CVE-2023-33053

Memory corruption in Kernel while parsing metadata...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3 (SUSE-SU-2023:4467-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4467-1 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP...

Fedora 39 : ulauncher (2023-f4046ed450)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f4046ed450 advisory. hore: Update to 5.15.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 39 : bind9-next (2023-1c069009b8)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c069009b8 advisory. - Upstream release notes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

CISA Published When to Issue VEX Information

Today, CISA published When to Issue Vulnerability Exploitability eXchange VEX Information, developed by a community of industry and government experts with the goal to offer some guidance and structure for the software security world, including the large and growing global SBOM community. This...

F5 Networks BIG-IP : Intel CPU vulnerability (K82356391)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K82356391 advisory. Improper buffer restrictions in BIOS firmware for some IntelR Processors may allow a privileged user to potentially...

Fedora 37 : attract-mode (2023-e58495988e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e58495988e advisory. Ensure stbimage contains the latest CVE patches Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

CentOS 8 : squid:4 (CESA-2023:6267)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:6267 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

CVE-2023-46248

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

Remote code execution

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

CVE-2023-45803

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

Trane HVAC Systems Controls Improper Neutralization of Input During Web Page Generation (CVE-2021-42534)

The affected product's web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Amazon Linux 2 : yum (ALAS-2023-2316)

The version of yum installed on the remote host is prior to 3.4.3-158. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2316 advisory. No CVE was issued for this update. Tenable has extracted the preceding description block directly from the tested product security...

urllib3's request body not stripped after redirect from 303 status changes request method to GET

urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 303 "See Other" after the request had its method changed from one that could accept a request body like POST to GET as is required by HTTP RFCs. Although the behavior of removing the request body ...

CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

CVE-2023-45803 Request body not stripped after redirect in urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

CVE-2023-45803 Request body not stripped after redirect in urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

Pleroma Path Traversal vulnerability

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is...