The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6043 advisory.

  - dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6038 advisory.

  - dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6037 advisory.

  - dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6002 advisory.

  - kernel: information leak in  scsi_ioctl() (CVE-2022-0494)

  - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5997 advisory.

  - ceph: user/tenant can obtain access (read/write) to any share (CVE-2022-0670)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5998 advisory.

  - Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5937 advisory.

  - hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)

  - hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)

  - hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5939 advisory.

  - hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)

  - hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)

  - hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6003 advisory.

  - kernel: information leak in  scsi_ioctl() (CVE-2022-0494)

  - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5948 advisory.

  - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)

  - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused     common table expression (CTE) (CVE-2021-46661)

  - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements     (CVE-2021-46663)

  - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value     of aggr (CVE-2021-46664)

  - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables     expectations (CVE-2021-46665)

  - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements     (CVE-2021-46668)

  - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the     BIGINT data type is used (CVE-2021-46669)

  - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-     length stack-based buffer (CVE-2022-24048)

  - mariadb: lack of validating the existence of an object prior to performing operations on the object     (CVE-2022-24050)

  - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier     (CVE-2022-24051)

  - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)

  - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)

  - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)

  - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)

  - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)

  - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)

  - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)

  - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order     (CVE-2022-27382)

  - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)

  - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)

  - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)

  - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)

  - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)

  - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)

  - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)

  - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)

  - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)

  - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)

  - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)

  - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)

  - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)

  - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)

  - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)

  - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,     CVE-2022-31623)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5942 advisory.

  - vim: Out-of-bounds Write (CVE-2022-1785)

  - vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)

  - vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5934 advisory.

  - Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5905 advisory.

  - xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319)

  - xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension     (CVE-2022-2320)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5904 advisory.

  - php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5893 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5892 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5813 advisory.

  - vim: Out-of-bounds Write (CVE-2022-1785)

  - vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897)

  - vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5839 advisory.

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5819 advisory.

  - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak     (CVE-2022-1012)

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5809 advisory.

  - pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c (CVE-2022-1586)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5818 advisory.

  - openssl: c_rehash script allows command injection (CVE-2022-1292)

  - openssl: the c_rehash script allows command injection (CVE-2022-2068)

  - openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5826 advisory.

  - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)

  - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused     common table expression (CTE) (CVE-2021-46661)

  - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements     (CVE-2021-46663)

  - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value     of aggr (CVE-2021-46664)

  - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables     expectations (CVE-2021-46665)

  - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements     (CVE-2021-46668)

  - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the     BIGINT data type is used (CVE-2021-46669)

  - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-     length stack-based buffer (CVE-2022-24048)

  - mariadb: lack of validating the existence of an object prior to performing operations on the object     (CVE-2022-24050)

  - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier     (CVE-2022-24051)

  - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)

  - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)

  - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)

  - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)

  - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)

  - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)

  - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)

  - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order     (CVE-2022-27382)

  - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)

  - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)

  - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)

  - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)

  - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)

  - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)

  - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)

  - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)

  - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)

  - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)

  - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)

  - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)

  - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)

  - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)

  - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)

  - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,     CVE-2022-31623)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5821 advisory.

  - QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow (CVE-2021-4206)

  - QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow (CVE-2021-4207)

  - QEMU: virtio-net: map leaking on error during receive (CVE-2022-26353)

  - QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak (CVE-2022-26354)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5866 advisory.

  - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

  - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5823 advisory.

  - 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)

  - 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5804 advisory.

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5805 advisory.

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5806 advisory.

  - kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5802 advisory.

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5837 advisory.

  - OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)

  - OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)     (CVE-2022-21434)

  - OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)

  - OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5834 advisory.

  - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak     (CVE-2022-1012)

  - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root     (CVE-2022-32250)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5777 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5799 advisory.

  - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

  - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5778 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5775 advisory.

  - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

  - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5774 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5771 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5773 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5769 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5772 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5779 advisory.

  - ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)

  - ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5776 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5765 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5767 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5770 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5766 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)

  - Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)

  - Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5759 advisory.

  - mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)

  - mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused     common table expression (CTE) (CVE-2021-46661)

  - mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements     (CVE-2021-46663)

  - mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value     of aggr (CVE-2021-46664)

  - mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables     expectations (CVE-2021-46665)

  - mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements     (CVE-2021-46668)

  - mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the     BIGINT data type is used (CVE-2021-46669)

  - mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-     length stack-based buffer (CVE-2022-24048)

  - mariadb: lack of validating the existence of an object prior to performing operations on the object     (CVE-2022-24050)

  - mariadb: lack of proper validation of a user-supplied string before using it as a format specifier     (CVE-2022-24051)

  - mariadb: CONNECT storage engine heap-based buffer overflow (CVE-2022-24052)

  - mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)

  - mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377)

  - mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)

  - mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379)

  - mariadb: server crash at my_decimal::operator= (CVE-2022-27380)

  - mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381)

  - mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order     (CVE-2022-27382)

  - mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383)

  - mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384)

  - mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386)

  - mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)

  - mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444)

  - mariadb: assertion failure in compare_order_elements (CVE-2022-27445)

  - mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446)

  - mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447, CVE-2022-27458)

  - mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)

  - mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)

  - mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451)

  - mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)

  - mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455)

  - mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456)

  - mariadb: incorrect key in dup value error after long unique (CVE-2022-27457)

  - mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622,     CVE-2022-31623)

  - mariadb: server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083)

  - mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085)

  - mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT (CVE-2022-32086)

  - mariadb: server crash in Item_args::walk_args (CVE-2022-32087)

  - mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort     (CVE-2022-32088)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5736 advisory.

  - OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

  - OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)

  - OpenJDK: random exponentials issue (Libraries, 8283875) (CVE-2022-21549)

  - OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5726 advisory.

  - OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

  - OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541)

  - OpenJDK: random exponentials issue (Libraries, 8283875) (CVE-2022-21549)

  - OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
164038	RHEL 9 : .NET 6.0 (RHSA-2022:6043)	medium
164014	RHEL 7 : .NET 6.0 (RHSA-2022:6038)	medium
164009	RHEL 7 : .NET Core 3.1 (RHSA-2022:6037)	medium
163973	RHEL 9 : kernel-rt (RHSA-2022:6002)	high
163972	RHEL 8 : Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update (Moderate) (RHSA-2022:5997)	critical
163964	RHEL 8 : kernel (RHSA-2022:5998)	high
163963	RHEL 7 : kernel (RHSA-2022:5937)	medium
163962	RHEL 7 : kernel-rt (RHSA-2022:5939)	medium
163961	RHEL 9 : kernel (RHSA-2022:6003)	high
163960	RHEL 9 : galera, mariadb, and mysql-selinux (RHSA-2022:5948)	high
163937	RHEL 9 : vim (RHSA-2022:5942)	critical
163936	RHEL 8 : kernel-rt (RHSA-2022:5934)	high
163916	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)	critical
163850	RHEL 7 : xorg-x11-server (RHSA-2022:5905)	high
163845	RHEL 9 : php (RHSA-2022:5904)	high
163797	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5893)	critical
163796	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5892)	critical
163795	RHEL 8 : vim (RHSA-2022:5813)	critical
163794	RHEL 8 : kpatch-patch (RHSA-2022:5839)	high
163793	RHEL 8 : kernel (RHSA-2022:5819)	critical
163792	RHEL 8 : pcre2 (RHSA-2022:5809)	critical
163791	RHEL 8 : openssl (RHSA-2022:5818)	critical
163732	RHEL 8 : mariadb:10.5 (RHSA-2022:5826)	high
163729	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2022:5821)	high
163709	RHEL 7 : go-toolset-1.17 and go-toolset-1.17-golang (RHSA-2022:5866)	medium
163706	RHEL 8 : 389-ds:1.4 (RHSA-2022:5823)	high
163703	RHEL 7 : kpatch-patch (RHSA-2022:5804)	high
163697	RHEL 7 : kernel (RHSA-2022:5805)	high
163696	RHEL 7 : kernel (RHSA-2022:5806)	high
163695	RHEL 7 : kernel (RHSA-2022:5802)	high
163694	RHEL 8 : java-1.8.0-ibm (RHSA-2022:5837)	medium
163693	RHEL 8 : kernel-rt (RHSA-2022:5834)	critical
163678	RHEL 8 : firefox (RHSA-2022:5777)	high
163676	RHEL 9 : go-toolset and golang (RHSA-2022:5799)	medium
163673	RHEL 9 : thunderbird (RHSA-2022:5778)	high
163672	RHEL 8 : go-toolset:rhel8 (RHSA-2022:5775)	medium
163671	RHEL 8 : thunderbird (RHSA-2022:5774)	high
163670	RHEL 8 : thunderbird (RHSA-2022:5771)	high
163669	RHEL 7 : thunderbird (RHSA-2022:5773)	high
163667	RHEL 8 : firefox (RHSA-2022:5769)	high
163666	RHEL 8 : thunderbird (RHSA-2022:5772)	high
163665	RHEL 8 : ruby:2.5 (RHSA-2022:5779)	high
163664	RHEL 7 : firefox (RHSA-2022:5776)	high
163655	RHEL 8 : firefox (RHSA-2022:5765)	high
163654	RHEL 9 : firefox (RHSA-2022:5767)	high
163653	RHEL 8 : thunderbird (RHSA-2022:5770)	high
163652	RHEL 8 : firefox (RHSA-2022:5766)	high
163524	RHEL 7 : rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2022:5759)	high
163503	RHEL 9 : java-17-openjdk (RHSA-2022:5736)	critical
163472	RHEL 8 : java-17-openjdk (RHSA-2022:5726)	critical

Red Hat Local Security Checks Family for Nessus

medium

medium

medium

high

critical

high

medium

medium

high

high

critical

high

critical

high

high

critical

critical

critical

high

critical

critical

critical

high

high

medium

high

high

high

high

high

medium

critical

high

medium

high

medium

high

high

high

high

high

high

high

high

high

high

high

high

critical

critical