The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5206 advisory.

  - kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c     (CVE-2017-18551)

  - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c     (CVE-2019-19046)

  - kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a     use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)

  - kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)

  - kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5119 advisory.

  - golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)

  - golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs     (CVE-2020-16845)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5203 advisory.

  - bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)

  - bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)

  - bind: incorrect enforcement of update-policy rules of type subdomain (CVE-2020-8624)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5218 advisory.

  - libssh: denial of service when handling AES-CTR (or DES) ciphers (CVE-2020-1730)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5201 advisory.

  - net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution     (CVE-2020-15862)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5199 advisory.

  - kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be     flagged as corrupt (CVE-2020-14385)

  - kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5179 advisory.

  - nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript     execution (CVE-2019-20920)

  - nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS     (CVE-2019-20922)

  - nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5168 advisory.

  - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5182 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5189 advisory.

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5184 advisory.

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5186 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5185 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5190 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5183 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5188 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5181 advisory.

  - hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)

  - hw: Vector Register Leakage-Active (CVE-2020-8696)

  - hw: Fast forward store predictor (CVE-2020-8698)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5170 advisory.

  - tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5175 advisory.

  - hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals     are used (CVE-2020-25638)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5165 advisory.

  - chromium-browser: Inappropriate implementation in V8 (CVE-2020-16013)

  - chromium-browser: Inappropriate implementation in base (CVE-2020-16016)

  - chromium-browser: Use after free in site isolation (CVE-2020-16017)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5167 advisory.

  - Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5162 advisory.

  - Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5164 advisory.

  - Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5163 advisory.

  - Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4766 advisory.

  - libexif: out of bounds write in exif-data.c (CVE-2019-9278)

  - libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-     data.c (CVE-2020-0093)

  - libexif: integer overflow in exif_data_load_data_thumbnail function in exif-data.c (CVE-2020-0181)

  - libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c     (CVE-2020-0182)

  - libexif: integer overflow in exif_data_load_data_content function in exif-data.c (CVE-2020-0198)

  - libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767)

  - libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free     (CVE-2020-13113)

  - libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts     of compute time (CVE-2020-13114)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4005 advisory.

  - libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068)

  - libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure     (CVE-2019-18197)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1074 advisory.

  - poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)

  - poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc     (CVE-2019-10871)

  - evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()     (CVE-2019-11459)

  - poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)

  - poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory.

  - webkitgtk: HTTP proxy setting deanonymization information disclosure (CVE-2019-11070)

  - webkitgtk: Multiple memory corruption issues leading to arbitrary code execution (CVE-2019-6237,     CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595,     CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611,     CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8644, CVE-2019-8666, CVE-2019-8669,     CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,     CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688,     CVE-2019-8689, CVE-2019-8707, CVE-2019-8710, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735,     CVE-2019-8763, CVE-2019-8765, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,     CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821,     CVE-2019-8822, CVE-2019-8823, CVE-2020-3868)

  - webkitgtk: processing maliciously crafted web content lead to URI spoofing (CVE-2019-6251)

  - webkitgtk: malicous web content leads to arbitrary code execution (CVE-2019-8506)

  - webkitgtk: malicious web content leads to arbitrary code execution (CVE-2019-8524, CVE-2019-8559,     CVE-2019-8563)

  - webkitgtk: malicious crafted web content leads to arbitrary code execution (CVE-2019-8535, CVE-2019-8536,     CVE-2019-8558)

  - webkitgtk: malicious crafted web content leads to arbitrary we content (CVE-2019-8544)

  - webkitgtk: malicious web content leads to cross site scripting (CVE-2019-8551)

  - webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2019-8607)

  - webkitgtk: Incorrect state management leading to universal cross-site scripting (CVE-2019-8625,     CVE-2019-8649, CVE-2019-8658, CVE-2019-8674, CVE-2019-8690, CVE-2019-8719, CVE-2019-8813, CVE-2020-3867)

  - webkitgtk: Multiple memory corruption  issues leading to arbitrary code execution (CVE-2019-8743)

  - webkitgtk: Incorrect state  management leading to universal cross-site scripting (CVE-2019-8764)

  - webkitgtk: Browsing history could not be deleted (CVE-2019-8768)

  - webkitgtk: Websites could reveal browsing history (CVE-2019-8769)

  - webkitgtk: Violation of iframe sandboxing policy (CVE-2019-8771)

  - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835,     CVE-2019-8844)

  - webkitgtk: Use after free issue may lead to remote code execution (CVE-2019-8846)

  - webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp (CVE-2020-10018)

  - webkitgtk: use-after-free via crafted web content (CVE-2020-11793)

  - webkitgtk: Denial of service via incorrect memory handling (CVE-2020-3862)

  - webkitgtk: Non-unique security origin for DOM object contexts (CVE-2020-3864)

  - webkitgtk: Incorrect security check for a top-level DOM object context (CVE-2020-3865)

  - webkitgtk: Incorrect processing of file URLs (CVE-2020-3885)

  - webkitgtk: Race condition allows reading of restricted memory (CVE-2020-3894)

  - webkitgtk: Memory corruption triggered by a malicious web content (CVE-2020-3895)

  - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2020-3897, CVE-2020-3901)

  - webkitgtk: Memory consumption issue leading to arbitrary code execution (CVE-2020-3899)

  - webkitgtk: Memory corruption  triggered by a malicious web content (CVE-2020-3900)

  - webkitgtk: Input validation issue leading to cross-site script attack (CVE-2020-3902)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4465 advisory.

  - binutils: denial of service via crafted ELF file (CVE-2019-17450)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3911 advisory.

  - python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4025 advisory.

  - qt: files placed by attacker can influence the working directory and lead to malicious code execution     (CVE-2020-0569, CVE-2020-0570)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4479 advisory.

  - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)

  - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)

  - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3901 advisory.

  - libpng: does not check length of chunks against user limit (CVE-2017-12652)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3873 advisory.

  - libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139)

  - libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7]     (CVE-2015-6360)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3977 advisory.

  - poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc     (CVE-2019-14494)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2854 advisory.

  - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)

  - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c     (CVE-2019-11811)

  - kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)

  - kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)

  - kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS     (CVE-2019-19062)

  - kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c     and fs/ext4/super.c (CVE-2019-19767)

  - kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)

  - kernel: use after free due to race condition in the video driver leads to local privilege escalation     (CVE-2019-9458)

  - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)

  - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)

  - Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)

  - Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption     (CVE-2020-8834)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4080 advisory.

  - Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (CVE-2020-12422)

  - Mozilla: WebRTC permission prompt could have been bypassed by a compromised content process     (CVE-2020-12424)

  - Mozilla: Out of bound read in Date.parse() (CVE-2020-12425)

  - Mozilla: X-Frame-Options bypass using object or embed tags (CVE-2020-15648)

  - Mozilla: Bypassing iframe sandbox when allowing popups (CVE-2020-15653)

  - Mozilla: Custom cursor can overlay user interface (CVE-2020-15654)

  - Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656)

  - Mozilla: Overriding file type when saving to disk (CVE-2020-15658)

  - Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673)

  - Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676)

  - Mozilla: Download origin spoofing via redirect (CVE-2020-15677)

  - Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in     a potential use-after-free scenario (CVE-2020-15678)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3973 advisory.

  - spamassassin: crafted email message can lead to DoS (CVE-2019-12420)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4659 advisory.

  - gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)

  - gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  - gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0912 advisory.

  - tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4697 advisory.

  - targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3936 advisory.

  - jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  - bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

  - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

  - bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)

  - bootstrap: XSS in the affix configuration target property (CVE-2018-20677)

  - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or     property injection (CVE-2019-11358)

  - bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

  - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  - ipa: No password length restriction leads to denial of service (CVE-2020-1722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3971 advisory.

  - hunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr.cxx (CVE-2019-16707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3878 advisory.

  - dnsmasq: memory leak in the create_helper() function in /src/helper.c (CVE-2019-14834)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3868 advisory.

  - SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572)

  - SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573, CVE-2019-7576)

  - SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574)

  - SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575)

  - SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577)

  - SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578)

  - SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635)

  - SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636)

  - SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637)

  - SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4514 advisory.

  - openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2378 advisory.

  - Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405)

  - Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406)

  - Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4024 advisory.

  - okular: local binary execution via specially crafted PDF files (CVE-2020-9359)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3848 advisory.

  - libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4041 advisory.

  - openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
143241	RHEL 7 : kernel (RHSA-2020:5206)	Medium
143240	RHEL 7 / 8 : OpenShift Container Platform 4.5.20 packages and golang (RHSA-2020:5119)	Medium
143239	RHEL 7 : bind (RHSA-2020:5203)	Medium
143238	RHEL 8 : Red Hat Virtualization (RHSA-2020:5218)	Medium
143237	RHEL 8 : net-snmp (RHSA-2020:5201)	High
143236	RHEL 8 : kernel (RHSA-2020:5199)	High
143235	RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)	Medium
143213	RHEL 7 : rh-eclipse (RHSA-2020:5168)	Medium
143212	RHEL 7 : microcode_ctl (RHSA-2020:5182)	Medium
143211	RHEL 6 : microcode_ctl (RHSA-2020:5189)	Medium
143209	RHEL 6 : microcode_ctl (RHSA-2020:5184)	Medium
143208	RHEL 8 : microcode_ctl (RHSA-2020:5186)	Medium
143205	RHEL 8 : microcode_ctl (RHSA-2020:5185)	Medium
143204	RHEL 7 : microcode_ctl (RHSA-2020:5190)	Medium
143203	RHEL 7 : microcode_ctl (RHSA-2020:5183)	Medium
143202	RHEL 7 : microcode_ctl (RHSA-2020:5188)	Medium
143200	RHEL 7 : microcode_ctl (RHSA-2020:5181)	Medium
143199	RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.4 security release (Moderate) (RHSA-2020:5170)	Medium
143198	RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:5175)	High
143164	RHEL 6 : chromium-browser (RHSA-2020:5165)	Critical
143163	RHEL 8 : thunderbird (RHSA-2020:5167)	Medium
143162	RHEL 8 : thunderbird (RHSA-2020:5162)	Medium
143161	RHEL 6 : thunderbird (RHSA-2020:5164)	Medium
143160	RHEL 7 : thunderbird (RHSA-2020:5163)	Medium
143097	RHEL 8 : libexif (RHSA-2020:4766)	Medium
143096	RHEL 7 : libxslt (RHSA-2020:4005)	High
143095	RHEL 7 : poppler and evince (RHSA-2020:1074)	Medium
143094	RHEL 7 : webkitgtk4 (RHSA-2020:4035)	High
143093	RHEL 8 : binutils (RHSA-2020:4465)	Medium
143092	RHEL 7 : python (RHSA-2020:3911)	Medium
143091	RHEL 7 : qt5-qtbase (RHSA-2020:4025)	Medium
143090	RHEL 8 : libxml2 (RHSA-2020:4479)	Medium
143089	RHEL 7 : libpng (RHSA-2020:3901)	High
143088	RHEL 7 : libsrtp (RHSA-2020:3873)	High
143087	RHEL 7 : evince and poppler (RHSA-2020:3977)	Medium
143086	RHEL 7 : kernel-alt (RHSA-2020:2854)	High
143085	RHEL 7 : firefox (RHSA-2020:4080)	High
143084	RHEL 7 : spamassassin (RHSA-2020:3973)	Medium
143083	RHEL 8 : gd (RHSA-2020:4659)	High
143082	RHEL 6 : tomcat6 (RHSA-2020:0912)	High
143081	RHEL 8 : targetcli (RHSA-2020:4697)	Low
143080	RHEL 7 : ipa (RHSA-2020:3936)	Medium
143079	RHEL 7 : hunspell (RHSA-2020:3971)	Medium
143078	RHEL 7 : dnsmasq (RHSA-2020:3878)	Medium
143077	RHEL 7 : SDL (RHSA-2020:3868)	Medium
143076	RHEL 8 : openssl (RHSA-2020:4514)	Medium
143075	RHEL 6 : firefox (RHSA-2020:2378)	High
143074	RHEL 7 : okular (RHSA-2020:4024)	Medium
143073	RHEL 7 : libmspack (RHSA-2020:3848)	Medium
143072	RHEL 7 : openldap (RHSA-2020:4041)	Medium

Red Hat Local Security Checks Family for Nessus