The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3943 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3947 advisory.

  - redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)

  - redis: Integer overflow issue with Streams (CVE-2021-32627)

  - redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)

  - redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)

  - redis: Integer overflow issue with intsets (CVE-2021-32687)

  - redis: Integer overflow issue with strings (CVE-2021-41099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3942 advisory.

  - openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action     (CVE-2021-36980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3885 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)     (CVE-2021-35588)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3893 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)     (CVE-2021-35588)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3884 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)     (CVE-2021-35588)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3946 advisory.

  - redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)

  - redis: Integer overflow issue with Streams (CVE-2021-32627)

  - redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)

  - redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)

  - redis: Integer overflow issue with intsets (CVE-2021-32687)

  - redis: Integer overflow issue with strings (CVE-2021-41099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3891 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3887 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3892 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3889 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)     (CVE-2021-35588)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3945 advisory.

  - redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)

  - redis: Integer overflow issue with Streams (CVE-2021-32627)

  - redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)

  - redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)

  - redis: Integer overflow issue with intsets (CVE-2021-32687)

  - redis: Integer overflow issue with strings (CVE-2021-41099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3944 advisory.

  - redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)

  - redis: Integer overflow issue with Streams (CVE-2021-32627)

  - redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)

  - redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)

  - redis: Integer overflow issue with intsets (CVE-2021-32687)

  - redis: Integer overflow issue with strings (CVE-2021-41099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3886 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)

  - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)     (CVE-2021-35564)

  - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)

  - OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)     (CVE-2021-35567)

  - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3820 advisory.

  - jenkins: improper permission checks allow canceling queue items and aborting builds (CVE-2021-21670)

  - jenkins: session fixation vulnerability (CVE-2021-21671)

  - golang: net: lookup functions may return invalid host names (CVE-2021-33195)

  - golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)

  - golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large     exponents (CVE-2021-33198)

  - golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3906 advisory.

  - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3900 advisory.

  - systemd: Spoofing of XDG_SEAT allows for actions to be checked against allow_active instead of     allow_any (CVE-2019-3842)

  - systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits     (CVE-2020-13776)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3918 advisory.

  - redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)

  - redis: Integer overflow issue with Streams (CVE-2021-32627)

  - redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)

  - redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)

  - redis: Integer overflow issue with intsets (CVE-2021-32687)

  - redis: Integer overflow issue with strings (CVE-2021-41099)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3909 advisory.

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3903 advisory.

  - curl: Content not matching hash in Metalink is not being discarded (CVE-2021-22922)

  - curl: Metalink download sends credentials (CVE-2021-22923)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3904 advisory.

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3872 advisory.

  - Ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3871 advisory.

  - Ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3856 advisory.

  - httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: (CVE-2021-40438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3840 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

  - Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3839 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

  - Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3838 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

  - Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3841 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

  - Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3767 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3770 advisory.

  - grafana: Snapshot authentication bypass (CVE-2021-39226)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3811 advisory.

  - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2020) (CVE-2020-14672)

  - mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765, CVE-2020-14789,     CVE-2020-14804)

  - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020) (CVE-2020-14769, CVE-2020-14773,     CVE-2020-14777, CVE-2020-14785, CVE-2020-14793, CVE-2020-14794, CVE-2020-14809, CVE-2020-14830,     CVE-2020-14836, CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14861,     CVE-2020-14866, CVE-2020-14868, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893)

  - mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14775, CVE-2020-14776, CVE-2020-14791,     CVE-2020-14821, CVE-2020-14829, CVE-2020-14848)

  - mysql: Server: PS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14786, CVE-2020-14790,     CVE-2020-14844)

  - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14800)

  - mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)

  - mysql: Server: DML unspecified vulnerability (CPU Oct 2020) (CVE-2020-14814, CVE-2020-14828)

  - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2020) (CVE-2020-14838)

  - mysql: Server: Charsets unspecified vulnerability (CPU Oct 2020) (CVE-2020-14852)

  - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2020) (CVE-2020-14860)

  - mysql: Server: DDL unspecified vulnerability (CPU Oct 2020) (CVE-2020-14867)

  - mysql: Server: X Plugin unspecified vulnerability (CPU Oct 2020) (CVE-2020-14870)

  - mysql: Server: Logging unspecified vulnerability (CPU Oct 2020) (CVE-2020-14873)

  - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-2001, CVE-2021-2021,     CVE-2021-2024, CVE-2021-2030, CVE-2021-2031, CVE-2021-2036, CVE-2021-2055, CVE-2021-2060, CVE-2021-2065,     CVE-2021-2070, CVE-2021-2076)

  - mysql: Server: Replication unspecified vulnerability (CPU Jan 2021) (CVE-2021-2002)

  - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2010, CVE-2021-2011)

  - mysql: InnoDB unspecified vulnerability (CPU Jan 2021) (CVE-2021-2022, CVE-2021-2028, CVE-2021-2042,     CVE-2021-2048)

  - mysql: Information Schema unspecified vulnerability (CPU Jan 2021) (CVE-2021-2032)

  - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2021) (CVE-2021-2038)

  - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021) (CVE-2021-2046, CVE-2021-2072,     CVE-2021-2081)

  - mysql: Server: DML unspecified vulnerability (CPU Jan 2021) (CVE-2021-2056, CVE-2021-2087, CVE-2021-2088)

  - mysql: Server: Locking unspecified vulnerability (CPU Jan 2021) (CVE-2021-2058)

  - mysql: Server: DDL unspecified vulnerability (CPU Jan 2021) (CVE-2021-2061, CVE-2021-2122)

  - mysql: Server: Options unspecified vulnerability (CPU Apr 2021) (CVE-2021-2146)

  - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2164, CVE-2021-2169,     CVE-2021-2170, CVE-2021-2193, CVE-2021-2203, CVE-2021-2212, CVE-2021-2213, CVE-2021-2230, CVE-2021-2278,     CVE-2021-2298, CVE-2021-2299)

  - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166, CVE-2021-2172, CVE-2021-2196,     CVE-2021-2300, CVE-2021-2305)

  - mysql: Server: Replication unspecified vulnerability (CPU Apr 2021) (CVE-2021-2171, CVE-2021-2178,     CVE-2021-2202)

  - mysql: InnoDB unspecified vulnerability (CPU Apr 2021) (CVE-2021-2174, CVE-2021-2180, CVE-2021-2194)

  - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2021) (CVE-2021-2179,     CVE-2021-2232)

  - mysql: Server: Partition unspecified vulnerability (CPU Apr 2021) (CVE-2021-2201, CVE-2021-2208)

  - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021) (CVE-2021-2215, CVE-2021-2217,     CVE-2021-2293, CVE-2021-2304)

  - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021) (CVE-2021-2226, CVE-2021-2301,     CVE-2021-2308)

  - mysql: Server: Packaging unspecified vulnerability (CPU Apr 2021) (CVE-2021-2307)

  - mysql: Server: DDL unspecified vulnerability (CPU Jul 2021) (CVE-2021-2339, CVE-2021-2352, CVE-2021-2399)

  - mysql: Server: Memcached unspecified vulnerability (CPU Jul 2021) (CVE-2021-2340)

  - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021) (CVE-2021-2342, CVE-2021-2357,     CVE-2021-2367, CVE-2021-2383, CVE-2021-2384, CVE-2021-2387, CVE-2021-2410, CVE-2021-2412, CVE-2021-2418,     CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2437, CVE-2021-2441, CVE-2021-2444)

  - mysql: Server: Federated unspecified vulnerability (CPU Jul 2021) (CVE-2021-2354)

  - mysql: Server: Replication unspecified vulnerability (CPU Jul 2021) (CVE-2021-2356, CVE-2021-2385)

  - mysql: Server: DML unspecified vulnerability (CPU Jul 2021) (CVE-2021-2370, CVE-2021-2440)

  - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2374, CVE-2021-2389,     CVE-2021-2390, CVE-2021-2429)

  - mysql: Server: Locking unspecified vulnerability (CPU Jul 2021) (CVE-2021-2402)

  - mysql: Server: GIS unspecified vulnerability (CPU Jul 2021) (CVE-2021-2417)

  - mysql: Server: PS unspecified vulnerability (CPU Jul 2021) (CVE-2021-2422)

  - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2021) (CVE-2021-2424)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3837 advisory.

  - httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: (CVE-2021-40438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3836 advisory.

  - httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: (CVE-2021-40438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3819 advisory.

  - dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake     fails (CVE-2021-41355)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3816 advisory.

  - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

  - httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: (CVE-2021-40438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3791 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3771 advisory.

  - grafana: Snapshot authentication bypass (CVE-2021-39226)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3807 advisory.

  - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3810 advisory.

  - libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3768 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  - kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3769 advisory.

  - grafana: Snapshot authentication bypass (CVE-2021-39226)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3814 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)

  - kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3818 advisory.

  - dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake     fails (CVE-2021-41355)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3812 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  - kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

  - kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3802 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3801 advisory.

  - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

  - kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3757 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3756 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3755 advisory.

  - rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  - Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  - Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  - Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

  - Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  - Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3754 advisory.

  - httpd: mod_proxy: SSRF via a crafted request uri-path containing unix: (CVE-2021-40438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
154335	RHEL 7 : RHV-H security update (redhat-virtualization-host) 4.3.19 (Moderate) (RHSA-2021:3943)	high
154334	RHEL 7 : rh-redis5-redis (RHSA-2021:3947)	high
154333	RHEL 7 : openvswitch2.11 (RHSA-2021:3942)	medium
154324	RHEL 8 : java-1.8.0-openjdk (RHSA-2021:3885)	medium
154320	RHEL 8 : java-1.8.0-openjdk (RHSA-2021:3893)	medium
154313	RHEL 8 : java-1.8.0-openjdk (RHSA-2021:3884)	medium
154312	RHEL 8 : redis:5 (RHSA-2021:3946)	high
154311	RHEL 8 : java-11-openjdk (RHSA-2021:3891)	medium
154310	RHEL 8 : java-11-openjdk (RHSA-2021:3887)	medium
154309	RHEL 7 : java-11-openjdk (RHSA-2021:3892)	medium
154307	RHEL 7 : java-1.8.0-openjdk (RHSA-2021:3889)	medium
154306	RHEL 8 : redis:6 (RHSA-2021:3945)	high
154295	RHEL 8 : redis:5 (RHSA-2021:3944)	high
154294	RHEL 8 : java-11-openjdk (RHSA-2021:3886)	medium
154293	RHEL 8 : OpenShift Container Platform 4.8.15 packages and (RHSA-2021:3820)	high
154261	RHEL 8 : 389-ds:1.4 (RHSA-2021:3906)	critical
154260	RHEL 8 : systemd (RHSA-2021:3900)	medium
154255	RHEL 8 : redis:5 (RHSA-2021:3918)	high
154254	RHEL 8 : kernel-rt (RHSA-2021:3909)	high
154252	RHEL 8 : curl (RHSA-2021:3903)	medium
154251	RHEL 8 : kernel (RHSA-2021:3904)	high
154170	RHEL 7 : Ansible security and bug fix update (2.9.27) (Important) (RHSA-2021:3872)	high
154169	RHEL 7 : Ansible security and bug fix update (2.9.27) (Important) (RHSA-2021:3871)	high
154168	RHEL 7 : httpd (RHSA-2021:3856)	critical
154143	RHEL 8 : thunderbird (RHSA-2021:3840)	critical
154136	RHEL 8 : thunderbird (RHSA-2021:3839)	critical
154135	RHEL 8 : thunderbird (RHSA-2021:3838)	critical
154134	RHEL 7 : thunderbird (RHSA-2021:3841)	critical
154086	RHEL 7 : kernel (RHSA-2021:3767)	high
154084	RHEL 8 : grafana (RHSA-2021:3770)	high
154083	RHEL 7 : rh-mysql80-mysql (RHSA-2021:3811)	medium
154082	RHEL 8 : httpd:2.4 (RHSA-2021:3837)	critical
154081	RHEL 8 : httpd:2.4 (RHSA-2021:3836)	critical
154080	RHEL 8 : .NET 5.0 (RHSA-2021:3819)	medium
154078	RHEL 8 : httpd:2.4 (RHSA-2021:3816)	critical
154077	RHEL 7 : firefox (RHSA-2021:3791)	critical
154076	RHEL 8 : grafana (RHSA-2021:3771)	high
154075	RHEL 7 : 389-ds-base (RHSA-2021:3807)	critical
154074	RHEL 7 : libxml2 (RHSA-2021:3810)	critical
154072	RHEL 7 : kpatch-patch (RHSA-2021:3768)	high
154071	RHEL 8 : grafana (RHSA-2021:3769)	high
154070	RHEL 7 : kpatch-patch (RHSA-2021:3814)	high
154049	RHEL 7 : .NET 5.0 on RHEL 7 (RHSA-2021:3818)	medium
154048	RHEL 7 : kernel (RHSA-2021:3812)	high
154047	RHEL 7 : kernel-rt (RHSA-2021:3802)	high
154046	RHEL 7 : kernel (RHSA-2021:3801)	high
154024	RHEL 8 : firefox (RHSA-2021:3757)	critical
154023	RHEL 8 : firefox (RHSA-2021:3756)	critical
154022	RHEL 8 : firefox (RHSA-2021:3755)	critical
154019	RHEL 7 : httpd24-httpd (RHSA-2021:3754)	critical

Red Hat Local Security Checks Family for Nessus

high

high

medium

medium

medium

medium

high

medium

medium

medium

medium

high

high

medium

high

critical

medium

high

high

medium

high

high

high

critical

critical

critical

critical

critical

high

high

medium

critical

critical

medium

critical

critical

high

critical

critical

high

high

high

medium

high

high

high

critical

critical

critical

critical