RHEL 8 : python-urllib3 (RHSA-2024:0588)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0588 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

Atlassian Confluence SSTI Injection Exploit

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. This module requires...

Eclipse Vert.x Security Vulnerability

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in the Eclipse Vert.x toolkit that stems from the use of the Netty FastThreadLocal data structure can lead to a memory leak that could be triggered when the Vert.x HTTP...

RHEL 8 : fence-agents (RHSA-2023:7528)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7528 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

AlmaLinux 9 : python-urllib3 (ALSA-2024:0464)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0464 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing...

Oracle Linux 9 : python-urllib3 (ELSA-2024-0464)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0464 advisory. - Security fix for CVE-2023-45803 Resolves: RHEL-16874 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PRTG Authenticated Remote Code Execution

class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0168-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mak...

RHEL 8 : python-urllib3 (RHSA-2024:0300)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0300 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1072)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3285)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2024-1020)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide an...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3213)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1096)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3257)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-3347)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3029)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3178)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

Oracle Linux 8 : fence-agents (ELSA-2024-0133)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0133 advisory. - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 Tenable has extracted the preceding description block directly from the Oracle Linux securit...