Lucene search
K

21 matches found

RedHat Linux
RedHat Linux
added 2026/02/04 10:50 a.m.8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.23 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

9.1CVSS6.7AI score0.00563EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.4 views

SUSE SLES15 Security Update : python-eventlet (SUSE-SU-2025:03051-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03051-1 advisory. - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Tenable has extracted the...

9.1CVSS5.7AI score0.00363EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 1:56 p.m.10 views

Security Bulletin: Eventlet Pre-0.40.3 HTTP Trailer Parsing Flaw Enables HTTP Request Smuggling

Summary Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch...

9.1CVSS6.7AI score0.00363EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/11/11 12:17 a.m.0 views

EUVD-2025-58068

Malicious code in nurul-tomat40-sluey npm...

6.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/07 9:42 a.m.11 views

Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871

Summary IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871. This bulletin contains information regarding the vulnerability and how it is addressed. Vulnerabili...

9.1CVSS7.3AI score0.02164EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/09/25 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-7772-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.8AI score0.00363EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/09/15 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2025:03202-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.5AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2025/09/12 2:24 p.m.7 views

OESA-2025-2232 python-eventlet security update

Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. Security Fixes: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to...

9.1CVSS6.8AI score0.00363EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/09/12 12:27 p.m.2 views

Security update for python-eventlet

This update for python-eventlet fixes the following issues: CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

6.5CVSS6.7AI score0.00363EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/09/03 12:0 a.m.3 views

Debian: Security Advisory (DLA-4289-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.5AI score0.00363EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/09/02 3:38 p.m.3 views

Security update for python-eventlet

This update for python-eventlet fixes the following issues: CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

6.5CVSS6.7AI score0.00363EPSS
Exploits0References4
Circl
Circl
added 2025/08/30 1:10 a.m.18 views

CVE-2025-58068

creationtimestamp| type| source ---|---|--- 2025-08-30 01:10:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxlfb5p7xx2p...

9.1CVSS5.9AI score0.00363EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/29 10:15 p.m.2 views

CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

9.1CVSS6AI score0.00363EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/08/29 9:42 p.m.5 views

aalam-common (=0.1.78), agency (>=1.0.0 <=1.1.0) +160 more potentially affected by CVE-2025-58068 via eventlet (>=0.19.0 <=0.40.1)

eventlet PYPI version =0.19.0, =1.0.0, =0.5.5, =0.61.9, =0.4.0, =2.3.0, =1.0.5, =0.6.7.post3, =0.0.17, =1.0.12, =0.1.3, =0.45.15, =0.1.6, =0.1.6.7 and more Source cves: CVE-2025-58068 Source advisory: SNYK:PYTHON-EVENTLET-12260136...

9.1CVSS5.9AI score0.00363EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/29 8:8 p.m.3 views

aalam-common (=0.1.78), agency (>=1.0.0 <=1.1.0) +159 more potentially affected by CVE-2025-58068 via eventlet (>=0.20.0 <=0.40.1)

eventlet PYPI version =0.20.0, =1.0.0, =0.5.5, =0.61.9, =0.4.0, =2.3.0, =1.0.5, =0.6.7.post3, =0.0.17, =1.0.12, =0.1.3, =0.45.15, =0.1.6, =0.1.6.7 and more Source cves: CVE-2025-58068 Source advisory: OSV:GHSA-HW6F-RJFJ-J7J7...

9.1CVSS5.9AI score0.00363EPSS
Exploits0
OSV
OSV
added 2025/06/16 2:54 p.m.6 views

SUSE-SU-2025:01964-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. - CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...

7.8CVSS7.8AI score0.13626EPSS
Exploits3References767
RedhatCVE
RedhatCVE
added 2025/03/08 5:1 p.m.17 views

CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

5.5CVSS6.6AI score0.00168EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/03/07 2:39 a.m.2 views

SUSE CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

5.5CVSS7.5AI score0.00168EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2025/03/06 3:54 p.m.10 views

CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

5.5CVSS5.6AI score0.00168EPSS
Exploits0
CVE
CVE
added 2025/03/06 3:54 p.m.118 views

CVE-2024-58068

CVE-2024-58068 affects the Linux kernel OPP subsystem. If a bandwidth table is not created (e.g., interconnect properties missing in the OPP consumer node) and a driver calls dev_pm_opp_find_bw_ceil() or dev_pm_opp_find_bw_floor(), the kernel may NULL-dereference when reading bandwidth from _read...

5.5CVSS7AI score0.00168EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder