Fedora 38 : podman-tui (2023-e359fd31d2)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e359fd31d2 advisory. podman-tui v0.12.0 + security fix for CVE-2023-39325 and CVE-2022-41717 and CVE-2022-41723 Tenable has extracted the preceding description block...

Fedora 39 : prometheus-podman-exporter (2023-b75ee820ce)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b75ee820ce advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 37 : syncthing (2023-fa2d7b25d9)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-fa2d7b25d9 advisory. Update to version 1.26.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.0 Tenable has extracted the preceding description block...

Amazon Linux 2 : ecs-init (ALASECS-2023-020)

The version of ecs-init installed on the remote host is prior to 1.79.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-020 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Amazon Linux 2023 : ecs-init (ALAS2023-2023-435)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-435 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2023 : ecs-init (ALAS2023-2023-434)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-434 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Moderate: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Afuzz - Automated Web Path Fuzzing Tool For The Bug Bounty Projects

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Afuzz is being actively developed by @rapiddns Features Afuzz automatically detects the development language used by the website, and generates extensions according to the language Uses blacklist to filter invalid pages Uses...

Fedora: Security Advisory for mod_http2 (FEDORA-2023-c0c6a91330)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: mod_http2-2.0.25-1.fc37

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 39 Update: mod_http2-2.0.25-1.fc39

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Fedora: Security Advisory (FEDORA-2023-492b7be466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : grpc (2023-8570e0055b)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8570e0055b advisory. Automatic update for grpc-1.48.4-20.fc39. Changelog Wed Jul 5 2023 Benjamin A. Beasley - 1.48.4-20 - Backport fix for CVE-2023-32732 fix RHBZ2214470 Tenable...

Important: Red Hat Security Advisory: Migration Toolkit for Applications security update

An update is now available for MTA-6.1-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-419)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-419 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2023-418)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-418 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2 : cri-tools (ALAS-2023-2324)

The version of cri-tools installed on the remote host is prior to 1.26.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2324 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Important: Red Hat Security Advisory: openshift-gitops-kam security update

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASNITRO-ENCLAVES-2023-033)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-033 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request...

Amazon Linux 2 : containerd (ALASECS-2023-017)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-017 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many stream...