MiracleLinux 8 : gnutls-3.6.16-4.el8, nettle-3.4.1-7.el8 (AXSA:2021-2630:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2630:02 advisory. nettle: Remote crash in RSA decryption via manipulated ciphertext CVE-2021-3580 gnutls: Use after free in client keyshare extension CVE-2021-20231...

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-20232)

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 809...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

Alibaba Cloud Linux 3 : 0181: gnutls (ALINUX3-SA-2022:0181)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0181 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-20231: A flaw was found in gnutls...

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

CVE-2025-20232

creationtimestamp| type| source ---|---|--- 2025-03-26 23:55:52+00:00| seen| https://t.me/cvedetector/21233...

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

CVE-2025-20232

CVE-2025-20232 affects Splunk Enterprise (versions prior to 9.3.3, 9.2.5, 9.1.8) and Splunk Cloud Platform (prior to 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208, 9.1.2308.212). A low-privileged user without admin/power roles can abuse the /app/search/search endpoint via the s parameter...

CVE-2025-20232 Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

CVE-2023-20232

creationtimestamp| type| source ---|---|--- 2023-08-17 02:36:55+00:00| seen| https://t.me/cibsecurity/68706...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

CVE-2023-20232

Cisco Unified Contact Center Express (Unified CCX) is affected by CVE-2023-20232 due to improper input validation in the Tomcat-based web proxy component exposed via the Finesse Portal. The issue allows an unauthenticated, remote attacker to perform a web cache poisoning attack by sending crafted...

NewStart CGSL MAIN 6.02 : nettle Multiple Vulnerabilities (NS-SA-2022-0091)

The remote NewStart CGSL host, running version MAIN 6.02, has nettle packages installed that are affected by multiple vulnerabilities: - A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences. CVE-2021-20231 - A...

CVE-2019-20232

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none...

CVE-2021-20232 affecting package gnutls for versions less than 3.6.14-5

CVE-2021-20232 affecting package gnutls for versions less than 3.6.14-5. A patched version of the package is available...

Oracle Linux 8 : gnutls (ELSA-2022-9221)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9221 advisory. 3.6.16-4.0.1fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug...

EulerOS Virtualization 3.0.6.0 : gnutls (EulerOS-SA-2022-1067)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other...

AlmaLinux 8 : gnutls and nettle (ALSA-2021:4451)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4451 advisory. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a...

Mageia: Security Advisory (MGASA-2021-0291)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...