The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5187 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.1 ESR.

    Security Fix(es):

    * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5192 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.1 ESR.

    Security Fix(es):

    * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5204 advisory.

    The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format     with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format,     and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and     browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

    Security Fix(es):

    * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5205 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.1 ESR.

    Security Fix(es):

    * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5178 advisory.

    BusyBox is a binary file that combines a large number of common system utilities into a single executable     file. BusyBox provides replacements for most GNU file utilities, shell utilities, and other command-line     tools.

    Security Fix(es):

    * busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution (CVE-2022-48174)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5144 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 6.0.122 and .NET Runtime 6.0.22.

    Security Fix(es):

    * dotnet:  Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5146 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 7.0.111 and .NET Runtime 7.0.11.

    Security Fix(es):

    * dotnet:  Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5145 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 7.0.111 and .NET Runtime 7.0.11.

    Security Fix(es):

    * dotnet:  Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5143 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 6.0.122 and .NET Runtime 6.0.22.

    Security Fix(es):

    * dotnet:  Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5142 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 6.0.122 and .NET Runtime 6.0.22.

    Security Fix(es):

    * dotnet:  Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Update .NET 6.0 to SDK 6.0.122 and Runtime 6.0.22 (BZ#2236895)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5081 advisory.

    The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library.

    Security Fix(es):

    * librsvg: Arbitrary file read when xinclude href has special characters (CVE-2023-38633)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5080 advisory.

    Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.

    Security Fix(es):

    * keylime: registrar is subject to a DoS against SSL connections (CVE-2023-38200)

    * Keylime: challenge-response protocol bypass during agent registration (CVE-2023-38201)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5071 advisory.

    Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.

    Security Fix(es):

    * libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603)

    * libcap: Memory Leak on pthread_create() Error (CVE-2023-2602)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5061 advisory.

    The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information     from the system BIOS or Extensible Firmware Interface (EFI), depending on the SMBIOS/DMI standard. This     information typically includes system manufacturer, model name, serial number, BIOS version, and asset     tag, as well as other details, depending on the manufacturer.

    Security Fix(es):

    * dmidecode: dump-bin to overwrite a local file (CVE-2023-30630)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5091 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in     batch requests (CVE-2023-3390)

    * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE     (CVE-2023-3610)

    * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function     (CVE-2023-3776)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free     (CVE-2023-4147)

    * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)

    * hw: amd: Cross-Process Information Leak (CVE-2023-20593)

    * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * kernel-rt: update RT source tree to the latest RHEL-9.2.z3 Batch (BZ#2228482)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5094 advisory.

    Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm packages provide the user-space component for running virtual machines that     use KVM.

    Security Fix(es):

    * QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of     service (CVE-2023-3354)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * [qemu-kvm] rhel guest failed boot with multi disks on error Failed to start udev Wait for Complete     Device Initialization (BZ#2211923)

    * [rhel9.2] hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after     shutdown guest (BZ#2227721)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5068 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * hw: amd: Cross-Process Information Leak (CVE-2023-20593)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5093 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in     batch requests (CVE-2023-3390)

    * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE     (CVE-2023-3610)

    * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function     (CVE-2023-3776)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free     (CVE-2023-4147)

    * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5069 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    The following packages have been upgraded to a later upstream version: kernel (5.14.0).

    Security Fix(es):

    * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in     batch requests (CVE-2023-3390)

    * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE     (CVE-2023-3610)

    * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function     (CVE-2023-3776)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free     (CVE-2023-4147)

    * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)

    * hw: amd: Cross-Process Information Leak (CVE-2023-20593)

    * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * [Intel 9.3 BUG] [SPR][EMR][FHF] ACPI: Fix system hang during S3 wakeup (BZ#2218026)

    * [Dell 9.2 BUG] Monitor lost after replug WD19TBS to SUT port wiith VGA/DVI to type-C dongle (BZ#2219463)

    * rtmutex: Incorrect waiter woken when requeueing in rt_mutex_adjust_prio_chain() (BZ#2222121)

    * RHEL AWS ARM Instability During Microshift e2e tests (BZ#2223310)

    * RHEL 9.x updates for SEV-SNP guest support (BZ#2224587)

    * Lock state corruption from nested rtmutex blocking in blk_flush_plug() (BZ#2225623)

    * bpf_jit_limit hit again - copy_seccomp() fix (BZ#2226945)

    * libceph: harden msgr2.1 frame segment length checks (BZ#2227070)

    * Temporary values used for the FIPS integrity test should be zeroized after use (BZ#2227768)

    * Important iavf bug fixes July 2023 (BZ#2228156)

    * [i40e/ice] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0:
    Resource temporarily unavailable (BZ#2228158)

    * lvconvert --splitcache, --uncache operations getting hung (BZ#2228481)

    * perf: EMR core and uncore PMU support (BZ#2230175)

    * NVIDIA - Grace: Backport i2c: tegra: Set ACPI node as primary fwnode (BZ#2230483)

    * NVIDIA - Grace: Backport i2c: tegra: Fix PEC support for SMBUS block read (BZ#2230488)

    * [Hyper-V][RHEL 9]incomplete fc_transport implementation in storvsc causes null dereference in     fc_timed_out() (BZ#2230747)

    * Kernel config option CONFIG_CRYPTO_STATS should be disabled until it is enhanced (BZ#2231850)

    * [RHEL 9][Hyper-V]Excessive hv_storvsc driver logging with srb_status  SRB_STATUS_INTERNAL_ERROR  (0x30)     (BZ#2231990)

    * RHEL-9: WARNING: bad unlock balance detected! (BZ#2232213)

    * NVIDIA - Grace: Backport drm/ast patch expected for kernel 6.4 (BZ#2232302)

    * [Lenovo 9.1 bug]   RHEL 9 will hang when echo c > /proc/sysrq-trigger. (BZ#2232700)

    * [RHEL-9] bz2022169 in /kernel/general/process/reg-suit fails on aarch64  (/proc/[pid]/wchan broken)     (BZ#2233928)

    Enhancement(s):

    * [Intel 9.3 FEAT] cpufreq: intel_pstate: Enable HWP IO boost for all servers (BZ#2210270)

    * [Dell 9.3 FEAT] - New MB with AMP Codec Change on Maya Bay (audio driver) (BZ#2218960)

    * [Lenovo 9.3 FEAT] MDRAID - Update to the latest upstream (BZ#2221170)

    * [Intel 9.3 FEAT] [EMR] Add EMR support to uncore-frequency driver (BZ#2230169)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5050 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5048 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5049 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5046 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5045 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5047 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5044 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5042 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5043 advisory.

    FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project     consists of the stream format, reference encoders and decoders in library form, a command-line program to     encode and decode FLAC files, and a command-line metadata editor for FLAC files.

    Security Fix(es):

    * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the     encoder (CVE-2020-22219)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5019 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4961 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)

    * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

    * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in     batch requests (CVE-2023-3390)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

    * Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)

    * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * kernel-rt: update RT source tree to the RHEL-8.4.z19 source tree (BZ#2222004)

    * pods get restarted due to failed probes (BZ#2227240)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4967 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)

    * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

    * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in     batch requests (CVE-2023-3390)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4962 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)

    * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

    * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in     batch requests (CVE-2023-3390)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

    * Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)

    * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being     unusable until reboot. (BZ#2216500)

    * rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216771)

    * refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221012)

    * enable conntrack clash resolution for GRE (BZ#2223544)

    * iavf: Fix race between iavf_close and iavf_reset_task (BZ#2223608)

    * libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227075)

    * [i40e] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource     temporarily unavailable (BZ#2228165)

    Enhancement(s):

    * [Intel 8.7 FEAT] TSC: Avoid clock watchdog when not needed (BZ#2216050)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4954 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4951 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4959 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4955 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4945 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4946 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4957 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4948 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4947 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4956 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.15.0.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4952 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4949 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4950 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4958 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.15.0 ESR.

    Security Fix(es):

    * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

    * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

    * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

    * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird     102.15, and Thunderbird 115.2 (CVE-2023-4584)

    * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2     (CVE-2023-4585)

    * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

    * Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

    * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception     (CVE-2023-4578)

    * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

    * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

    * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4909 advisory.

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web     applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster),     the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

    This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3.
    This release includes bug fixes, enhancements and component upgrades, which are documented in the Release     Notes, linked to in the References section.

    Security Fix(es):

    * apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)

    * Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)

    * tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)

    * tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4920 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On     7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4918 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On     7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4919 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On     7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)

    * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
181527	RHEL 8 : firefox (RHSA-2023:5187)	high
181526	RHEL 8 : firefox (RHSA-2023:5192)	high
181525	RHEL 9 : libwebp (RHSA-2023:5204)	high
181524	RHEL 9 : firefox (RHSA-2023:5205)	high
181520	RHEL 6 : busybox (RHSA-2023:5178)	critical
181374	RHEL 8 : .NET 6.0 (RHSA-2023:5144)	medium
181373	RHEL 9 : .NET 7.0 (RHSA-2023:5146)	medium
181372	RHEL 8 : .NET 7.0 (RHSA-2023:5145)	medium
181371	RHEL 9 : .NET 6.0 (RHSA-2023:5143)	medium
181370	RHEL 7 : .NET 6.0 (RHSA-2023:5142)	medium
181287	RHEL 9 : librsvg2 (RHSA-2023:5081)	medium
181286	RHEL 9 : keylime (RHSA-2023:5080)	medium
181285	RHEL 9 : libcap (RHSA-2023:5071)	critical
181284	RHEL 9 : dmidecode (RHSA-2023:5061)	high
181283	RHEL 9 : kernel-rt (RHSA-2023:5091)	critical
181282	RHEL 9 : qemu-kvm (RHSA-2023:5094)	high
181281	RHEL 9 : linux-firmware (RHSA-2023:5068)	critical
181280	RHEL 9 : kpatch-patch (RHSA-2023:5093)	critical
181279	RHEL 9 : kernel (RHSA-2023:5069)	critical
181245	RHEL 8 : httpd:2.4 (RHSA-2023:5050)	high
181244	RHEL 9 : flac (RHSA-2023:5048)	high
181243	RHEL 8 : httpd:2.4 (RHSA-2023:5049)	high
181242	RHEL 8 : flac (RHSA-2023:5046)	high
181241	RHEL 8 : flac (RHSA-2023:5045)	high
181240	RHEL 9 : flac (RHSA-2023:5047)	high
181239	RHEL 8 : flac (RHSA-2023:5044)	high
181234	RHEL 8 : flac (RHSA-2023:5042)	high
181233	RHEL 8 : flac (RHSA-2023:5043)	high
180579	RHEL 7 : firefox (RHSA-2023:5019)	high
180500	RHEL 8 : kernel-rt (RHSA-2023:4961)	critical
180499	RHEL 8 : kpatch-patch (RHSA-2023:4967)	critical
180498	RHEL 8 : kernel (RHSA-2023:4962)	critical
180487	RHEL 8 : thunderbird (RHSA-2023:4954)	high
180486	RHEL 8 : firefox (RHSA-2023:4951)	high
180485	RHEL 8 : firefox (RHSA-2023:4959)	high
180484	RHEL 9 : thunderbird (RHSA-2023:4955)	high
180483	RHEL 7 : thunderbird (RHSA-2023:4945)	high
180482	RHEL 8 : thunderbird (RHSA-2023:4946)	high
180481	RHEL 8 : firefox (RHSA-2023:4957)	high
180480	RHEL 8 : thunderbird (RHSA-2023:4948)	high
180479	RHEL 9 : thunderbird (RHSA-2023:4947)	high
180478	RHEL 8 : thunderbird (RHSA-2023:4956)	high
180477	RHEL 8 : firefox (RHSA-2023:4952)	high
180476	RHEL 8 : firefox (RHSA-2023:4949)	high
180475	RHEL 9 : firefox (RHSA-2023:4950)	high
180474	RHEL 9 : firefox (RHSA-2023:4958)	high
180470	RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.4 (RHSA-2023:4909)	critical
180419	RHEL 9 : Red Hat Single Sign-On 7.6.5 security update on RHEL 9 (Important) (RHSA-2023:4920)	high
180418	RHEL 7 : Red Hat Single Sign-On 7.6.5 security update on RHEL 7 (Important) (RHSA-2023:4918)	high
180417	RHEL 8 : Red Hat Single Sign-On 7.6.5 security update on RHEL 8 (Important) (RHSA-2023:4919)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

high

critical

medium

medium

medium

medium

medium

medium

medium

critical

high

critical

high

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

high

high

high