hat Product OCP Tools 4.11 Openshift Jenkins (RHSA-2023:6171)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6171 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) maven-shared-utils: Command injection via Commandline class...
9.8CVSS
8.3AI Score
0.972EPSS
RHEL 8 : Red Hat OpenShift Data Foundation 4.9.0 (RHSA-2021:5085)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5085 advisory. kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565) golang: net: lookup...
7.5CVSS
7AI Score
0.007EPSS
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4470 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
9.8CVSS
7.8AI Score
0.005EPSS
RHEL 9 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: html/template: improper...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...
9.8CVSS
10AI Score
0.972EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) (RHSA-2023:5965)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5965 advisory. A highly-available key value store for shared configuration Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can...
7.5CVSS
8.8AI Score
0.732EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5208 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
7.8AI Score
0.001EPSS
RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
9.5AI Score
0.186EPSS
RHEL 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3540)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3540 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: net/http, net/textproto,...
9.8CVSS
7.1AI Score
0.005EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.12.3 (RHSA-2023:0727)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0727 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
7.5CVSS
8.2AI Score
0.002EPSS
RHEL 8 / 9 : skupper-cli and skupper-router (RHSA-2023:6165)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6165 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...
7.5CVSS
7.6AI Score
0.732EPSS
RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
8.2CVSS
8.1AI Score
0.002EPSS
RHEL 7 : CloudForms 4.6.8 (RHSA-2019:0315)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0315 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...
6.1CVSS
6.5AI Score
0.001EPSS
RHEL 7 : rh-nodejs10-nodejs (RHSA-2019:2939)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2939 advisory. nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) nodejs: Slowloris HTTP Denial of Service (CVE-2018-12122) nodejs:...
7.5CVSS
7.4AI Score
0.821EPSS
RHEL 7 : skydive (RHSA-2019:2796)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2796 advisory. Skydive is an open source real-time network topology and protocols analyzer. Security Fix(es): * HTTP/2: flood using PING frames results in...
7.5CVSS
8.4AI Score
0.821EPSS
RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:2912 advisory. nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons (CVE-2016-1000232) nodejs-tough-cookie: Regular...
7.5CVSS
6.9AI Score
0.011EPSS
RHEL 7 : python-django (RHSA-2019:0082)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0082 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...
5.3CVSS
5.8AI Score
0.008EPSS
RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2019:2745)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2745 advisory. HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) HTTP/2: flood using PRIORITY frames results in...
7.5CVSS
7.2AI Score
0.097EPSS
RHEL 7 : rh-nginx114-nginx (RHSA-2018:3681)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3681 advisory. nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843) nginx: Excessive CPU usage via flaw in HTTP/2...
7.5CVSS
6.9AI Score
0.084EPSS
RHEL 6 / 7 : rh-nodejs6-nodejs-tough-cookie (RHSA-2017:2913)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2913 advisory. nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010) Note that Nessus has not tested for this issue but has instead relied...
7.5CVSS
6.5AI Score
0.011EPSS
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. curl: TLS session resumption client cert bypass (CVE-2016-5419) curl: Re-using connection with wrong client cert (CVE-2016-5420) ...
9.8CVSS
9.5AI Score
0.959EPSS
RHEL 7 : pyOpenSSL (RHSA-2019:0085)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0085 advisory. The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Security...
8.1CVSS
7.2AI Score
0.094EPSS
RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2018:3730)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3730 advisory. ruby: HTTP response splitting in WEBrick (CVE-2017-17742) ruby: Unintentional file and directory creation with directory traversal in...
9.8CVSS
7.9AI Score
0.022EPSS
RHEL 7 : rh-nodejs8-nodejs (RHSA-2018:2949)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2949 advisory. nodejs: HTTP parser allowed for spaces inside Content-Length header values (CVE-2018-7159) nodejs: Inspector DNS rebinding vulnerability...
8.8CVSS
7.2AI Score
0.033EPSS
RHEL 7 : rh-ruby25-ruby (RHSA-2018:3731)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3731 advisory. ruby: HTTP response splitting in WEBrick (CVE-2017-17742) ruby: Unintentional file and directory creation with directory traversal in...
9.8CVSS
7.9AI Score
0.022EPSS
RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. nodejs: HTTP request splitting (CVE-2018-12116) nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) nodejs: Slowloris...
7.5CVSS
7.6AI Score
0.015EPSS
RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:3729)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3729 advisory. ruby: HTTP response splitting in WEBrick (CVE-2017-17742) ruby: Unintentional file and directory creation with directory traversal in...
9.8CVSS
7.9AI Score
0.022EPSS
RHEL 7 : rh-nginx112-nginx (RHSA-2018:3680)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3680 advisory. nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843) nginx: Excessive CPU usage via flaw in HTTP/2...
7.5CVSS
6.9AI Score
0.084EPSS
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Impact DoS vuln via OOM using jq in ignoreDifferences. ignoreDifferences: - group: apps kind: Deployment jqPathExpressions: - 'until(true == false; [.] + [1])' Patches A patch for this vulnerability has been released in the following Argo CD versions: v2.10.8 v2.9.13...
6.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32476 Denial of Service via malicious jqPathExpressions in ignoreDifferences
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and...
6.5CVSS
6.6AI Score
0.0004EPSS
Mattermost fails to limit the number of active sessions
Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...
4.3CVSS
6.7AI Score
0.0004EPSS
Mattermost fails to limit the size of a request path
Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request...
3.1CVSS
6.8AI Score
0.0004EPSS
Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...
4.3CVSS
4.5AI Score
0.0004EPSS