Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.57 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (python-eventlet) (RHSA-2026:1959)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1959 advisory. Eventlet is a networking library written in Python. It achieves high scalability by using non-blocking io while at the same time retaining high...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.61 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871

Summary IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871. This bulletin contains information regarding the vulnerability and how it is addressed. Vulnerabili...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : Eventlet vulnerability (USN-7772-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7772-1 advisory. It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to bypass front-en...

USN-7772-1: Eventlet vulnerability

It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...

Debian dla-4289 : python-eventlet-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4289 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4289-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2025-58068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to imprope...

aalam-common (=0.1.78), agency (>=1.0.0 <=1.1.0) +161 more potentially affected by CVE-2025-58068 via eventlet (>=0.19.0 <=0.40.1)

eventlet PYPI version =0.19.0, =1.0.0, =0.5.5, =0.61.9, =0.4.0, =2.3.0, =1.0.5, =0.6.7.post3, =0.0.17, =1.0.12, =0.1.3, =0.45.15, =0.1.6, =0.1.6.7 and more Source cves: CVE-2025-58068 Source advisory: SNYK:PYTHON-EVENTLET-12260136...

aalam-common (=0.1.78), agency (>=1.0.0 <=1.1.0) +161 more potentially affected by CVE-2025-58068 via eventlet (>=0.19.0 <=0.40.1)

eventlet PYPI version =0.19.0, =1.0.0, =0.5.5, =0.61.9, =0.4.0, =2.3.0, =1.0.5, =0.6.7.post3, =0.0.17, =1.0.12, =0.1.3, =0.45.15, =0.1.6, =0.1.6.7 and more Source cves: CVE-2025-58068 Source advisory: OSV:GHSA-HW6F-RJFJ-J7J7...

Huawei EulerOS: Security Advisory for python-dns (EulerOS-SA-2025-1207)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-dns (EulerOS-SA-2025-1028)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: python-dns

Issue Overview: eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred...

Ubuntu 20.04 LTS : Eventlet vulnerability (USN-4956-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4956-1 advisory. It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Tenable has extracte...

aimmo (>=0.61.9 <=0.69.8b430), alexander-fw (>=0.4.0 <=0.4.1) +85 more potentially affected by CVE-2021-21419 via eventlet (>=0.19.0 <=0.30.3)

eventlet PYPI version =0.19.0, =0.61.9, =0.4.0, =0.6.7.post3, =1.0.12, =0.1.3, =0.1.0, =4.15.0, =0.1.1.dev0, =0.1.0, =0.3.6, =0.3.7 and more Source cves: CVE-2021-21419 Source advisory: OSV:PYSEC-2021-12...

Eventlet 资源管理错误漏洞

Eventlet is a concurrent networking library for Python. A resource management error vulnerability exists in Eventlet versions prior to 0.31.0, which stems from the possibility that a websocket peer may exhaust memory on the Eventlet side by sending very large websocket frames...