The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1351 advisory.

    Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm packages provide the user-space component for running virtual machines that     use KVM.

    Security Fix(es):

    * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)

    * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1342 advisory.

    Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server     packages include a telnet service that supports remote logins into the host machine. The telnet service is     disabled by default.

    Security Fix(es):

    * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code     (CVE-2020-10188)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1350 advisory.

    Chromium is an open-source web browser, powered by WebKit (Blink).

    This update upgrades Chromium to version 80.0.3987.162.

    Security Fix(es):

    * chromium-browser: Use after free in WebAudio (CVE-2020-6450)

    * chromium-browser: Use after free in WebAudio (CVE-2020-6451)

    * chromium-browser: Heap buffer overflow in media (CVE-2020-6452)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1338 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 68.6.1 ESR.

    Security Fix(es):

    * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)

    * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1340 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 68.6.1 ESR.

    Security Fix(es):

    * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)

    * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1339 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 68.6.1 ESR.

    Security Fix(es):

    * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)

    * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1349 advisory.

    The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and     servers. Kerberos is a network authentication system which allows clients and servers to authenticate to     each other using symmetric encryption and trusted third-party, the Key Distribution Center (KDC).

    Security Fix(es):

    * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code     (CVE-2020-10188)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1331 advisory.

    The ipmitool packages contain a command-line utility for interfacing with devices that support the     Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine     health, inventory, and remote power control.

    Security Fix(es):

    * ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1337 advisory.

    This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss     Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service     Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most     significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * openssl: side-channel weak encryption vulnerability (CVE-2019-1547)

    * httpd: memory corruption on early pushes (CVE-2019-10081)

    * httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)

    * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)

    * openssl: information disclosure in fork() (CVE-2019-1549)

    * openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)

    * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)

    * httpd: mod_rewrite potential open redirect (CVE-2019-10098)

    * httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1332 advisory.

    KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the     Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell     complies with the POSIX.2 standard (IEEE Std 1003.2-1992).

    Security Fix(es):

    * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code     injection (CVE-2019-14868)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1334 advisory.

    Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server     packages include a telnet service that supports remote logins into the host machine. The telnet service is     disabled by default.

    Security Fix(es):

    * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code     (CVE-2020-10188)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1333 advisory.

    KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the     Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell     complies with the POSIX.2 standard (IEEE Std 1003.2-1992).

    Security Fix(es):

    * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code     injection (CVE-2019-14868)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1335 advisory.

    Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server     packages include a telnet service that supports remote logins into the host machine. The telnet service is     disabled by default.

    Security Fix(es):

    * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code     (CVE-2020-10188)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0928 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    Security Fix(es):

    * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1308 advisory.

    The org.ovirt.engine-root is a core component of oVirt.

    The following packages have been upgraded to a later upstream version: org.ovirt.engine-root (4.3.8.2),     ovirt-engine-dwh (4.3.8), ovirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0), ovirt-     imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui (1.6.0), rhv-log-collector-analyzer     (0.2.15), v2v-conversion-host (1.16.0). (BZ#1767333, BZ#1776722, BZ#1779587, BZ#1779631)

    Security Fix(es):

    * CVE-2019-17195
    * CVE-2019-10086

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * [downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are versioned templates in     database (BZ#1688781)

    * [ovirt-fast-forward-upgrade] Error: ovirt-engine-setup-plugin-ovirt-engine conflicts with ovirt-     engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979)

    * Users immediately logged out from User portal due to negative UserSessionTimeOutInterval (BZ#1757423)

    * Fluentd error when stopping metrics services through playbook on 4.3 (BZ#1772506)

    * [downstream clone - 4.3.8] From  VM Portal, users cannot create Operating System Windows VM.
    (BZ#1773580)

    * MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged     [RHV clone - 4.3.8] (BZ#1779664)

    * Metric Store reports all hosts in Default cluster regardless of cluster assignment. (BZ#1780234)

    Enhancement(s):

    * RFE for offline installation  of RHV Metrics Store (BZ#1711873)

    * [RFE] Compare storage with database for discrepancies (BZ#1739106)

    * [RFE] RHV+Metrics Store - Support a Flat DNS environment without subdomains (BZ#1782412)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1289 advisory.

    The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based     applications.

    Security Fix(es):

    * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes (CVE-2020-11100)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1288 advisory.

    The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based     applications.

    Security Fix(es):

    * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes (CVE-2020-11100)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1296 advisory.

    KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines     that use KVM in environments managed by Red Hat products.

    Security Fix(es):

    * QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)
    * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1292 advisory.

    KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines     that use KVM in environments managed by Red Hat products.

    Security Fix(es):

    * CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages

    Users of qemu-kvm are advised to upgrade to these updated packages. After installing this update, shut     down all running virtual machines. Once all virtual machines have shut down, start them again for this     update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1293 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    Security Fix(es):

    * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1300 advisory.

    KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines     that use KVM in environments managed by Red Hat products.

    Security Fix(es):

    * QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711)
    * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039)
    * QEMU: slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1185 advisory.

    libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or     WAV.

    Security Fix(es):

    * libsndfile: stack-based buffer overflow in sndfile-deinterleave utility (CVE-2018-13139)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1267 advisory.

    The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.

    Security Fix(es):

    * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate     (CVE-2019-11745)

    * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1269 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867)

    * ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1265 advisory.

    The procps-ng packages contain a set of system utilities that provide system information, including ps,     free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.

    Security Fix(es):

    * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib     (CVE-2018-1061)

    * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)

    * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)

    * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)

    * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms     (CVE-2019-9948)

    * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1266 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Slow console output with ast (Aspeed) graphics driver (BZ#1780145)

    * core: backports from upstream (BZ#1794373)

    * System Crash on vport creation (NPIV on FCoE) (BZ#1796362)

    * [GSS] Can't access the mount point due to possible blocking of i/o on rbd (BZ#1796432)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1264 advisory.

    The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and     LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for     starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
    In addition, it supports snapshotting and restoring of the system state, maintains mount and automount     points, and implements an elaborate transactional dependency-based service control logic. It can also work     as a drop-in replacement for sysvinit.

    Security Fix(es):

    * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686)

    * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Restarting systemd-journald to load new configurations causes other daemons stop working (BZ#1798160)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1270 advisory.

    Chromium is an open-source web browser, powered by WebKit (Blink).

    This update upgrades Chromium to version 80.0.3987.149.

    Security Fix(es):

    * chromium-browser: Use after free in WebGL (CVE-2020-6422)

    * chromium-browser: Use after free in media (CVE-2020-6424)

    * chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6425)

    * chromium-browser: Inappropriate implementation in V8 (CVE-2020-6426)

    * chromium-browser: Use after free in audio (CVE-2020-6427)

    * chromium-browser: Use after free in audio (CVE-2020-6428)

    * chromium-browser: Use after free in audio (CVE-2020-6429)

    * chromium-browser: Use after free in audio (CVE-2020-6449)

    * usrsctp: Out of bounds reads in sctp_load_addresses_from_init() (CVE-2019-20503)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1231 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to:
    * Create a working container, either from scratch or using an image as a starting point.
    * Create an image, either from a working container or using the instructions in a Dockerfile.
    * Build both Docker and OCI images.

    Security Fix(es):

    * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * rootless buildah does not work with UID in /etc/subuid (BZ#1765469)

    * Extras RHEL-7.8 update - buildah (BZ#1791286)

    * buildah should be linked against gpgme-pthread (BZ#1793074)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory.

    Docker is an open-source engine that automates the deployment of any application as a lightweight,     portable, self-sufficient container that runs virtually anywhere.

    Security Fix(es):

    * runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884)

    * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

    * containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Whitelist statx(2) in docker (BZ#1784228)

    * Upgrading docker resulting into increase Systemd logs (BZ#1791870)

    * docker should be linked against gpgme-pthread (BZ#1792243)

    * docker cannot be updated to 108 on rhos13 as a container fails to start with pivot_root invalid     argument error. (BZ#1795376)

    * OVS pods are unable to stop when running under docker version 1.13.1-108 (BZ#1796451)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1226 advisory.

    The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast     packet processing in the user space.

    The following packages have been upgraded to a later upstream version: dpdk (18.11.5). (BZ#1785678)

    Security Fix(es):

    * dpdk: possible memory leak leads to denial of service (CVE-2019-14818)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1230 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Skopeo doesn't handle HTTP 429 errors properly (BZ#1752775)

    * skopeo does not show manifest manifest.list.v2 for special cases (BZ#1754905)

    * skopeo inspect results in panic: runtime error: invalid memory address or nil pointer dereference     (BZ#1769575)

    * skopeo should be linked against gpgme-pthread (BZ#1793080)

    * docker won't start because registries service won't start (BZ#1812505)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * podman: resolving symlink in host filesystem leads to unexpected results of copy operation     (CVE-2019-18466)

    * containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * [extras-rhel-7] conmon binary stripped but debuginfo not generated (BZ#1650395)

    * Cannot run systemd-container with SCL service due to RHSA-2019:2091 fix (BZ#1758509)

    * Podman does not enforce registries.block in the registries.conf file (BZ#1787666)

    * podman and podman-manpages needs merging (BZ#1788549)

    * podman should be linked against gpgme-pthread (BZ#1793083)

    * podman cannot support load tarball which the name with colon but docker can support this (BZ#1797599)

    * podman (1.6.4) rhel 8.1 no route to host from inside container [extras-rhel-7.8/podman] (BZ#1806895)

    * Podman can't reuse a container name, even if the container that was using it is no longer around     [extras-rhel-7.8/podman] (BZ#1807437)

    * podman exec does not reads from stdin [extras-rhel-7.8/podman] (BZ#1807586)

    * [FJ8.2 Bug]: [REG]The --group-add option of podman create doesn't function. [extras-rhel-7.8/podman]     (BZ#1808702)

    Enhancement(s):

    * [RFE] sctp support for podman (BZ#1664218)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: out of bound read in DVB connexant driver. (CVE-2015-9289)

    * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to     keyring without Write permission (CVE-2017-17807)

    * kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)

    * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)

    * kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)

    * kernel: brcmfmac frame validation bypass (CVE-2019-9503)

    * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)

    * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command     (CVE-2019-11884)

    * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)

    * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)

    * kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via     sigreturn() system call (CVE-2019-13648)

    * kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)

    * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service     (CVE-2019-15916)

    * kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)

    * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)

    * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)

    * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)

    * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR     (CVE-2019-10639)

    * kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1037 advisory.

    AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files.

    Security Fix(es):

    * advancecomp: integer overflow in png_compress in pngex.cc (CVE-2019-9210)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1070 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: out of bound read in DVB connexant driver. (CVE-2015-9289)

    * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to     keyring without Write permission (CVE-2017-17807)

    * kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)

    * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)

    * kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)

    * kernel: brcmfmac frame validation bypass (CVE-2019-9503)

    * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)

    * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command     (CVE-2019-11884)

    * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)

    * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)

    * kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)

    * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service     (CVE-2019-15916)

    * kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)

    * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)

    * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)

    * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR     (CVE-2019-10639)

    * kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1050 advisory.

    The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar     operating systems.

    Security Fix(es):

    * cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180)

    * cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as     root (CVE-2018-4181)

    * cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1047 advisory.

    The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running     on a computer network.

    Security Fix(es):

    * wireshark: Out-of-bounds read in packet-ldss.c (CVE-2018-11362)

    * wireshark: Multiple dissectors could crash (wnpa-sec-2018-36) (CVE-2018-14340)

    * wireshark: DICOM dissector infinite loop (wnpa-sec-2018-39) (CVE-2018-14341)

    * wireshark: Bazaar dissector infinite loop (wnpa-sec-2018-40) (CVE-2018-14368)

    * wireshark: SIGCOMP dissector crash in packet-sigcomp.c (CVE-2018-7418)

    * wireshark: Radiotap dissector crash (CVE-2018-16057)

    * wireshark: Infinite loop in the MMSE dissector (CVE-2018-19622)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1034 advisory.

    Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of     documented source files. The documentation is extracted directly from the sources. Doxygen can also be     configured to extract the code structure from undocumented source files.

    Security Fix(es):

    * doxygen: cross-site scripting in templates/html/search_opensearch.php (CVE-2016-10245)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1167 advisory.

    Network Block Device (NBD) is a protocol for accessing hard disks and other disk-like devices over the     network. The nbdkit toolkit utilizes NBD to create servers with minimal dependencies. The package contains     plug-in support for the C and Python programming languages.

    Security Fix(es):

    * nbdkit: denial of service due to premature opening of back-end connection (CVE-2019-14850)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1020 advisory.

    The curl packages provide the libcurl library and the curl utility for downloading files from servers     using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1121 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199)

    * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values     (CVE-2017-15710)

    * httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)

    * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)

    * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)

    * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)

    * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)

    * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1022 advisory.

    The file command is used to identify a particular file according to the type of data the file contains. It     can identify many different file types, including Executable and Linkable Format (ELF) binary files,     system libraries, RPM packages, and different graphics formats.

    Security Fix(es):

    * file: out-of-bounds read via a crafted ELF file (CVE-2018-10360)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477)

    * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using     managed-keys (CVE-2018-5745)

    * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable     (CVE-2019-6465)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1151 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands     (CVE-2019-9848)

    * libreoffice: Insufficient URL validation allowing LibreLogo script execution (CVE-2019-9850)

    * libreoffice: LibreLogo global-event script execution (CVE-2019-9851)

    * libreoffice: Insufficient URL encoding flaw in allowed script location check (CVE-2019-9852)

    * libreoffice: Insufficient URL decoding flaw in categorizing macro location (CVE-2019-9853)

    * libreoffice: Unsafe URL assembly flaw in allowed script location check (CVE-2019-9854)

    * libreoffice: Remote resources protection module not applied to bullet graphics (CVE-2019-9849)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1189 advisory.

    The libqb packages provide a library with the primary purpose of providing high performance client/server     reusable features, such as high performance logging, tracing, inter-process communication, and polling.

    Security Fix(es):

    * libqb: Insecure treatment of IPC (temporary) files (CVE-2019-12779)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1011 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1208 advisory.

    Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm packages provide the user-space component for running virtual machines that     use KVM.

    Security Fix(es):

    * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
135245	RHEL 7 : qemu-kvm (RHSA-2020:1351)	medium
135244	RHEL 8 : telnet (RHSA-2020:1342)	critical
135243	RHEL 6 : chromium-browser (RHSA-2020:1350)	high
135242	RHEL 7 : firefox (RHSA-2020:1338)	high
135241	RHEL 8 : firefox (RHSA-2020:1340)	high
135240	RHEL 6 : firefox (RHSA-2020:1339)	high
135239	RHEL 6 : krb5-appl (RHSA-2020:1349)	critical
135236	RHEL 6 : ipmitool (RHSA-2020:1331)	high
135235	RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 (RHSA-2020:1337)	critical
135234	RHEL 7 : ksh (RHSA-2020:1332)	high
135233	RHEL 7 : telnet (RHSA-2020:1334)	critical
135232	RHEL 7 : ksh (RHSA-2020:1333)	high
135231	RHEL 6 : telnet (RHSA-2020:1335)	critical
135230	RHEL 7 / 8 : OpenShift Container Platform 4.3.8 openshift-clients (RHSA-2020:0928)	high
135185	RHEL 7 : Red Hat Virtualization Engine security, 4.3.9 (Low) (RHSA-2020:1308)	critical
135184	RHEL 8 : haproxy (RHSA-2020:1289)	high
135183	RHEL 8 : haproxy (RHSA-2020:1288)	high
135176	RHEL 7 : qemu-kvm-rhev (RHSA-2020:1296)	medium
135175	RHEL 7 : qemu-kvm-rhev (RHSA-2020:1292)	medium
135174	RHEL 8 : nodejs:12 (RHSA-2020:1293)	high
135173	RHEL 7 : qemu-kvm-rhev (RHSA-2020:1300)	medium
135095	RHEL 7 : libsndfile (RHSA-2020:1185)	high
135092	RHEL 7 : nss-softokn (RHSA-2020:1267)	high
135091	RHEL 8 : idm:DL1 (RHSA-2020:1269)	high
135090	RHEL 7 : procps-ng (RHSA-2020:1265)	high
135089	RHEL 7 : python (RHSA-2020:1268)	critical
135088	RHEL 7 : kernel (RHSA-2020:1266)	high
135087	RHEL 7 : systemd (RHSA-2020:1264)	high
135086	RHEL 6 : chromium-browser (RHSA-2020:1270)	high
135085	RHEL 7 : buildah (RHSA-2020:1231)	high
135084	RHEL 7 : docker (RHSA-2020:1234)	high
135083	RHEL 7 : dpdk (RHSA-2020:1226)	high
135082	RHEL 7 : skopeo (RHSA-2020:1230)	high
135081	RHEL 7 : podman (RHSA-2020:1227)	medium
135080	RHEL 7 : kernel (RHSA-2020:1016)	critical
135079	RHEL 7 : advancecomp (RHSA-2020:1037)	high
135078	RHEL 7 : kernel-rt (RHSA-2020:1070)	critical
135077	RHEL 7 : cups (RHSA-2020:1050)	high
135076	RHEL 7 : wireshark (RHSA-2020:1047)	high
135075	RHEL 7 : doxygen (RHSA-2020:1034)	medium
135074	RHEL 7 : nbdkit (RHSA-2020:1167)	low
135073	RHEL 7 : curl (RHSA-2020:1020)	high
135072	RHEL 7 : httpd (RHSA-2020:1121)	high
135071	RHEL 7 : libxml2 (RHSA-2020:1190)	high
135070	RHEL 7 : file (RHSA-2020:1022)	medium
135069	RHEL 7 : bind (RHSA-2020:1061)	medium
135068	RHEL 7 : libreoffice (RHSA-2020:1151)	critical
135067	RHEL 7 : libqb (RHSA-2020:1189)	high
135066	RHEL 7 : expat (RHSA-2020:1011)	critical
135065	RHEL 7 : qemu-kvm (RHSA-2020:1208)	medium

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

medium

critical

high

high

high

high

critical

high

critical

high

critical

high

critical

high

critical

high

high

medium

medium

high

medium

high

high

high

high

critical

high

high

high

high

high

high

high

medium

critical

high

critical

high

high

medium

low

high

high

high

medium

medium

critical

high

critical

medium