The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0992 advisory.

  - Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)

  - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)

  - Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)

  - Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0996 advisory.

  - Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981)

  - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982)

  - Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984)

  - Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0976 advisory.

  - lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0966 advisory.

  - pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0969 advisory.

  - keycloak: reusable state parameter at redirect_uri endpoint enables possibility of replay attacks     (CVE-2020-14302)

  - nodejs-angular: XSS due to regex-based HTML replacement (CVE-2020-7676)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0967 advisory.

  - keycloak: reusable state parameter at redirect_uri endpoint enables possibility of replay attacks     (CVE-2020-14302)

  - nodejs-angular: XSS due to regex-based HTML replacement (CVE-2020-7676)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0975 advisory.

  - pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)

  - pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery     tab (CVE-2019-10179)

  - pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

  - pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)

  - pki-core: XSS in the certificate search results (CVE-2020-25715)

  - pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0968 advisory.

  - keycloak: reusable state parameter at redirect_uri endpoint enables possibility of replay attacks     (CVE-2020-14302)

  - nodejs-angular: XSS due to regex-based HTML replacement (CVE-2020-7676)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0940 advisory.

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0934 advisory.

  - QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092)

  - QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0931 advisory.

  - lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c (CVE-2015-8011)

  - dpdk: librte_vhost Integer overflow in vhost_user_set_log_base() (CVE-2020-10722)

  - dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723)

  - dpdk: librte_vhost Missing inputs validation in Vhost-crypto (CVE-2020-10724)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0937 advisory.

  - rubygem-em-http-request: missing SSL hostname validation allows MITM (CVE-2020-13482)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0933 advisory.

  - django: potential data leakage via malformed memcached keys (CVE-2020-13254)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0916 advisory.

  - etcd: large slice causes panic in decodeRecord method (CVE-2020-15106)

  - etcd: DoS in wal/wal.go (CVE-2020-15112)

  - etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)

  - etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS     (CVE-2020-15114)

  - etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords     (CVE-2020-15115)

  - etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0922 advisory.

  - bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation     (CVE-2020-8625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0915 advisory.

  - django: potential data leakage via malformed memcached keys (CVE-2020-13254)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0878 advisory.

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

  - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)

  - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0851 advisory.

  - pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)

  - pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery     tab (CVE-2019-10179)

  - pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

  - pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)

  - pki-core: XSS in the certificate search results (CVE-2020-25715)

  - pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0874 advisory.

  - CVE-2021-20220 undertow: Possible regression in fix for (CVE-2020-10687)

  - bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  - jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client     (CVE-2020-35510)

  - guava: local information disclosure via temporary directory created with unsafe permissions     (CVE-2020-8908)

  - undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  - wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client     (CVE-2021-20250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0873 advisory.

  - CVE-2021-20220 undertow: Possible regression in fix for (CVE-2020-10687)

  - bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  - jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client     (CVE-2020-35510)

  - guava: local information disclosure via temporary directory created with unsafe permissions     (CVE-2020-8908)

  - undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  - wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client     (CVE-2021-20250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory.

  - jquery: Passing HTML containing  elements to manipulation methods could result in untrusted code     execution (CVE-2020-11023)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory.

  - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)

  - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

  - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c     (CVE-2020-25211)

  - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)

  - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)

  - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

  - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

  - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)

  - kernel: increase slab leak leads to DoS (CVE-2021-20265)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0882 advisory.

  - tomcat: Session fixation when using FORM authentication (CVE-2019-17563)

  - tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0862 advisory.

  - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0883 advisory.

  - perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)

  - perl: corruption of intermediate language state of compiled regular expression due to integer overflow     leads to DoS (CVE-2020-10878)

  - perl: corruption of intermediate language state of compiled regular expression due to recursive     S_study_chunk() calls leads to DoS (CVE-2020-12723)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0872 advisory.

  - CVE-2021-20220 undertow: Possible regression in fix for (CVE-2020-10687)

  - bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  - jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client     (CVE-2020-35510)

  - guava: local information disclosure via temporary directory created with unsafe permissions     (CVE-2020-8908)

  - undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  - wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client     (CVE-2021-20250)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0877 advisory.

  - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0876 advisory.

  - nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)

  - nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

  - nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref     leading to DoS (CVE-2019-17007)

  - nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0848 advisory.

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0857 advisory.

  - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)

  - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

  - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c     (CVE-2020-25211)

  - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)

  - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)

  - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

  - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

  - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)

  - kernel: increase slab leak leads to DoS (CVE-2021-20265)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0881 advisory.

  - python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0834 advisory.

  - lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

  - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0816 advisory.

  - wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0819 advisory.

  - pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)

  - pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery     tab (CVE-2019-10179)

  - pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)

  - pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)

  - pki-core: XSS in the certificate search results (CVE-2020-25715)

  - pki-core: Unprivileged users can renew any certificate (CVE-2021-20179)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0837 advisory.

  - lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

  - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0835 advisory.

  - lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)

  - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0818 advisory.

  - wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0713 advisory.

  - golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)

  - golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs     (CVE-2020-16845)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0809 advisory.

  - wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0808 advisory.

  - wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0790 advisory.

  - dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0793 advisory.

  - dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0787 advisory.

  - dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0789 advisory.

  - dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0794 advisory.

  - dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0788 advisory.

  - dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0763 advisory.

  - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)

  - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c     (CVE-2020-25211)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0759 advisory.

  - curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0774 advisory.

  - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)

  - kernel: performance counters race condition use-after-free (CVE-2020-14351)

  - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c     (CVE-2020-25211)

  - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

  - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0761 advisory.

  - python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
148114	RHEL 7 : firefox (RHSA-2021:0992)	medium
148113	RHEL 7 : thunderbird (RHSA-2021:0996)	medium
148032	RHEL 8 : Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2) (Moderate) (RHSA-2021:0976)	high
148020	RHEL 8 : pki-core:10.6 (RHSA-2021:0966)	medium
148019	RHEL 8 : Red Hat Single Sign-On 7.4.6 security update on RHEL 8 (Low) (RHSA-2021:0969)	medium
148018	RHEL 6 : Red Hat Single Sign-On 7.4.6 security update on RHEL 6 (Low) (RHSA-2021:0967)	medium
148017	RHEL 7 : pki-core (RHSA-2021:0975)	medium
148016	RHEL 7 : Red Hat Single Sign-On 7.4.6 security update on RHEL 7 (Low) (RHSA-2021:0968)	medium
147886	RHEL 7 : kpatch-patch (RHSA-2021:0940)	high
147882	RHEL 7 : qemu-kvm-rhev (RHSA-2021:0934)	low
147881	RHEL 7 : openvswitch2.11 and ovn2.11 (RHSA-2021:0931)	medium
147880	RHEL 7 : rubygem-em-http-request (RHSA-2021:0937)	medium
147879	RHEL 7 : python-django (RHSA-2021:0933)	medium
147868	RHEL 8 : Red Hat OpenStack Platform 16.1.4 (etcd) (RHSA-2021:0916)	medium
147867	RHEL 8 : bind (RHSA-2021:0922)	medium
147866	RHEL 8 : Red Hat OpenStack Platform 16.1.4 (python-django) (RHSA-2021:0915)	medium
147842	RHEL 7 : kernel (RHSA-2021:0878)	high
147841	RHEL 7 : pki-core (RHSA-2021:0851)	medium
147838	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0874)	medium
147837	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0873)	medium
147836	RHEL 7 : ipa (RHSA-2021:0860)	medium
147835	RHEL 7 : kernel (RHSA-2021:0856)	high
147834	RHEL 7 : tomcat (RHSA-2021:0882)	medium
147833	RHEL 7 : kpatch-patch (RHSA-2021:0862)	high
147832	RHEL 7 : perl (RHSA-2021:0883)	high
147831	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)	medium
147830	RHEL 7 : curl (RHSA-2021:0877)	high
147829	RHEL 7 : nss and nss-softokn (RHSA-2021:0876)	critical
147828	RHEL 7 : kernel (RHSA-2021:0848)	medium
147827	RHEL 7 : kernel-rt (RHSA-2021:0857)	high
147826	RHEL 7 : python (RHSA-2021:0881)	medium
147810	RHEL 7 : openvswitch2.11 (RHSA-2021:0834)	high
147809	RHEL 8 : wpa_supplicant (RHSA-2021:0816)	medium
147808	RHEL 7 : pki-core (RHSA-2021:0819)	medium
147807	RHEL 8 : openvswitch2.11 (RHSA-2021:0837)	high
147806	RHEL 7 : openvswitch2.13 (RHSA-2021:0835)	high
147805	RHEL 8 : wpa_supplicant (RHSA-2021:0818)	medium
147707	RHEL 7 / 8 : OpenShift Container Platform 4.5.34 packages and (RHSA-2021:0713)	medium
147706	RHEL 8 : wpa_supplicant (RHSA-2021:0809)	medium
147643	RHEL 7 : wpa_supplicant (RHSA-2021:0808)	medium
147365	RHEL 8 : dotnet3.1 (RHSA-2021:0790)	high
147236	RHEL 8 : .NET Core on RHEL 8 (RHSA-2021:0793)	high
147235	RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2021:0787)	high
147234	RHEL 7 : .NET Core 3.1 on Red Hat Enterprise Linux (RHSA-2021:0789)	high
147233	RHEL 7 : .NET 5.0 on Red Hat Enterprise Linux (RHSA-2021:0794)	high
147232	RHEL 8 : dotnet (RHSA-2021:0788)	high
147215	RHEL 8 : kpatch-patch (RHSA-2021:0763)	high
147214	RHEL 7 : curl (RHSA-2021:0759)	high
147212	RHEL 8 : kernel-rt (RHSA-2021:0774)	high
147211	RHEL 7 : python (RHSA-2021:0761)	medium

Red Hat Local Security Checks Family for Nessus

medium

medium

high

medium

medium

medium

medium

medium

high

low

medium

medium

medium

medium

medium

medium

high

medium

medium

medium

medium

high

medium

high

high

medium

high

critical

medium

high

medium

high

medium

medium

high

high

medium

medium

medium

medium

high

high

high

high

high

high

high

high

high

medium