Oracle Linux 9 : python-urllib3 (ELSA-2024-0464)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0464 advisory. - Security fix for CVE-2023-45803 Resolves: RHEL-16874 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PRTG Authenticated Remote Code Execution

class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0168-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mak...

RHEL 8 : python-urllib3 (RHSA-2024:0300)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0300 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1096)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3029)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3213)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3178)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3285)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-3347)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for...

EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2024-1020)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide an...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3257)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1072)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

Oracle Linux 8 : fence-agents (ELSA-2024-0133)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0133 advisory. - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

RHEL 8 : python-urllib3 (RHSA-2024:0116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0116 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : ecs-init (ALASECS-2024-032)

The version of ecs-init installed on the remote host is prior to 1.75.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-032 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0033-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0033-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mad...

PT-2024-2591 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http versions prior to the fixed version amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue is related to the amphp/http library and its HTTP/2 protocol implementation, specifically with uncontrolled memory...