MiracleLinux 9 : python-urllib3-1.26.5-3.el9_3.1 (AXSA:2024-7481:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7481:02 advisory. python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect...

MiracleLinux 9 : python-tornado-6.4.2-1.el9_5 (AXSA:2024-9436:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9436:01 advisory. python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : resource-agents-4.1.1-98.el8 (AXSA:2021-2804:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2804:10 advisory. python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 python-pygments: ReDoS in multiple lexers CVE-2021-27291 Tenable has...

MiracleLinux 7 : python-2.7.5-93.0.1.el7.AXS7 (AXSA:2023-6068:37)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6068:37 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : python3.11-PyMySQL-1.0.2-2.el8_10 (AXSA:2024-8537:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8537:01 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8429:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8429:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python-cryptography: memory corruption via immutable...

MiracleLinux 7 : python-flask-0.10.1-7.el7 (AXSA:2023-5938:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5938:01 advisory. flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header CVE-2023-30861 Tenable has extracted the preceding description bloc...

MiracleLinux 9 : python3.11-cryptography-37.0.2-6.el9 (AXSA:2024-7976:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7976:01 advisory. python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python3.12-urllib3-1.26.18-2.el9.1 (AXSA:2024-9270:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9270:02 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...

MiracleLinux 8 : python38:3.8 (AXSA:2021-2422:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2422:01 advisory. python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 python-lxml: mXSS due to the use of improper parser...

MiracleLinux 8 : python27:2.7 (AXSA:2024-7348:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7348:01 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python3.12-3.12.1-4.el9_4.4 (AXSA:2024-8949:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8949:08 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

MiracleLinux 8 : python-gevent-1.2.2-5.el8_10 (AXSA:2024-8990:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8990:01 advisory. python-gevent: privilege escalation via a crafted script to the WSGIServer component CVE-2023-41419 Tenable has extracted the preceding description block...

MiracleLinux 8 : python-jinja2-2.10.1-4.el8 (AXSA:2024-8289:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8289:02 advisory. jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 Tenable has extracted the preceding description block...

MiracleLinux 9 : python3.11-3.11.9-7.el9_5.2 (AXSA:2024-9495:34)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9495:34 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python-setuptools-53.0.0-12.el9_4.1 (AXSA:2024-8685:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8685:02 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 8 : python-lxml-4.2.3-4.el8 (AXSA:2022-3370:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3370:01 advisory. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 Tenable has extracted the preceding description block direct...

MiracleLinux 8 : python3-3.6.8-56.el8_9.2.ML.1 (AXSA:2024-7423:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7423:01 advisory. python: use after free in heappushpop of heapq module CVE-2022-48560 python: DoS when processing malformed Apple Property List files in binary forma...

MiracleLinux 9 : python3.11-3.11.9-7.el9 (AXSA:2024-9265:28)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9265:28 advisory. python: The zipfile module is vulnerable to zip-bombs leading to denial of service CVE-2024-0450 python: cpython: Iterating over a malicious ZIP fil...

MiracleLinux 8 : python27:2.7 (AXSA:2022-4445:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4445:01 advisory. python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. Tenable has extracted the preceding description block directly from...