The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0439 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    * kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue (BZ#2230094)

    * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

    * kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

    * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

    * kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)

    * kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777)

    * kernel: use after free in nft_immediate_deactivate (CVE-2023-4015)

    * kernel: A heap out-of-bounds write (CVE-2023-5717)

    * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)

    * kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment     (CVE-2023-38409)

    * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

    * kernel: SEV-ES local priv escalation (CVE-2023-46813)

    * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

    * kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c     (CVE-2023-6679)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0436 advisory.

    Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities.

    Security Fix(es):

    * libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0432 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating     system.

    Security Fix(es):

    * kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount     to be dropped twice (CVE-2022-36879)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip     (CVE-2022-41858)

    * kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c     (CVE-2023-1195)

    * kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

    * kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race     (CVE-2023-3567)

    * kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777)

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU     (CVE-2023-45871)

    * kernel: SEV-ES local priv escalation (CVE-2023-46813)

    Bug Fix(es):

    * RHEL 9 Hyper-V: Excessive hv_storvsc driver logging with srb_status     SRB_STATUS_INTERNAL_ERROR  (0x30)

    * RHEL9.0 - s390/qeth: NET2016 - fix use-after-free in HSCI

    * DM multipath showing failed path for an nvme-o-FC LUN when performing I/O     operations

    * XFS: sync to upstream v5.15

    * AMDSERVER 9.4 Bug, Turin: Support larger microcode patches

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0410 advisory.

    The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can     capture and display the packet headers on a particular network interface or on all interfaces.

    Security Fix(es):

    * tcpslice: use-after-free in extract_slice() (CVE-2021-41043)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0455 advisory.

    OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating     systems. It includes the core files necessary for both the OpenSSH client and server.

    Security Fix(es):

    * ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

    * openssh: potential command injection via shell metacharacters (CVE-2023-51385)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0428 advisory.

    The curl packages provide the libcurl library and the curl utility for downloading files from servers     using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    * curl: FTP too eager connection reuse (CVE-2023-27535)

    * curl: GSS delegation too eager connection re-use (CVE-2023-27536)

    * curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)

    * curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)

    * curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

    * curl: more POST-after-PUT confusion (CVE-2023-28322)

    Bug Fix(es):

    * Cannot upload files bigger than 64K to SSH-2.0-9.99 sshlib server, transfer hangs (RHEL-5483)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0408 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package     contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler()     (CVE-2019-14560)

    * openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0420 advisory.

    FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType     loads, hints, and renders individual glyphs efficiently.

    Security Fix(es):

    * FreeType: Buffer overflow in sfnt_init_face (CVE-2022-27404)

    * FreeType: Segmentation violation via FNT_Size_Request (CVE-2022-27405)

    * Freetype: Segmentation violation via FT_Request_Size (CVE-2022-27406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0437 advisory.

    The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and     customizable boot loader with modular architecture. The packages support a variety of kernel formats, file     systems, computer architectures, and hardware devices.

    Security Fix(es):

    * grub2: bypass the GRUB password protection feature (CVE-2023-4001)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0429 advisory.

    OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating     systems. It includes the core files necessary for both the OpenSSH client and server.

    Security Fix(es):

    * ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

    * openssh: potential command injection via shell metacharacters (CVE-2023-51385)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0421 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate     (CVE-2022-43680)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0464 advisory.

    The python-urllib3 package provides the Python HTTP module with connection pooling and file POST     abilities.

    Security Fix(es):

    * python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)

    * urllib3: Request body not stripped after redirect from 303 status changes request method to GET     (CVE-2023-45803)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0418 advisory.

    Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero     Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware     applications allow you to plug your computer into a network and, with no configuration, view other people     to chat with, view printers to print with, and find shared files on other computers.

    Security Fix(es):

    * avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468)

    * avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469)

    * avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470)

    * avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471)

    * avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472)

    * avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0468 advisory.

    The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and     customizable boot loader with modular architecture. The packages support a variety of kernel formats, file     systems, computer architectures, and hardware devices.

    Security Fix(es):

    * grub2: bypass the GRUB password protection feature (CVE-2023-4001)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0411 advisory.

    The libfastjson library provides essential JavaScript Object Notation (JSON) handling functions. The     library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert     JSON-formatted strings back to the C representation of JSON objects.

    Security Fix(es):

    * json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file (CVE-2020-12762)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0413 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)

    * libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

    * libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)

    * libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)

    * libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0424 advisory.

    The RPM Package Manager (RPM) is a command-line driven package management system capable of installing,     uninstalling, verifying, querying, and updating software packages.

    Security Fix(es):

    * rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)

    * rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)

    * rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0404 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware     platforms. The virt:rhel module contains packages which provide user-space components used to run virtual     machines using KVM. The packages also provide APIs for managing and interacting with the virtualized     systems.

    Security Fix(es):

    * QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of     service (CVE-2023-3354)

    * QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750)

    * QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() (CVE-2023-3019)

    * NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image     (CVE-2022-40284)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0386 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0403 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    * kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue (BZ#2230094)

    * kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

    * hw: amd: Cross-Process Information Leak (CVE-2023-20593)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0448 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

    * kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

    * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

    * kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)

    * kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777)

    * kernel: use after free in nft_immediate_deactivate (CVE-2023-4015)

    * kernel: A heap out-of-bounds write (CVE-2023-5717)

    * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)

    * kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment     (CVE-2023-38409)

    * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

    * kernel: SEV-ES local priv escalation (CVE-2023-46813)

    * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

    * kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c     (CVE-2023-6679)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * sev-guest is not loaded automatically in the guest kernel when sev-snp is enabled (BZ#2218934)

    * Cgroups v2: Current interface to disable cpu load balancing not compatible with kubernetes cgroup     hierarchy (BZ#2238754)

    * WPC ice driver misc irq not getting generated for a interface. (BZ#2245881)

    * RHEL9.0 - s390/qeth: NET2016 - fix use-after-free in HSCI (BZ#2247798)

    * pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (BZ#2249557)

    * cifs: fix dentry lookups in directory handle cache (BZ#2249558)

    * Performance regression with random 2 KiB writes to ext4 filesystem with 4 KiB filesystem blocks     (BZ#2249685)

    * kernel.spec: Fix UKI naming to comply with BLS (BZ#2254546)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0463 advisory.

    The RPM Package Manager (RPM) is a command-line driven package management system capable of installing,     uninstalling, verifying, querying, and updating software packages.

    Security Fix(es):

    * rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)

    * rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)

    * rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0499 advisory.

    libssh is a library which implements the SSH protocol. It can be used to implement client and server     applications.

    Security Fix(es):

    * ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0412 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: net/sched: multiple vulnerabilities (CVE-2023-3611, CVE-2023-4623)

    * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

    * kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    * kernel: multiple race condition vulnerabilities (CVE-2022-3028, CVE-2022-3522, CVE-2023-33203,     CVE-2023-35823, CVE-2023-35824, CVE-2022-3567, BZ#2230094)

    * kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)

    * kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM     (CVE-2022-1016)

    * kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges     (CVE-2022-1679)

    * kernel: USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)

    * kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-4129, CVE-2022-47929, CVE-2023-0394,     CVE-2023-3772, CVE-2023-4459)

    * kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)

    * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)

    * hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

    * kernel: Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

    * kernel: memory corruption in usbmon driver (CVE-2022-43750)

    * kernel: HID: multiple vulnerabilities (CVE-2023-1073, CVE-2023-1079)

    * kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)

    * kernel: denial of service in tipc_conn_close (CVE-2023-1382)

    * kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)

    * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

    * Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

    * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)

    * kernel: ext4: use-after-free in ext4_xattr_set_entry() (CVE-2023-2513)

    * kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)

    * kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

    * kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)

    * kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)

    * kernel: slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)

    * kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

    * kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment     (CVE-2023-38409)

    * kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c     (CVE-2024-0562)

    * kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

    * kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * bpf_jit_limit hit again (BZ#2243013)

    * HPE Edgeline 920t resets during kdump context when ice driver is loaded and when system is booted with     intel_iommu=on iommu=pt (BZ#2244627)

    * RHEL8.6 - s390/dasd: Use correct lock while counting channel queue length (BZ#2250882)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0466 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple     (CVE-2023-27043)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0435 advisory.

    The RPM Package Manager (RPM) is a command-line driven package management system capable of installing,     uninstalling, verifying, querying, and updating software packages.

    Security Fix(es):

    * rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)

    * rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)

    * rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0422 advisory.

    HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl.

    Security Fix(es):

    * http-tiny: insecure TLS cert default (CVE-2023-31486)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0465 advisory.

    SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A     complete database is stored in a single disk file. The API is designed for convenience and ease of use.
    Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the     administrative hassles of supporting a separate database server.

    Security Fix(es):

    * sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0427 advisory.

    A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T     recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690)     encoding and decoding functions.

    Security Fix(es):

    * libtasn1: Out-of-bound access in ETYPE_OK (CVE-2021-46848)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0407 advisory.

    Git is a distributed revision control system with a decentralized architecture. As opposed to centralized     version control systems with a client-server model, Git ensures that each working copy of a Git repository     is an exact copy with complete revision history. This not only allows the user to work on and contribute     to projects without the need to have permission to push the changes to their official repositories, but     also makes it possible for the user to work with no network connection.

    Security Fix(es):

    * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree     (CVE-2022-24765)

    * git: Bypass of safe.directory protections (CVE-2022-29187)

    * git: exposure of sensitive information to a malicious actor (CVE-2022-39253)

    * git: git shell function that splits command arguments can lead to arbitrary heap writes.
    (CVE-2022-39260)

    * git: data exfiltration with maliciously crafted repository (CVE-2023-22490)

    * git: git apply: a path outside the working tree can be overwritten with crafted input (CVE-2023-23946)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0409 advisory.

    Oniguruma is a regular expressions library that supports a variety of character encodings.

    Security Fix(es):

    * oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)

    * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)

    * oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read     (CVE-2019-19012)

    * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c     (CVE-2019-19203)

    * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c     (CVE-2019-19204)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0416 advisory.

    The ncurses (new curses) library routines are a terminal-independent method of updating character screens     with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler     tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.

    Security Fix(es):

    * ncurses: Local users can trigger security-relevant memory corruption via malformed data (CVE-2023-29491)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0453 advisory.

    The RPM Package Manager (RPM) is a command-line driven package management system capable of installing,     uninstalling, verifying, querying, and updating software packages.

    Security Fix(es):

    * rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)

    * rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)

    * rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0402 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    * kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue (BZ#2230094)

    * kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)

    * hw: amd: Cross-Process Information Leak (CVE-2023-20593)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0430 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: tarfile module directory traversal (CVE-2007-4559)

    * python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading     to DoS (CVE-2020-10735)

    * python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)

    * python: use after free in heappushpop() of heapq module (CVE-2022-48560)

    * python: DoS when processing malformed Apple Property List files in binary format (CVE-2022-48564)

    * python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple     (CVE-2023-27043)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0292 advisory.

    Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge     device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an     application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an     efficient way to operate single-node clusters in these low-resource environments.

    This advisory contains the RPM packages for Red Hat build of MicroShift 4.14.10. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:0290

    Security Fix(es):

    * golang: crypto/tls: slow verification of certificate chains containing     large RSA keys (CVE-2023-29409)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section. All of the bug fixes     may not be documented in this advisory. See the following release notes documentation for details about     these changes:

    https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.14/html/release_notes/index

    All Red Hat build of MicroShift 4.14 users are advised to use these updated packages and images when they     are available in the RPM repository.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0347 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    Bug Fix(es):

    * kernel-rt: Update RT source tree to the latest RHEL-7.9z28 batch (RHEL-19250)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0371 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0376 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0343 advisory.

    LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and     others).

    Security Fix(es):

    * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp     (CVE-2021-32142)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0374 advisory.

    pip is a package management system used to install and manage software packages written in Python. Many     packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for     either Pip Installs Packages or Pip Installs Python.

    Security Fix(es):

    * python: tarfile module directory traversal (CVE-2007-4559)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0346 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * gfs2: kernel BUG at fs/gfs2/lops.c:135 (BZ#2196280)

    * ax88179_178a 2-6:1.0 (unregistered net_device) (uninitialized): Failed to read reg index 0x0006: -71     (RHEL-6302)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0381 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0345 advisory.

    The python-pillow packages contain a Python image processing library that provides extensive file format     support, an efficient internal representation, and powerful image-processing capabilities.

    Security Fix(es):

    * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a     long text argument (CVE-2023-44271)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0378 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

    * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

    * kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue     overhead (CVE-2023-3611)

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    * kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe     (CVE-2023-2163)

    * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

    * kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0340 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

    * kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

    * kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

    * kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

    * kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0387 advisory.

    PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

    Security Fix(es):

    * php: 1-byte array overrun in common path resolve code (CVE-2023-0568)

    * php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)

    * php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP     (CVE-2023-3247)

    * php: XML loading external entity without being enabled (CVE-2023-3823)

    * php: phar Buffer mismanagement (CVE-2023-3824)

    * php: Password_verify() always return true with some hash (CVE-2023-0567)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory.

  - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart     form data parser will parse an unlimited number of parts, including file parts. Parts can be a small     amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request     can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or     `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. The amount     of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory     and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all     available workers. Version 2.2.3 contains a patch for this issue. (CVE-2023-25577)

  - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x     before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers,     violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the     payload as an extra request. (CVE-2023-40225)

  - Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF     and then is followed by megabytes of data without these characters: all of these bytes are appended chunk     by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. This     vulnerability has been patched in version 3.0.1. (CVE-2023-46136)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1033 advisory.

  - A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by     use of a specially crafted environment variable. (CVE-2022-4318)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4898 advisory.

  - An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote,     authenticated attacker who has been given permissions update, patch the pods/ephemeralcontainers     subresource beyond what the default is. They would then need to create a new pod or patch one that they     already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of     a privileged pod. (CVE-2023-1260)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
189572	RHEL 9 : kernel-rt (RHSA-2024:0439)	high
189571	RHEL 9 : libcap (RHSA-2024:0436)	critical
189570	RHEL 9 : kernel (RHSA-2024:0432)	high
189569	RHEL 8 : tcpdump (RHSA-2024:0410)	medium
189568	RHEL 9 : openssh (RHSA-2024:0455)	critical
189567	RHEL 8 : curl (RHSA-2024:0428)	critical
189566	RHEL 8 : edk2 (RHSA-2024:0408)	critical
189565	RHEL 8 : freetype (RHSA-2024:0420)	critical
189564	RHEL 9 : grub2 (RHSA-2024:0437)	medium
189563	RHEL 8 : openssh (RHSA-2024:0429)	critical
189562	RHEL 8 : expat (RHSA-2024:0421)	high
189561	RHEL 9 : python-urllib3 (RHSA-2024:0464)	critical
189560	RHEL 8 : avahi (RHSA-2024:0418)	medium
189559	RHEL 9 : grub2 (RHSA-2024:0468)	medium
189558	RHEL 8 : libfastjson (RHSA-2024:0411)	high
189557	RHEL 8 : libxml2 (RHSA-2024:0413)	high
189556	RHEL 8 : rpm (RHSA-2024:0424)	medium
189555	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:0404)	high
189554	RHEL 9 : kpatch-patch (RHSA-2024:0386)	high
189553	RHEL 8 : kernel (RHSA-2024:0403)	critical
189552	RHEL 9 : kernel (RHSA-2024:0448)	high
189551	RHEL 9 : rpm (RHSA-2024:0463)	medium
189550	RHEL 9 : libssh (RHSA-2024:0499)	critical
189549	RHEL 8 : kernel (RHSA-2024:0412)	high
189548	RHEL 9 : python3.9 (RHSA-2024:0466)	critical
189547	RHEL 9 : rpm (RHSA-2024:0435)	medium
189546	RHEL 8 : perl-HTTP-Tiny (RHSA-2024:0422)	high
189545	RHEL 9 : sqlite (RHSA-2024:0465)	high
189544	RHEL 8 : libtasn1 (RHSA-2024:0427)	critical
189543	RHEL 8 : git (RHSA-2024:0407)	high
189542	RHEL 8 : oniguruma (RHSA-2024:0409)	critical
189541	RHEL 8 : ncurses (RHSA-2024:0416)	critical
189540	RHEL 9 : rpm (RHSA-2024:0453)	medium
189539	RHEL 8 : kernel-rt (RHSA-2024:0402)	critical
189538	RHEL 8 : python3 (RHSA-2024:0430)	critical
189530	RHEL 9 : OpenShift Container Platform 4.14.10 (RHSA-2024:0292)	medium
189529	RHEL 7 : kernel-rt (RHSA-2024:0347)	high
189528	RHEL 7 : kpatch-patch (RHSA-2024:0371)	high
189527	RHEL 8 : kpatch-patch (RHSA-2024:0376)	high
189526	RHEL 7 : LibRaw (RHSA-2024:0343)	high
189525	RHEL 8 : python-pip (RHSA-2024:0374)	critical
189524	RHEL 7 : kernel (RHSA-2024:0346)	high
189523	RHEL 9 : kpatch-patch (RHSA-2024:0381)	high
189522	RHEL 7 : python-pillow (RHSA-2024:0345)	high
189521	RHEL 8 : kpatch-patch (RHSA-2024:0378)	high
189488	RHEL 9 : kpatch-patch (RHSA-2024:0340)	high
189487	RHEL 9 : php:8.1 (RHSA-2024:0387)	critical
189458	RHCOS 4 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)	high
189457	RHCOS 4 : OpenShift Container Platform 4.12.6 (RHSA-2023:1033)	high
189456	RHCOS 4 : OpenShift Container Platform 4.10.67 (RHSA-2023:4898)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

critical

high

medium

critical

critical

critical

critical

medium

critical

high

critical

medium

medium

high

high

medium

high

high

critical

high

medium

critical

high

critical

medium

high

high

critical

high

critical

critical

medium

critical

critical

medium

high

high

high

high

critical

high

high

high

high

high

critical

high

high

high