The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3566 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.9 on RHEL 7 serves as a replacement for Red Hat Single Sign-On     7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * exposure of sensitive information in Pushed Authorization Requests (PAR)     KC_RESTART cookie (CVE-2024-4540)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3545 advisory.

    Node.js is a software development platform for building fast and scalable     network applications in the JavaScript programming language.

    Security Fix(es):

    * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)

    * nodejs: CONTINUATION frames DoS (CVE-2024-27983)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3546 advisory.

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text     files and to perform system management tasks.

    Security Fix(es):

    * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)
    * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)
    * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory.

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

    Security fixes:
    * python-pygments: ReDoS in pygments (CVE-2022-40896)
    * python-pycryptodomex: Side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex     (CVE-2023-52323)
    * satellite: Arithmetic overflow in satellite (CVE-2023-4320)
    * automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
    * jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
    * python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)
    * rubygem-activesupport: File Disclosure of Locally Encrypted Files (CVE-2023-38037)
    * jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
    * python-django: Potential denial of service vulnerability in `django.utils.encoding.uri_to_iri()`     (CVE-2023-41164)
    * python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
    * python-aiohttp: Numerous issues in HTTP parser with header parsing (CVE-2023-47627)
    * python-aiohttp: HTTP request modification (CVE-2023-49081)
    * python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)
    * rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647)
    * rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong user     (CVE-2024-22047)
    * python-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter     (CVE-2024-22195)
    * python-aiohttp: Follow_symlinks directory traversal vulnerability (CVE-2024-23334)
    * python-aiohttp: HTTP request smuggling (CVE-2024-23829)

    Additional Changes:
    This update also fixes several bugs and adds various enhancements.

    Documentation for these changes is available from the Release Notes document linked to in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3553 advisory.

    Node.js is a software development platform for building fast and scalable     network applications in the JavaScript programming language.

    Security Fix(es):

    * nodejs/16: CONTINUATION frames DoS (CVE-2024-27983)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3552 advisory.

    Security Fix(es):

    * python-idna: potential DoS via resource consumption via specially crafted     inputs to idna.encode() (CVE-2024-3651)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Plugin has been deprecated due to a change in logic. Coverage will be provided in a new plugin.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3529 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3528 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3530 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

    Bug Fix(es):

    * kernel-rt: update RT source tree to the latest RHEL-8.4.z Batch 25 (JIRA:RHEL-36724)

    * [RHEL-8.4] kernel-rt-debug: BUG: sleeping function called from invalid context at     kernel/locking/rtmutex.c:968 (JIRA:RHEL-8758)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3497 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual     Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)

    * edk2: Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3513 advisory.

    The less utility is a text file browser that resembles more, but allows users to move backwards in the     file as well as forwards. Since less does not read the entire input file at startup, it also starts more     quickly than ordinary text editors.

    Security Fix(es):

    * less: OS command injection (CVE-2024-32487)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory.

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text     files and to perform system management tasks.

    Security Fix(es):

    * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)

    * ruby: ReDoS vulnerability in URI (CVE-2023-28755)

    * ruby: ReDoS vulnerability in Time (CVE-2023-28756)

    * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)

    * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)

    * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3501 advisory.

    libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

    Security Fix(es):

    * nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3351 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.58. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:3349

    Security Fix(es):

    * jose-go: improper handling of highly compressed data (CVE-2024-28180)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory.

    The gdisk packages provide the gdisk partitioning utility for GUID Partition     Table (GPT) disks. The utility features a command-line interface similar to     fdisk, direct manipulation of partition table structures, recovery tools to deal     with corrupt partition tables, and the ability to convert Master Boot Record     (MBR) disks to the GPT format.

    Security Fix(es):

    * gdisk: possible out-of-bounds-write in LoadPartitionTable of gpt.cc     (CVE-2020-0256)

    * gdisk: possible out-of-bounds-write in ReadLogicalParts of basicmbr.cc     (CVE-2021-0308)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3472 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    Security Fix(es):

    * rh-nodejs14-nodejs: CONTINUATION frames DoS (CVE-2024-27983)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory.

    A highly-available key value store for shared configuration

    Security Fix(es):

    * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform     (CVE-2024-4438)

    * Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)

    * Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)

    * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

    * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests     (CVE-2023-39326)

    * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

    * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

    * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

    * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3466 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)

    * python39:3.9/python39: python: The zipfile module is vulnerable to zip-bombs leading to denial of     service (CVE-2024-0450)

    * python39:3.9/python-idna: potential DoS via resource consumption via specially crafted inputs to     idna.encode() (CVE-2024-3651)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3461 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout     (CVE-2024-26643)

    * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

    * kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations     (CVE-2024-26673)

    * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

    * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

    * kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)

    * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

    Bug Fix(es):

    * lan78xx changes for 9.2.z, to fix link speed change exception and other bug fixes (JIRA:RHEL-34926)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3460 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout     (CVE-2024-26643)

    * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

    * kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations     (CVE-2024-26673)

    * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

    * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

    * kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)

    * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

    Bug Fix:

    * kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-36221)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3462 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * RHEL: Add Spectre-BHB mitigation for AmpereOne (CVE-2023-3006)

    * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

    * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

    Bug Fix(es):

    * XFS: thaw operation hungs if caches are dropped while FS is frozen  (JIRA:RHEL-34522)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3464 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)

    * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)

    * glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600)

    * glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601)

    * glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602)

    For more details about the security issue(s), including the impact,                 a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)                 listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3411 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread     libraries (libpthread), standard math libraries (libm), and the name service     cache daemon (nscd) used by multiple programs on the system. Without these     libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961)

    * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)

    * glibc: null pointer dereferences after failed netgroup cache insertion     (CVE-2024-33600)

    * glibc: netgroup cache may terminate daemon on memory allocation failure     (CVE-2024-33601)

    * glibc: netgroup cache assumes NSS callback uses in-buffer strings     (CVE-2024-33602)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3417 advisory.

    The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4     servers.

    Security Fix(es):

    * httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3427 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3422 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi     (CVE-2022-27635)

    * linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi     (CVE-2022-40964)

    * linux-firmware: hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi     (CVE-2022-46329)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3414 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    * kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

    * kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

    * kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

    * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

    Bug Fix(es):

    * kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 17 (JIRA:RHEL-32673)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory.

    Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and     analysis of system-level performance measurements. Its light-weight distributed architecture makes it     particularly well-suited to centralized analysis of complex systems.

    Security Fix(es):

    * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3431 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)

    * rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)

    * rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3391 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)

    * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3433 advisory.

    The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can     encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and     automated mechanism for serializing structured data.

    Security Fix(es):

    * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference     (CVE-2021-22570)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3428 advisory.

    Rust Toolset provides the Rust programming language compiler rustc, the cargo     build tool and dependency manager, and required libraries.

    Security Fix(es):

    * rust-cargo: cargo does not respect the umask when extracting dependencies     (CVE-2023-38497)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3421 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    * kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

    * CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-     SN-3008,CVE-2024-25742,CVE-2024-25743)

    * kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

    * kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

    * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

    Bug Fix(es):

    * kdump 2nd kernel panic in call trace tick_handle_periodic (JIRA:RHEL-32889)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3423 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT     (CVE-2024-2961)

    * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)

    * glibc: null pointer dereferences after failed netgroup cache insertion     (CVE-2024-33600)

    * glibc: netgroup cache may terminate daemon on memory allocation failure     (CVE-2024-33601)

    * glibc: netgroup cache assumes NSS callback uses in-buffer strings     (CVE-2024-33602)

    For more details about the security issue(s), including the impact,             a CVSS score,     acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3418 advisory.

    Rust Toolset provides the Rust programming language compiler rustc, the cargo     build tool and dependency manager, and required libraries.

    Security Fix(es):

    * rust-cargo: cargo does not respect the umask when extracting dependencies     (CVE-2023-38497)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3401 advisory.

    The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system     trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-     ostree-client package provides commands for client systems to perform upgrades and rollbacks.

    Security Fix(es):

    * rpm-ostree: world-readable /etc/shadow file (CVE-2024-2905)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3426 advisory.

    Varnish Cache is a high-performance HTTP accelerator. It stores web pages     in memory so web servers don't have to create the same web page over and over     again, giving the website a significant speed up.

    Security Fix(es):

    * varnish:6: HTTP/2 Broken Window Attack may result in denial of service     (CVE-2024-30156)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3402 advisory.

    The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4     servers.

    Security Fix(es):

    * httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2877 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:2875

    Security Fix(es):

    * buildah: full container escape at build time (CVE-2024-1753)
    * jose-go: improper handling of highly compressed data (CVE-2024-28180)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3344 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread     libraries (libpthread), standard math libraries (libm), and the name service     cache daemon (nscd) used by multiple programs on the system. Without these     libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)

    * glibc: null pointer dereferences after failed netgroup cache insertion     (CVE-2024-33600)

    * glibc: netgroup cache may terminate daemon on memory allocation failure     (CVE-2024-33601)

    * glibc: netgroup cache assumes NSS callback uses in-buffer strings     (CVE-2024-33602)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3343 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)

    * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory.

    A highly-available key value store for shared configuration

    Security Fix(es):

    * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform     (CVE-2024-4438)

    * Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)

    * Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)

    * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

    * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests     (CVE-2023-39326)

    * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

    * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

    * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

    * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3345 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 8.0.105 and .NET Runtime 8.0.5.

    Security Fix(es):

    * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)

    * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3340 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 7.0.119 and .NET Runtime 7.0.19.

    Security Fix(es):

    * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)

    * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3341 advisory.

    The gdk-pixbuf2 packages provide an image loading library that can be extended     by loadable modules for new image formats. It is used by toolkits such as GTK+     or clutter.

    Security Fix(es):

    * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3347 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)

    * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3346 advisory.

    Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics     with text pointers inside Git, while storing the file contents on a remote server.

    Security Fix(es):

    * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

    * golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect     (CVE-2023-45289)

    * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

    * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3322 advisory.

    Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and     analysis of system-level performance measurements. Its light-weight distributed architecture makes it     particularly well-suited to centralized analysis of complex systems.

    Security Fix(es):

    * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3324 advisory.

    Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and     analysis of system-level performance measurements. Its light-weight distributed architecture makes it     particularly well-suited to centralized analysis of complex systems.

    Security Fix(es):

    * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
200063	RHEL 7 : Red Hat Single Sign-On 7.6.9 security update on RHEL 7 (Low) (RHSA-2024:3566)	high
200062	RHEL 9 : nodejs (RHSA-2024:3545)	high
200061	RHEL 8 : ruby:3.1 (RHSA-2024:3546)	critical
199805	RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)	high
199251	RHEL 8 : nodejs : (RHSA-2024:3553)	high
199250	RHEL 8 : python-idna (RHSA-2024:3552)	high
198578	RHEL 6 : libidn (Unpatched Vulnerability) (deprecated)	critical
198298	RHEL 8 : kernel (RHSA-2024:3529)	high
198297	RHEL 8 : kernel (RHSA-2024:3528)	high
198296	RHEL 8 : kernel-rt (RHSA-2024:3530)	high
198159	RHEL 8 : edk2 (RHSA-2024:3497)	high
198158	RHEL 9 : less (RHSA-2024:3513)	high
198157	RHEL 8 : ruby:3.0 (RHSA-2024:3500)	critical
198156	RHEL 9 : nghttp2 (RHSA-2024:3501)	medium
198113	RHEL 8 : OpenShift Container Platform 4.12.58 (RHSA-2024:3351)	medium
198112	RHEL 8 : gdisk (RHSA-2024:3486)	medium
198074	RHEL 7 : rh-nodejs14 (RHSA-2024:3472)	high
198073	RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)	medium
198072	RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2024:3466)	high
198062	RHEL 9 : kernel (RHSA-2024:3461)	high
198061	RHEL 9 : kernel-rt (RHSA-2024:3460)	high
198060	RHEL 8 : kernel (RHSA-2024:3462)	high
198059	RHEL 8 : glibc (RHSA-2024:3464)	high
197985	RHEL 9 : glibc (RHSA-2024:3411)	high
197984	RHEL 9 : mod_http2 (RHSA-2024:3417)	high
197983	RHEL 9 : kpatch-patch (RHSA-2024:3427)	high
197982	RHEL 9 : linux-firmware (RHSA-2024:3422)	medium
197981	RHEL 9 : kernel-rt (RHSA-2024:3414)	high
197980	RHEL 8 : pcp (RHSA-2024:3392)	high
197979	RHEL 8 : pcs (RHSA-2024:3431)	high
197978	RHEL 8 : python3 (RHSA-2024:3391)	high
197977	RHEL 8 : protobuf (RHSA-2024:3433)	medium
197976	RHEL 8 : rust-toolset:rhel8 (RHSA-2024:3428)	high
197975	RHEL 9 : kernel (RHSA-2024:3421)	high
197974	RHEL 9 : glibc (RHSA-2024:3423)	high
197973	RHEL 9 : rust (RHSA-2024:3418)	high
197972	RHEL 9 : rpm-ostree (RHSA-2024:3401)	medium
197971	RHEL 8 : varnish:6 (RHSA-2024:3426)	high
197970	RHEL 9 : mod_http2 (RHSA-2024:3402)	high
197877	RHEL 8 / 9 : OpenShift Container Platform 4.13.42 (RHSA-2024:2877)	high
197876	RHEL 8 : glibc (RHSA-2024:3344)	high
197875	RHEL 8 : xorg-x11-server-Xwayland (RHSA-2024:3343)	high
197874	RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)	medium
197873	RHEL 8 : .NET 8.0 (RHSA-2024:3345)	medium
197872	RHEL 8 : .NET 7.0 (RHSA-2024:3340)	high
197871	RHEL 8 : gdk-pixbuf2 (RHSA-2024:3341)	high
197870	RHEL 8 : python3 (RHSA-2024:3347)	high
197869	RHEL 8 : git-lfs (RHSA-2024:3346)	medium
197816	RHEL 8 : pcp (RHSA-2024:3322)	high
197815	RHEL 8 : pcp (RHSA-2024:3324)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

critical

high

high

high

critical

high

high

high

high

high

critical

medium

medium

medium

high

medium

high

high

high

high

high

high

high

high

medium

high

high

high

high

medium

high

high

high

high

medium

high

high

high

high

high

medium

medium

high

high

high

medium

high

high