21 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.23 bug fix and security update
Red Hat OpenShift Container Platform release 4.19.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...
SUSE SLES15 Security Update : python-eventlet (SUSE-SU-2025:03051-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03051-1 advisory. - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Tenable has extracted the...
Security Bulletin: Eventlet Pre-0.40.3 HTTP Trailer Parsing Flaw Enables HTTP Request Smuggling
Summary Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch...
EUVD-2025-58068
Malicious code in nurul-tomat40-sluey npm...
Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871
Summary IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871. This bulletin contains information regarding the vulnerability and how it is addressed. Vulnerabili...
Ubuntu: Security Advisory (USN-7772-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:03202-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2025-2232 python-eventlet security update
Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. Security Fixes: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to...
Security update for python-eventlet
This update for python-eventlet fixes the following issues: CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Debian: Security Advisory (DLA-4289-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for python-eventlet
This update for python-eventlet fixes the following issues: CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
CVE-2025-58068
creationtimestamp| type| source ---|---|--- 2025-08-30 01:10:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxlfb5p7xx2p...
CVE-2025-58068
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...
aalam-common (=0.1.78), agency (>=1.0.0 <=1.1.0) +160 more potentially affected by CVE-2025-58068 via eventlet (>=0.19.0 <=0.40.1)
eventlet PYPI version =0.19.0, =1.0.0, =0.5.5, =0.61.9, =0.4.0, =2.3.0, =1.0.5, =0.6.7.post3, =0.0.17, =1.0.12, =0.1.3, =0.45.15, =0.1.6, =0.1.6.7 and more Source cves: CVE-2025-58068 Source advisory: SNYK:PYTHON-EVENTLET-12260136...
aalam-common (=0.1.78), agency (>=1.0.0 <=1.1.0) +159 more potentially affected by CVE-2025-58068 via eventlet (>=0.20.0 <=0.40.1)
eventlet PYPI version =0.20.0, =1.0.0, =0.5.5, =0.61.9, =0.4.0, =2.3.0, =1.0.5, =0.6.7.post3, =0.0.17, =1.0.12, =0.1.3, =0.45.15, =0.1.6, =0.1.6.7 and more Source cves: CVE-2025-58068 Source advisory: OSV:GHSA-HW6F-RJFJ-J7J7...
SUSE-SU-2025:01964-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. - CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...
CVE-2024-58068
In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...
SUSE CVE-2024-58068
In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...
CVE-2024-58068
In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...
CVE-2024-58068
CVE-2024-58068 affects the Linux kernel OPP subsystem. If a bandwidth table is not created (e.g., interconnect properties missing in the OPP consumer node) and a driver calls dev_pm_opp_find_bw_ceil() or dev_pm_opp_find_bw_floor(), the kernel may NULL-dereference when reading bandwidth from _read...