The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0734 advisory.

  - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)

  - nodejs: DNS rebinding in --inspect (CVE-2021-22884)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0736 advisory.

  - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)

  - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)     (CVE-2020-14782)

  - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)

  - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding     (CVE-2020-27221)

  - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)     (CVE-2020-2773)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0717 advisory.

  - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)

  - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)     (CVE-2020-14782)

  - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)

  - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding     (CVE-2020-27221)

  - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)     (CVE-2020-2773)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0733 advisory.

  - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)

  - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding     (CVE-2020-27221)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0735 advisory.

  - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)

  - nodejs: DNS rebinding in --inspect (CVE-2021-22884)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0727 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0693 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0692 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0694 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.

  - ant: insecure temporary file (CVE-2020-11979)

  - ant: insecure temporary file vulnerability (CVE-2020-1945)

  - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

  - jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

  - jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

  - jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

  - jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

  - jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

  - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

  - jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

  - jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

  - jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

  - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0691 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.

  - ant: insecure temporary file (CVE-2020-11979)

  - ant: insecure temporary file vulnerability (CVE-2020-1945)

  - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2304)

  - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2305)

  - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information     disclosure (CVE-2020-2306)

  - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin     (CVE-2020-2307)

  - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates     (CVE-2020-2308)

  - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials     IDs (CVE-2020-2309)

  - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0711 advisory.

  - QEMU: virtiofsd: potential privileged host device access from guest (CVE-2020-35517)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0686 advisory.

  - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

  - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0689 advisory.

  - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0710 advisory.

  - podman: container users permissions are not respected in privileged containers (CVE-2021-20188)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0699 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0700 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0701 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0703 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0705 advisory.

  - podman: container users permissions are not respected in privileged containers (CVE-2021-20188)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0696 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0702 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0697 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0704 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0698 advisory.

  - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled     (CVE-2020-14372)

  - grub2: Use-after-free in rmmod command (CVE-2020-25632)

  - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)

  - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)

  - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled     (CVE-2020-27779)

  - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

  - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0706 advisory.

  - podman: container users permissions are not respected in privileged containers (CVE-2021-20188)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0681 advisory.

  - podman: container users permissions are not respected in privileged containers (CVE-2021-20188)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0671 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0669 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0670 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0662 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0664 advisory.

  - ansible: user data leak in snmp_facts module (CVE-2021-20178)

  - ansible module: bitbucket_pipeline_variable exposes secured values (CVE-2021-20180)

  - ansible: multiple collections exposes secured values (CVE-2021-20191)

  - ansible: basic.py no_log with fallback option (CVE-2021-20228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0663 advisory.

  - ansible: user data leak in snmp_facts module (CVE-2021-20178)

  - ansible module: bitbucket_pipeline_variable exposes secured values (CVE-2021-20180)

  - ansible: multiple collections exposes secured values (CVE-2021-20191)

  - ansible: basic.py no_log with fallback option (CVE-2021-20228)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0659 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0661 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0657 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0656 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0658 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0660 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5634 advisory.

  - atomic-openshift: cross-namespace owner references can trigger deletions of valid children (CVE-2019-3884)

  - containerd: credentials leak during image pull (CVE-2020-15157)

  - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

  - kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4 (CVE-2020-8566)

  - gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0655 advisory.

  - Mozilla: Content Security Policy violation report could have contained the destination of a redirect     (CVE-2021-23968, CVE-2021-23969)

  - Mozilla: MediaError message property could have leaked information about cross-origin resources     (CVE-2021-23973)

  - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0651 advisory.

  - xterm: crash when processing combining characters (CVE-2021-27135)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0650 advisory.

  - xterm: crash when processing combining characters (CVE-2021-27135)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0648 advisory.

  - QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure     (CVE-2020-11947)

  - QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0611 advisory.

  - xterm: crash when processing combining characters (CVE-2021-27135)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory.

  - ant: insecure temporary file (CVE-2020-11979)

  - ant: insecure temporary file vulnerability (CVE-2020-1945)

  - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

  - jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

  - jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

  - jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

  - jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

  - jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

  - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

  - jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

  - jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

  - jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

  - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0537 advisory.

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

  - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0538 advisory.

  - nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function     (CVE-2020-12400)

  - nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

  - nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory.

  - npm: sensitive information exposure through logs (CVE-2020-15095)

  - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  - nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

  - nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS     (CVE-2020-7754)

  - nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  - nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)

  - nodejs-dot-prop: prototype pollution (CVE-2020-8116)

  - libuv: buffer overflow in realpath (CVE-2020-8252)

  - nodejs: use-after-free in the TLS implementation (CVE-2020-8265)

  - nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
147143	RHEL 8 : nodejs:12 (RHSA-2021:0734)	high
147142	RHEL 8 : java-1.8.0-ibm (RHSA-2021:0736)	high
147140	RHEL 7 : java-1.8.0-ibm (RHSA-2021:0717)	high
147139	RHEL 7 : java-1.7.1-ibm (RHSA-2021:0733)	high
147138	RHEL 8 : nodejs:10 (RHSA-2021:0735)	high
147023	RHEL 7 : bind (RHSA-2021:0727)	medium
147018	RHEL 7 : bind (RHSA-2021:0693)	medium
147017	RHEL 7 : bind (RHSA-2021:0692)	medium
147016	RHEL 7 : bind (RHSA-2021:0694)	medium
147015	RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)	medium
147014	RHEL 7 : bind (RHSA-2021:0691)	medium
147013	RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)	medium
147012	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:0711)	medium
147011	RHEL 8 : kernel (RHSA-2021:0686)	high
147010	RHEL 8 : kpatch-patch (RHSA-2021:0689)	high
147009	RHEL 8 : container-tools:2.0 (RHSA-2021:0710)	medium
146961	RHEL 7 : grub2 (RHSA-2021:0699)	high
146960	RHEL 7 : grub2 (RHSA-2021:0700)	high
146959	RHEL 7 : grub2 (RHSA-2021:0701)	high
146957	RHEL 7 : grub2 (RHSA-2021:0703)	high
146956	RHEL 8 : container-tools:1.0 (RHSA-2021:0705)	medium
146955	RHEL 8 : grub2 (RHSA-2021:0696)	high
146954	RHEL 7 : grub2 (RHSA-2021:0702)	high
146953	RHEL 8 : grub2 (RHSA-2021:0697)	high
146952	RHEL 7 : grub2 (RHSA-2021:0704)	high
146951	RHEL 8 : grub2 (RHSA-2021:0698)	medium
146950	RHEL 8 : container-tools:2.0 (RHSA-2021:0706)	medium
146932	RHEL 7 : podman (RHSA-2021:0681)	medium
146931	RHEL 7 : bind (RHSA-2021:0671)	medium
146930	RHEL 8 : bind (RHSA-2021:0669)	medium
146929	RHEL 8 : bind (RHSA-2021:0670)	medium
146822	RHEL 8 : thunderbird (RHSA-2021:0662)	medium
146821	RHEL 7 / 8 : Ansible security and bug fix update (2.9.18) (Moderate) (RHSA-2021:0664)	high
146820	RHEL 7 / 8 : Ansible security and bug fix update (2.9.18) (Moderate) (RHSA-2021:0663)	medium
146817	RHEL 8 : firefox (RHSA-2021:0659)	medium
146816	RHEL 7 : thunderbird (RHSA-2021:0661)	medium
146815	RHEL 8 : thunderbird (RHSA-2021:0657)	medium
146813	RHEL 7 : firefox (RHSA-2021:0656)	medium
146812	RHEL 8 : thunderbird (RHSA-2021:0658)	medium
146811	RHEL 8 : firefox (RHSA-2021:0660)	medium
146810	RHEL 7 / 8 : OpenShift Container Platform 4.7.0 packages (RHSA-2020:5634)	high
146809	RHEL 8 : firefox (RHSA-2021:0655)	medium
146803	RHEL 8 : xterm (RHSA-2021:0651)	high
146801	RHEL 8 : xterm (RHSA-2021:0650)	high
146793	RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:0648)	low
146584	RHEL 8 : xterm (RHSA-2021:0611)	high
146566	RHEL 7 / 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)	medium
146551	RHEL 8 : kernel-rt (RHSA-2021:0537)	high
146550	RHEL 8 : nss (RHSA-2021:0538)	medium
146547	RHEL 8 : nodejs:10 (RHSA-2021:0548)	high

Red Hat Local Security Checks Family for Nessus

high

high

high

high

high

medium

medium

medium

medium

medium

medium

medium

medium

high

high

medium

high

high

high

high

medium

high

high

high

high

medium

medium

medium

medium

medium

medium

medium

high

medium

medium

medium

medium

medium

medium

medium

high

medium

high

high

low

high

medium

high

medium

high