The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4544 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4546 advisory.

    Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics     with text pointers inside Git, while storing the file contents on a remote server.

    Security Fix(es):

    * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS     (CVE-2023-45288,VU#421644.3)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4548 advisory.

    This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the     code of a running kernel.  This patch module is targeted for kernel-5.14.0-284.48.1.el9_2.

    Security Fix(es):

    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4502 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4549 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4500 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4517 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4508 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4537 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4501 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13     (CVE-2024-6604)

    * Mozilla: Race condition in permission assignment (CVE-2024-6601)

    * Mozilla: Memory corruption in thread creation (CVE-2024-6603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4533 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

    * kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in     hns_dsaf_ge_srst_by_port() (CVE-2021-47548)

    * kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596)

    * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)

    * kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638)

    * kernel: tls: race between async notify and socket close (CVE-2024-26583)

    * kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)

    * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)

    * kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783)

    * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)

    * kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852)

    * kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857)

    * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

    * kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969)

    * kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)

    * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4529 advisory.

    The less utility is a text file browser that resembles more, but allows users to move backwards in the     file as well as forwards. Since less does not read the entire input file at startup, it also starts more     quickly than ordinary text editors.

    Security Fix(es):

    * less: OS command injection (CVE-2024-32487)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4527 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4528 advisory.

    The less utility is a text file browser that resembles more, but allows users to move backwards in the     file as well as forwards. Since less does not read the entire input file at startup, it also starts more     quickly than ordinary text editors.

    Security Fix(es):

    * less: OS command injection (CVE-2024-32487)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4522 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):

    * automation-controller: jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)
    * automation-controller: jwcrypto: malicious JWE token can cause denial of service (CVE-2024-28102)
    * automation-controller: requests: subsequent requests to the same host ignore cert verification     (CVE-2024-35195)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes for automation controller:
    * Fixed a bug where the controller does not respect DATABASES[OPTIONS] setting, if specified     (AAP-26398)
    * Changed all uses of ImplicitRoleField to perform an on_delete=SET_NULL (AAP-25136)
    * Fixed the HostMetric automated counter to display the correct values (AAP-25115)
    * Added Django logout redirects (AAP-24543)
    * automation-controller has been updated to 4.5.8

    Additional changes:
    * aap-metrics-utility has been updated to 0.3.0 (AAP-25875)
    * ansible-core has been updated to 2.15.12 (AAP-25536)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4499 advisory.

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text     files and to perform system management tasks.

    Security Fix(es):

    * rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)

    * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)

    * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)

    * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)

    * REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4504 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4457 advisory.

    OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating     systems. It includes the core files necessary for both the OpenSSH client and server.

    Security Fix(es):

    * openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat     Enterprise Linux 9 (CVE-2024-6409)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4456 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4462 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4450 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 8.0.107 and Runtime 8.0.7.

    Security Fix(es):

    * dotnet: DoS in System.Text.Json (CVE-2024-30105)

    * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)

    * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4451 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK  8.0.107 and Runtime 8.0.7.

    Security Fix(es):

    * dotnet: DoS in System.Text.Json (CVE-2024-30105)

    * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)

    * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4447 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

    * kernel: net/sched: act_skbmod: Skip non-Ethernet packets (CVE-2021-47293)

    * kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

    * kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)

    * kernel: tls: race between async notify and socket close (CVE-2024-26583)

    * kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)

    * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

    * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)

    * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

    * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

    * kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

    * kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969)

    * kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)

    * kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

    * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4430 advisory.

    HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl.

    Security Fix(es):

    * http-tiny: insecure TLS cert default (CVE-2023-31486)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4421 advisory.

    Python is an interpreted, interactive, object-oriented programming language,     which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python     supports interfaces to many system calls and     libraries, as well as to various windowing systems.

    Security Fix(es):

    * python39:3.9/python3x-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py     (CVE-2022-40897)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4427 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4431 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4432 advisory.

    The libvirt library contains a C API for managing and interacting with the virtualization capabilities of     Linux and other operating systems. In addition, libvirt provides tools for remote management of     virtualized systems.

    Security Fix(es):

    * libvirt: stack use-after-free in virNetClientIOEventLoop() (CVE-2024-4418)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4422 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * urllib3: proxy-authorization request header is not stripped during cross-origin redirects     (CVE-2024-37891)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4425 advisory.

    Cinder is the replacement of nova-volume in Folsom and beyond, use d for     block storage.

    OpenStack Image Service (code-named Glance) provides     discovery,registration, and delivery services for virtual disk images. The     Image Service API server provides a standard REST interface for querying     information about virtual disk images stored in a variety of back-end     stores, including OpenStack Object Storage. Clients can register new     virtual disk images with the Image Service, query for information on     publicly available disk images, and use the Image Service's client library     for streaming virtual disk images.

    OpenStack Compute (codename Nova) is open source software designed     to provision and manage large networks of virtual machines,creating a     redundant and scalable cloud computing platform. It gives you the software,     control panels, and APIs required to orchestrate a cloud, including running     instances, managing networks, and controlling access through users and     projects.OpenStack Compute strives to be both hardware and hypervisor     agnostic, currently supporting a variety of standard hardware     configurations and seven major hypervisors.

    Security Fix(es):

    * malicious qcow2/vmdk images (2024-emu CVE-2024-32498)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4420 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution for     Linux on numerous hardware platforms. The virt:rhel module contains packages     which provide user-space components used to run virtual machines using KVM. The packages also provide APIs     for managing and interacting with the virtualized systems.

    Security Fix(es):

    * qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write (CVE-2024-4467)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4429 advisory.

    The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-     ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI     concerns itself only with network connectivity of containers and removing allocated resources when the     container is deleted.

    Security Fix(es):

    * golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4438 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET SDK 6.0.132 and Runtime 6.0.32.

    Security Fix(es):

    * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4439 advisory.

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new     APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are     .NET 6.0 to SDK 6.0.132 and Runtime 6.0.32.

    Security Fix(es):

    * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4443 advisory.

    Toolbox is a tool for Linux operating systems, which allows the use of containerized command line     environments. It is built on top of Podman and other standard container technologies from OCI.

    Security Fix(es):

    * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents     (CVE-2022-3064)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4408 advisory.

    The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module (TPM) 2.0 System API     library. This library enables programs to interact with TPM 2.0 devices

    Security Fix(es):

    * tpm2-tss: Buffer Overlow in TSS2_RC_Decode (CVE-2023-22745)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4413 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4402 advisory.

    PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package     includes the .jar files needed for Java programs to access a PostgreSQL database.

    Security Fix(es):

    * pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE     (CVE-2024-1597)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4404 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4419 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package     contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message     (CVE-2023-45235)

    * edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message     (CVE-2023-45229)

    * edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)

    * edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)

    * edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4414 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4409 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * kernel: Reserved fields in guest message responses may not be zero initialized (CVE-2023-31346)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4418 advisory.

    The less utility is a text file browser that resembles more, but allows users to move backwards in the     file as well as forwards. Since less does not read the entire input file at startup, it also starts more     quickly than ordinary text editors.

    Security Fix(es):

    * less: OS command injection (CVE-2024-32487)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4400 advisory.

    The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple     sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates     as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated     by a Booth formation are the units of authorization that can be bound to certain resources. This will     ensure that the resources are run at only one (granted) site at a time.

    Security Fix(es):

    * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4412 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation     (CVE-2024-0193)

    * kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)

    * kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations     (CVE-2024-26673)

    Bug Fix(es):

    * kernel-rt: update RT source tree to the latest RHEL-9.0.z Batch 18 (JIRA:RHEL-36756)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4403 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4417 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4416 advisory.

    The less utility is a text file browser that resembles more, but allows users to move backwards in the     file as well as forwards. Since less does not read the entire input file at startup, it also starts more     quickly than ordinary text editors.

    Security Fix(es):

    * less: OS command injection (CVE-2024-32487)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4406 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)

    * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4415 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation     (CVE-2024-0193)

    * kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)

    * kernel: kvm: Avoid potential UAF in LPI translation cache (CVE-2024-26598)

    * kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations     (CVE-2024-26673)

    Bug Fix(es):

    * multi-page bvec configuration for integrity payload (JIRA:RHEL-15150)

    * ipoib mcast lockup fix (JIRA:RHEL-30259)

    * Kernel panic in skb_segment (JIRA:RHEL-30560)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
202398	RHEL 8 : ghostscript (RHSA-2024:4544)	high
202397	RHEL 8 : git-lfs (RHSA-2024:4546)	high
202396	RHEL 9 : kpatch-patch-5_14_0-284_48_1 (RHSA-2024:4548)	high
202395	RHEL 9 : skopeo (RHSA-2024:4502)	high
202394	RHEL 7 : ghostscript (RHSA-2024:4549)	high
202377	RHEL 9 : firefox (RHSA-2024:4500)	high
202376	RHEL 8 : firefox (RHSA-2024:4517)	high
202375	RHEL 7 : firefox (RHSA-2024:4508)	high
202374	RHEL 8 : ghostscript (RHSA-2024:4537)	high
202373	RHEL 9 : firefox (RHSA-2024:4501)	high
202371	RHEL 9 : kernel (RHSA-2024:4533)	high
202370	RHEL 9 : less (RHSA-2024:4529)	high
202369	RHEL 8 : ghostscript (RHSA-2024:4527)	high
202368	RHEL 9 : less (RHSA-2024:4528)	high
202258	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:4522)	medium
202189	RHEL 8 : ruby (RHSA-2024:4499)	medium
202188	RHEL 9 : httpd (RHSA-2024:4504)	high
202158	RHEL 9 : openssh (RHSA-2024:4457)	high
202157	RHEL 8 : python3 (RHSA-2024:4456)	high
202156	RHEL 8 : ghostscript (RHSA-2024:4462)	high
202112	RHEL 9 : dotnet8.0 (RHSA-2024:4450)	high
202111	RHEL 8 : dotnet8.0 (RHSA-2024:4451)	high
202087	RHEL 8 : kernel (RHSA-2024:4447)	high
202080	RHEL 9 : perl-HTTP-Tiny (RHSA-2024:4430)	high
202079	RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2024:4421)	medium
202078	RHEL 9 : fence-agents (RHSA-2024:4427)	medium
202077	RHEL 9 : libreswan (RHSA-2024:4431)	medium
202076	RHEL 9 : libvirt (RHSA-2024:4432)	medium
202075	RHEL 9 : fence-agents (RHSA-2024:4422)	medium
202074	RHEL 8 : Red Hat OpenStack Platform 16.1.9 (RHSA-2024:4425)	medium
202073	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:4420)	high
202072	RHEL 9 : containernetworking-plugins (RHSA-2024:4429)	high
202046	RHEL 8 : dotnet6.0 (RHSA-2024:4438)	high
202045	RHEL 9 : dotnet6.0 (RHSA-2024:4439)	high
202044	RHEL 9 : toolbox (RHSA-2024:4443)	high
202016	RHEL 8 : tpm2-tss (RHSA-2024:4408)	medium
202015	RHEL 9 : pki-core (RHSA-2024:4413)	high
202014	RHEL 8 : postgresql-jdbc (RHSA-2024:4402)	critical
202013	RHEL 8 : fence-agents update (Moderate) (RHSA-2024:4404)	medium
202012	RHEL 9 : edk2 (RHSA-2024:4419)	high
202011	RHEL 9 : fence-agents (RHSA-2024:4414)	medium
202010	RHEL 8 : linux-firmware (RHSA-2024:4409)	medium
202009	RHEL 8 : less (RHSA-2024:4418)	high
202008	RHEL 8 : booth (RHSA-2024:4400)	medium
202007	RHEL 9 : kernel-rt (RHSA-2024:4412)	high
202006	RHEL 8 : pki-core (RHSA-2024:4403)	high
202005	RHEL 8 : libreswan (RHSA-2024:4417)	medium
202004	RHEL 8 : less (RHSA-2024:4416)	high
202003	RHEL 8 : python3 (RHSA-2024:4406)	high
202002	RHEL 9 : kernel (RHSA-2024:4415)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

medium

high

high

high

high

high

high

high

high

medium

medium

medium

medium

medium

medium

high

high

high

high

high

medium

high

critical

medium

high

medium

medium

high

medium

high

high

medium

high

high

high