Lucene search
K

264 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.42 views

RHEL 9 : OpenShift Container Platform 4.14.10 (RHSA-2024:0292)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0292 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the ed...

5.3CVSS7.1AI score0.01328EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.41 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3006)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

6.5CVSS7AI score0.01453EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.30 views

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-werkzeug) (RHSA-2024:0214)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0214 advisory. Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to handle entity tags, cache control headers,...

8CVSS7AI score0.01072EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.28 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3029)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

6.5CVSS7AI score0.01453EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.18 views

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2896)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size...

5.3CVSS7.1AI score0.01328EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 4:27 p.m.36 views

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-29409)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an...

5.3CVSS6.7AI score0.01328EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.30 views

Oracle Linux 9 : skopeo (ELSA-2023-7762)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7762 advisory. 2:1.13.3-3 - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 2:1.13.3-2 - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786 Tenable has...

7.5CVSS7.2AI score0.01328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.33 views

Oracle Linux 9 : podman (ELSA-2023-7765)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7765 advisory. - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 Tenable has extracted the preceding descriptio...

7.5CVSS7.1AI score0.01328EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.41 views

AlmaLinux 9 : skopeo (ALSA-2023:7762)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7762 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

7.5CVSS7.1AI score0.01328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/12/15 12:0 a.m.36 views

AlmaLinux 9 : podman (ALSA-2023:7765)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7765 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

7.5CVSS7.1AI score0.01328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.47 views

AlmaLinux 9 : runc (ALSA-2023:7763)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7763 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

7.5CVSS7.1AI score0.01328EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.42 views

Oracle Linux 9 : containernetworking-plugins (ELSA-2023-7766)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7766 advisory. - rebuild for following CVEs: CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 Tenable has extracted the preceding descriptio...

7.5CVSS7.1AI score0.01328EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.37 views

RHEL 9 : runc (RHSA-2023:7763)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7763 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

7.5CVSS7.2AI score0.01328EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.28 views

RHEL 9 : buildah (RHSA-2023:7764)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7764 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

7.5CVSS7.2AI score0.01328EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.22 views

RHEL 9 : containernetworking-plugins (RHSA-2023:7766)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7766 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...

7.5CVSS7.2AI score0.01328EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.42 views

Rocky Linux 8 : python27:2.7 (RLSA-2022:1821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1821 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

8.2CVSS7.2AI score0.11586EPSS
Exploits3References12
OpenVAS
OpenVAS
added 2023/10/31 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.01453EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/10/25 12:0 a.m.34 views

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

8CVSS6.8AI score0.01072EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/10/24 11:48 p.m.48 views

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

8CVSS6.8AI score0.01072EPSS
Exploits0
OSV
OSV
added 2023/10/24 11:48 p.m.31 views

CVE-2023-46136 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

8CVSS6.6AI score0.01072EPSS
Exploits0References5
Rows per page
Query Builder