1629 matches found
Oracle Linux 9 : python-urllib3 (ELSA-2024-0464)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0464 advisory. - Security fix for CVE-2023-45803 Resolves: RHEL-16874 Tenable has extracted the preceding description block directly from the Oracle Linux security...
PRTG Authenticated Remote Code Execution
class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0168-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0168-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mak...
RHEL 8 : python-urllib3 (RHSA-2024:0300)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0300 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...
EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1072)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3029)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...
EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3285)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...
EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-3347)
According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for...
EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3257)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...
EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2024-1020)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide an...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3213)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3178)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...
EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1096)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...
Oracle Linux 8 : fence-agents (ELSA-2024-0133)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0133 advisory. - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 Tenable has extracted the preceding description block directly from the Oracle Linux securit...
RHEL 8 : python-urllib3 (RHSA-2024:0116)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0116 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...
Amazon Linux 2 : ecs-init (ALASECS-2024-032)
The version of ecs-init installed on the remote host is prior to 1.75.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-032 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1096)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: ecs-init
Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0033-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0033-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mad...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1046)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...