The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0143 advisory.

  - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

  - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

  - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

  - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0129 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0130 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0131 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0133 advisory.

  - samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0126 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0123 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0132 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0128 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0074 advisory.

  - samba: SMB1 client connections can be downgraded to plaintext authentication (CVE-2016-2124)

  - samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0124 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0125 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0127 advisory.

  - Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

  - Mozilla: Race condition when playing audio files (CVE-2022-22737)

  - Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

  - Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

  - Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

  - Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741, CVE-2022-22743)

  - Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

  - Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

  - Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

  - Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

  - Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0063 advisory.

  - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)

  - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)

  - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0024 advisory.

  - haproxy: an HTTP method name may contain a space followed by the name of a protected resource     (CVE-2021-39241)

  - haproxy: request smuggling attack or response splitting via duplicate content-length header     (CVE-2021-40346)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0081 advisory.

  - QEMU: net: e1000: infinite loop while processing transmit descriptors (CVE-2021-20257)

  - QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (CVE-2021-3930)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0076 advisory.

  - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0059 advisory.

  - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0064 advisory.

  - openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0075 advisory.

  - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0072 advisory.

  - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0073 advisory.

  - cpio: improper input validation when writing tar header fields leads to unexpected tar generation     (CVE-2019-14866)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0078 advisory.

  - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0065 advisory.

  - kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)

  - kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)

  - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0041 advisory.

  - llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)

  - llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)

  - nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing     arbitrary file creation and overwrite (CVE-2021-37701, CVE-2021-37712)

  - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  - nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0007 advisory.

  - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0008 advisory.

  - samba: SMB1 client connections can be downgraded to plaintext authentication (CVE-2016-2124)

  - samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717)

  - samba: Subsequent DCE/RPC fragment injection vulnerability (CVE-2021-23192)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0011 advisory.

  - telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code     (CVE-2020-10188)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0002 advisory.

  - golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0003 advisory.

  - xorg-x11-server: SProcRenderCompositeGlyphs out-of-bounds access (CVE-2021-4008)

  - xorg-x11-server: SProcXFixesCreatePointerBarrier out-of-bounds access (CVE-2021-4009)

  - xorg-x11-server: SProcScreenSaverSuspend out-of-bounds access (CVE-2021-4010)

  - xorg-x11-server: SwapCreateRegister out-of-bounds access (CVE-2021-4011)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0001 advisory.

  - golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5269 advisory.

  - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender     (CVE-2021-4104)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5238 advisory.

  - QEMU: net: e1000: infinite loop while processing transmit descriptors (CVE-2021-20257)

  - QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (CVE-2021-3930)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5226 advisory.

  - openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5236 advisory.

  - postgresql: server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214)

  - postgresql: memory disclosure in certain queries (CVE-2021-3677)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5241 advisory.

  - kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() (CVE-2021-20321)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5227 advisory.

  - kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() (CVE-2021-20321)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5235 advisory.

  - postgresql: server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214)

  - postgresql: memory disclosure in certain queries (CVE-2021-3677)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5219 advisory.

  - Keycloak: Incorrect authorization allows unpriviledged users to create other users (CVE-2021-4133)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5218 advisory.

  - Keycloak: Incorrect authorization allows unpriviledged users to create other users (CVE-2021-4133)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5206 advisory.

  - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender     (CVE-2021-4104)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5192 advisory.

  - samba: SMB1 client connections can be downgraded to plaintext authentication (CVE-2016-2124)

  - samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5195 advisory.

  - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5171 advisory.

  - nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)

  - nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)

  - llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)

  - llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)

  - normalize-url: ReDoS for data URLs (CVE-2021-33502)

  - nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

  - nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5197 advisory.

  - postgresql: server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214)

  - postgresql: libpq processes unencrypted bytes from man-in-the-middle (CVE-2021-23222)

  - postgresql: memory disclosure in certain queries (CVE-2021-3677)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5176 advisory.

  - golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

  - golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5179 advisory.

  - postgresql: server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214)

  - postgresql: libpq processes unencrypted bytes from man-in-the-middle (CVE-2021-23222)

  - postgresql: memory disclosure in certain queries (CVE-2021-3677)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5151 advisory.

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  - xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5149 advisory.

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  - xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5160 advisory.

  - golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

  - golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
156774	RHEL 7 : httpd (RHSA-2022:0143)	critical
156739	RHEL 8 : thunderbird (RHSA-2022:0129)	high
156738	RHEL 8 : firefox (RHSA-2022:0130)	high
156737	RHEL 8 : thunderbird (RHSA-2022:0131)	high
156736	RHEL 8 : Red Hat Virtualization Host security and bug fix update [ovirt-4.4.9] Async #2 (Important) (RHSA-2022:0133)	critical
156735	RHEL 8 : firefox (RHSA-2022:0126)	high
156734	RHEL 8 : thunderbird (RHSA-2022:0123)	high
156733	RHEL 8 : firefox (RHSA-2022:0132)	high
156731	RHEL 8 : thunderbird (RHSA-2022:0128)	high
156730	RHEL 8 : samba (RHSA-2022:0074)	critical
156729	RHEL 7 : firefox (RHSA-2022:0124)	high
156728	RHEL 8 : firefox (RHSA-2022:0125)	high
156727	RHEL 7 : thunderbird (RHSA-2022:0127)	high
156726	RHEL 7 : kernel (RHSA-2022:0063)	medium
156716	RHEL 8 : OpenShift Container Platform 4.6.53 (RHSA-2022:0024)	high
156696	RHEL 8 : virt:av and virt-devel:av (RHSA-2022:0081)	medium
156660	RHEL 8 : idm:DL1 (RHSA-2022:0076)	high
156659	RHEL 7 : webkitgtk4 (RHSA-2022:0059)	high
156658	RHEL 7 : openssl (RHSA-2022:0064)	high
156657	RHEL 8 : webkit2gtk3 (RHSA-2022:0075)	high
156656	RHEL 8 : kernel (RHSA-2022:0072)	medium
156655	RHEL 8 : cpio (RHSA-2022:0073)	high
156653	RHEL 8 : kernel-rt (RHSA-2022:0078)	medium
156632	RHEL 7 : kernel-rt (RHSA-2022:0065)	medium
156548	RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:0041)	critical
156465	RHEL 8 : idm:DL1 (RHSA-2022:0007)	high
156464	RHEL 8 : samba (RHSA-2022:0008)	critical
156463	RHEL 7 : telnet (RHSA-2022:0011)	critical
156454	RHEL 8 : grafana (RHSA-2022:0002)	high
156453	RHEL 7 : xorg-x11-server (RHSA-2022:0003)	high
156452	RHEL 8 : grafana (RHSA-2022:0001)	high
156261	RHEL 7 : rh-maven36-log4j12 (RHSA-2021:5269)	high
156251	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:5238)	medium
156250	RHEL 8 : openssl (RHSA-2021:5226)	high
156249	RHEL 8 : postgresql:13 (RHSA-2021:5236)	high
156248	RHEL 8 : kernel-rt (RHSA-2021:5241)	medium
156247	RHEL 8 : kernel (RHSA-2021:5227)	medium
156246	RHEL 8 : postgresql:12 (RHSA-2021:5235)	high
156225	RHEL 8 : Red Hat Single Sign-On security update on RHEL 8 (Important) (RHSA-2021:5219)	high
156202	RHEL 7 : Red Hat Single Sign-On 7.5.0 security update on RHEL 7 (Important) (RHSA-2021:5218)	high
156201	RHEL 6 : log4j (RHSA-2021:5206)	high
156134	RHEL 7 : samba (RHSA-2021:5192)	critical
156133	RHEL 7 : ipa (RHSA-2021:5195)	high
156129	RHEL 8 : nodejs:16 (RHSA-2021:5171)	critical
156128	RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:5197)	high
156127	RHEL 7 : go-toolset-1.16 and go-toolset-1.16-golang (RHSA-2021:5176)	high
156126	RHEL 7 : rh-postgresql13-postgresql (RHSA-2021:5179)	high
156111	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8 (Moderate) (RHSA-2021:5151)	high
156109	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 6 (Moderate) (RHSA-2021:5149)	high
156108	RHEL 8 : go-toolset:rhel8 (RHSA-2021:5160)	high

Red Hat Local Security Checks Family for Nessus

critical

high

high

high

critical

high

high

high

high

critical

high

high

high

medium

high

medium

high

high

high

high

medium

high

medium

medium

critical

high

critical

critical

high

high

high

high

medium

high

high

medium

medium

high

high

high

high

critical

high

critical

high

high

high

high

high

high