Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:2010
HistoryApr 23, 2024 - 5:00 p.m.

(RHSA-2024:2010) Important: Satellite 6.15.0 release

2024-04-2317:00:52
access.redhat.com
34
redos
side-channel leakage
arithmetic overflow
insecure tarfile extraction
http request smuggling
potential denial of service
crlf injection
directory traversal vulnerability

7.6 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.0%

JSON

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Security fixes:

  • python-pygments: ReDoS in pygments (CVE-2022-40896)
  • python-pycryptodomex: Side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)
  • satellite: Arithmetic overflow in satellite (CVE-2023-4320)
  • automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
  • jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
  • python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)
  • rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037)
  • jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
  • python-django: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() (CVE-2023-41164)
  • python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
  • python-aiohttp: Numerous issues in HTTP parser with header parsing (CVE-2023-47627)
  • python-aiohttp: HTTP request modification (CVE-2023-49081)
  • python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)
  • rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647)
  • rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong user (CVE-2024-22047)
  • python-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
  • python-aiohttp: Follow_symlinks directory traversal vulnerability (CVE-2024-23334)
  • python-aiohttp: HTTP request smuggling (CVE-2024-23829)

Additional Changes:
This update also fixes several bugs and adds various enhancements.

Documentation for these changes is available from the Release Notes document linked to in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64python-brotli-debugsource< 1.0.9-4.el8pcpython-brotli-debugsource-1.0.9-4.el8pc.x86_64.rpm
RedHat8noarchcandlepin< 4.3.12-1.el8satcandlepin-4.3.12-1.el8sat.noarch.rpm
RedHat8noarchpython3.11-opentelemetry_exporter_otlp_proto_http< 1.19.0-5.el8pcpython3.11-opentelemetry_exporter_otlp_proto_http-1.19.0-5.el8pc.noarch.rpm
RedHat8noarchrubygem-smart_proxy_dynflow< 0.9.1-1.el8satrubygem-smart_proxy_dynflow-0.9.1-1.el8sat.noarch.rpm
RedHat8x86_64cjson-debugsource< 1.7.14-5.el8satcjson-debugsource-1.7.14-5.el8sat.x86_64.rpm
RedHat8noarchrubygem-crass< 1.0.6-2.el8satrubygem-crass-1.0.6-2.el8sat.noarch.rpm
RedHat8noarchpython3.11-attrs< 21.4.0-5.el8pcpython3.11-attrs-21.4.0-5.el8pc.noarch.rpm
RedHat8noarchrubygem-deep_cloneable< 3.2.0-1.el8satrubygem-deep_cloneable-3.2.0-1.el8sat.noarch.rpm
RedHat8noarchrubygem-mime-types-data< 3.2023.1003-1.el8satrubygem-mime-types-data-3.2023.1003-1.el8sat.noarch.rpm
RedHat8noarchpython3.11-pexpect< 4.8.0-5.el8pcpython3.11-pexpect-4.8.0-5.el8pc.noarch.rpm
Rows per page:
1-10 of 6211

Related

nessus 33
redhat 8
openvas 26
redos 3
ibm 12
debiancve 6
cve 5
fedora 14
nvd 7
prion 7
ubuntucve 5
alpinelinux 2
osv 19
cvelist 6
ubuntu 2
almalinux 2
rocky 1
oraclelinux 2
cgr 5
veracode 4
debian 1
f5 1
githubexploit 6
redhatcve 8
attackerkb 1
github 8
wolfi 4
nuclei 1
nessus
nessus
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
2024-06-03 00:00:00
RHEL 8 : Satellite 6.14.3 Async Security Update (Moderate) (RHSA-2024:1536)
2024-04-28 00:00:00
RHEL 8 : RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements (Moderate) (RHSA-2024:1878)
2024-04-18 00:00:00
redhat
redhat
(RHSA-2024:1536) Moderate: Satellite 6.14.3 Async Security Update
2024-03-27 13:14:03
(RHSA-2024:1878) Moderate: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements
2024-04-18 00:58:43
(RHSA-2024:1057) Important: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2024-02-29 19:25:54
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0577-1)
2024-02-22 00:00:00
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f249b74f03)
2024-02-05 00:00:00
aiohttp < 3.9.0 Multiple Vulnerabilities - Linux
2024-05-07 00:00:00
redos
redos
ROS-20240318-01
2024-03-18 00:00:00
ROS-20240423-07
2024-04-23 00:00:00
ROS-20240409-12
2024-04-09 00:00:00
ibm
ibm
Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.
2024-05-11 16:56:44
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Eclipse Jetty
2023-11-29 03:34:14
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty
2023-11-24 02:37:29
debiancve
debiancve
CVE-2024-23829
2024-01-29 23:15:08
CVE-2024-21647
2024-01-08 14:15:47
CVE-2023-37276
2023-07-19 20:15:10
cve
cve
CVE-2024-23829
2024-01-29 23:15:08
CVE-2023-37276
2023-07-19 20:15:10
CVE-2022-40896
2023-07-19 15:15:10
fedora
fedora
[SECURITY] Fedora 39 Update: python-wled-0.4.4-11.fc39
2024-01-08 01:24:14
[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-1.fc38
2024-02-09 01:52:27
[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-1.fc39
2024-02-05 01:27:09
nvd
nvd
CVE-2024-23829
2024-01-29 23:15:08
CVE-2023-49082
2023-11-29 20:15:08
CVE-2024-21647
2024-01-08 14:15:47
prion
prion
Security feature bypass
2024-01-29 23:15:00
Design/Logic Flaw
2024-01-08 14:15:00
Directory traversal
2024-01-29 23:15:00
ubuntucve
ubuntucve
CVE-2024-23829
2024-01-29 00:00:00
CVE-2022-40896
2023-07-19 00:00:00
CVE-2024-23334
2024-01-29 00:00:00
alpinelinux
alpinelinux
CVE-2024-23829
2024-01-29 23:15:08
CVE-2024-23334
2024-01-29 23:15:08
osv
osv
CVE-2024-23829
2024-01-29 23:15:08
PYSEC-2024-26
2024-01-29 23:15:00
python-django vulnerabilities
2023-10-04 22:01:08
cvelist
cvelist
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
2024-01-29 22:41:35
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling
2023-07-19 19:39:19
CVE-2024-21647 HTTP Request/Response Smuggling in puma
2024-01-08 13:45:27
ubuntu
ubuntu
Django vulnerabilities
2023-10-04 00:00:00
Puma vulnerability
2024-01-25 00:00:00
almalinux
almalinux
Moderate: fence-agents security and bug fix update
2024-04-30 00:00:00
Moderate: fence-agents security and bug fix update
2024-05-22 00:00:00
rocky
rocky
fence-agents security and bug fix update
2024-06-14 13:59:30
oraclelinux
oraclelinux
fence-agents security and bug fix update
2024-05-23 00:00:00
fence-agents security and bug fix update
2024-05-02 00:00:00
cgr
cgr
CVE-2024-21647 vulnerabilities
2024-05-19 03:07:16
CVE-2023-49082 vulnerabilities
2024-05-19 03:07:16
CVE-2023-49081 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Request Smuggling
2024-01-30 10:19:52
Path Traversal
2024-01-30 07:29:34
HTTP Request Smuggling
2023-07-21 08:44:11
debian
debian
[SECURITY] [DLA 3592-1] jetty9 security update
2023-09-30 12:35:53
f5
f5
K000139353 : aiohttp vulnerability CVE-2024-23334
2024-04-19 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Aiohttp
2024-06-17 16:28:35
Exploit for Path Traversal in Aiohttp
2024-02-28 22:30:21
Exploit for Path Traversal in Aiohttp
2024-04-27 13:21:50
redhatcve
redhatcve
CVE-2023-49081
2023-11-30 10:26:05
CVE-2024-23829
2024-01-30 11:02:10
CVE-2023-37276
2023-07-21 11:30:35
attackerkb
attackerkb
CVE-2024-23334
2024-01-29 00:00:00
github
github
Race Condition leading to logging errors
2023-05-01 14:00:47
Jetty vulnerable to errant command quoting in CGI Servlet
2023-09-14 16:16:00
aiohttp is vulnerable to directory traversal
2024-01-29 22:31:03
wolfi
wolfi
CVE-2024-23334 vulnerabilities
2024-07-03 16:16:08
CVE-2024-21647 vulnerabilities
2024-07-03 16:16:08
CVE-2024-23829 vulnerabilities
2024-07-03 16:16:08
nuclei
nuclei
aiohttp - Directory Traversal
2024-02-28 04:56:41

7.6 High

AI Score

Confidence

Low

0.052 Low

EPSS

Percentile

93.0%

JSON
Related for RHSA-2024:2010
nessus33redhat8openvas26redos3ibm12debiancve6cve5fedora14nvd7prion7ubuntucve5alpinelinux2osv19cvelist6ubuntu2almalinux2rocky1oraclelinux2cgr5veracode4debian1f51githubexploit6redhatcve8attackerkb1github8wolfi4nuclei1