217 matches found
AlmaLinux 9 : python3.12 (ALSA-2025:3631)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:3631 advisory. cpython: python: Uncontrolled CPU resource consumption when in http.cookies module CVE-2024-7592 Tenable has extracted the preceding description block directly fro...
Low: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Low: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
ALSA-2025:3631 Low: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2025-1695
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...
Linux Distros Unpatched Vulnerability : CVE-2024-7592
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashe...
CVE-2025-1695 NGINX Unit Java Vulnerability
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...
IBM EntireX Denial of Service Vulnerability
IBM EntireX is a cross-platform middleware developed by IBM for high-performance data communication and transaction processing between heterogeneous systems. A denial of service vulnerability exists in IBM EntireX regular expressions, which is caused by a complexity flaw in the regular expression...
Linux Distros Unpatched Vulnerability : CVE-2018-20030
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error when processing the EXIFIFDINTEROPERABILITY and EXIFIFDEXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources...
K000149959: NGINX Unit vulnerability CVE-2025-1695
Security Advisory Description When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. CVE-2025-1695 Impact System performance can degrade due to high CPU utilization. This vulnerability allows a...
Amazon Linux 2 : python3 (ALAS-2025-2754)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2754 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 ...
Medium: python3
Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...
Wireshark 4.2.x < 4.2.11 / 4.4.x < 4.4.4 DoS Vulnerability
The version of Wireshark installed on the remote Windows host is prior to 4.2.11 or 4.4.4. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.2.11 advisory. - The Bundle Protocol and CBOR dissectors could crash. Fixed in master: 83c73a83ad Fixed in release-4.4:...
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...
EulerOS 2.0 SP11 : dhcp (EulerOS-SA-2025-1133)
According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...
CVE-2025-24312
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2025-24312 BIG-IP AFM vulnerability
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2025-24312
CVE-2025-24312 affects BIG-IP AFM. When IPS is enabled and a protocol inspection profile is configured on a virtual server or policy, undisclosed traffic can cause CPU resource utilization, potentially leading to DoS. Affected fixes are provided in: BIG-IP AFM 17.1.0–17.1.1 (fix 17.1.2); BIG-IP A...
CVE-2025-21087
CVE-2025-21087 affects F5 BIG-IP TMM: when Client/Server SSL profiles are configured on a virtual server or DNSSEC signing is used, undisclosed traffic can cause increased memory and CPU usage, potentially degrading performance or causing DoS. According to the F5 advisory, vulnerable ranges inclu...
EulerOS 2.0 SP9 : dhcp (EulerOS-SA-2025-1036)
According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...