The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5627 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance     Events (CVE-2023-2235)

    * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

    * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

    * kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and     cls_route (CVE-2023-4128)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    * kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer     dereference (CVE-2020-36558)

    * kernel: LoadPin bypass via dm-verity table reload (CVE-2022-2503)

    * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)

    * kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice     (CVE-2022-36879)

    * kernel: use-after-free due to race condition in qdisc_graft() (CVE-2023-0590)

    * kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head (CVE-2023-1095)

    * kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * [HPEMC RHEL 8 REGRESSION] acpi-cpufreq: Skip initialization if a cpufreq driver exists (BZ#2186307)

    * [max] RHEL8.4 Pre-Alpha - [ 4.18.0-240.4.el8.dt2.ppc64le ][ fleetwood / P9 64TB/192c ] While performing     DLPAR CPU operations BUG: arch topology borken messages are observed and CPU remove operation fails for     removal of 140 with 255 return (BZ#2210295)

    * [Intel 8.8 BUG] [SPR] IOMMU: QAT Device Address Translation Issue with Invalidation Completion Ordering     (BZ#2221098)

    * avoid unnecessary page fault retires on shared memory types (BZ#2221101)

    * [i40e] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource     temporarily unavailable (BZ#2228164)

    * oops on cifs_mount due to null tcon (BZ#2229129)

    * kernel panic due to stack overflow on ppc64le due to deep call chain. (BZ#2230268)

    * [Hyper-V][RHEL 8]incomplete fc_transport implementation in storvsc causes null dereference in     fc_timed_out() (BZ#2230744)

    * Withdrawal: GFS2: couldn't freeze filesystem: -16 (BZ#2231826)

    * [RHEL 8][Hyper-V]Excessive hv_storvsc driver logging with srb_status  SRB_STATUS_INTERNAL_ERROR  (0x30)     (BZ#2231989)

    * kernel-devel RPM cross-compiled by CKI contains host-arch scripts (BZ#2232138)

    * RHEL-8: crypto: rng - Fix lock imbalance in crypto_del_rng (BZ#2232216)

    * [Intel 8.9] iavf: Driver Update (BZ#2232400)

    * Important iavf bug fixes July 2023 (BZ#2232401)

    * iavf: hang in iavf_remove() - SNO node hangs after running systemctl reboot (BZ#2232404)

    * [RHEL 8.9] Proactively backport locking fixes from upstream (BZ#2235394)

    * NAT sport clash in OCP causing 1 second TCP connection establishment delay. (BZ#2236515)

    * xfs: mount fails when device file name is long (BZ#2236814)

    * netfilter: RHEL 8.8 phase 2 backports from upstream (BZ#2236817)

    * swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in     swap code (BZ#2237686)

    Enhancement(s):

    * [Intel 8.7 FEAT] TSC: Avoid clock watchdog when not needed (BZ#2216051)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5591 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * hw: amd: Cross-Process Information Leak (CVE-2023-20593)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5610 advisory.

    The GNU tar program can save multiple files in an archive and restore files from an archive.

    Security Fix(es):

    * tar: heap buffer overflow at from_header() in list.c via specially crafted checksum (CVE-2022-48303)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5616 advisory.

    Python-reportlab is a library used for generation of PDF documents.

    Security Fix(es):

    * python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5622 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

    * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege     escalation (CVE-2023-32233)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Low memory deadlock with md devices and external (imsm) metadata handling (BZ#1703180)

    * cifs: memory leak in smb2_query_symlink (BZ#2166706)

    * bnxt_en: panic in bnxt_tx_int Redux (BZ#2175062)

    * NFS client loop in BIND_CONN_TO_SESSION (BZ#2219604)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5588 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c     (CVE-2022-42896)

    * kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and     cls_route (CVE-2023-4128)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * kernel-rt: update RT source tree to the RHEL-8.2.z29 source tree (BZ#2232651)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5587 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution for     Linux on numerous hardware platforms. The virt:rhel module contains packages     which provide user-space components used to run virtual machines using KVM. The     packages also provide APIs for managing and interacting with the virtualized     systems.

    Security Fix(es):

    * QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of     service (CVE-2023-3354)

    * NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image     (CVE-2022-40284)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5621 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

    * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege     escalation (CVE-2023-32233)

    * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * kernel-rt: update to the latest RHEL7.9.z26 source tree (BZ#2232239)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5539 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5538 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5537 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5536 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5529 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5527 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5534 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    The package has been upgraded to a later upstream version: nodejs (16.20.2).

    Security Fix(es):

    * nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)

    * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)

    * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)

    * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)

    * nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)

    * nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)

    * nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)

    * nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)

    * nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()     (CVE-2023-32006)

    * nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)

    * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)

    * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * nodejs: Rebase to the latest Nodejs 16 release [rhel-9] (BZ#2236435, BZ#2178078, BZ#2223335)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5526 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5528 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5540 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5531 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5535 advisory.

    The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec,     commonly used with the WebM multimedia container file format.

    Security Fix(es):

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5532 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    Security Fix(es):

    * nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)

    * nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()     (CVE-2023-32006)

    * nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * nodejs: Rebase to the latest Nodejs 16 release [rhel-9] (BZ#2236434)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5486 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)

    * log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

    * nodejs-semver: Regular expression denial of service (CVE-2022-25883)

    * wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an     Unauthorized actor (CVE-2023-4061)

    * tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

    * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)

    * netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5485 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)

    * log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

    * nodejs-semver: Regular expression denial of service (CVE-2022-25883)

    * wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an     Unauthorized actor (CVE-2023-4061)

    * tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

    * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)

    * netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5475 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.3.1.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5484 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)

    * log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

    * nodejs-semver: Regular expression denial of service (CVE-2022-25883)

    * wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an     Unauthorized actor (CVE-2023-4061)

    * tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

    * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)

    * netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5476 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5455 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)

    * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)

    * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806)

    * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5458 advisory.

    Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files.
    It reads configuration file snippets from different directories and builds the final configuration file     from it.

    Security Fix(es):

    * libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c (CVE-2023-30079)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5457 advisory.

    FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3,     ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

    Security Fix(es):

    * frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router     (CVE-2023-38802)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5472 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5460 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5454 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5464 advisory.

    FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3,     ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

    Security Fix(es):

    * frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router     (CVE-2023-38802)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5453 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)

    * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)

    * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806)

    * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5456 advisory.

    Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an     emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of     third-party libraries.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5461 advisory.

    ImageMagick is an image display and manipulation tool for the X Window System that can read and write     multiple image formats.

    Security Fix(es):

    * ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5462 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5463 advisory.

    Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an     emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of     third-party libraries.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5465 advisory.

    FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3,     ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

    Security Fix(es):

    * frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router     (CVE-2023-38802)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5459 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices     (CVE-2023-36664)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5477 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.3.1 ESR.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5473 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5474 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5438 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.3.1.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5432 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.3.1.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5430 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.3.1.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5437 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.3.1 ESR.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5426 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.3.1 ESR.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5439 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.3.1.

    Security Fix(es):

    * firefox: use-after-free in workers (CVE-2023-3600)

    * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

    * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

    * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3     (CVE-2023-5176)

    * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
182828	RHEL 8 : kernel (RHSA-2023:5627)	critical
182827	RHEL 8 : linux-firmware (RHSA-2023:5591)	critical
182826	RHEL 8 : tar (RHSA-2023:5610)	medium
182825	RHEL 7 : python-reportlab (RHSA-2023:5616)	critical
182824	RHEL 7 : kernel (RHSA-2023:5622)	critical
182823	RHEL 8 : kernel-rt (RHSA-2023:5588)	high
182822	RHEL 8 : virt:rhel (RHSA-2023:5587)	high
182821	RHEL 7 : kernel-rt (RHSA-2023:5621)	critical
182788	RHEL 9 : libvpx (RHSA-2023:5539)	high
182787	RHEL 8 : libvpx (RHSA-2023:5538)	high
182786	RHEL 8 : libvpx (RHSA-2023:5537)	high
182785	RHEL 8 : libvpx (RHSA-2023:5536)	high
182784	RHEL 8 : bind (RHSA-2023:5529)	high
182783	RHEL 8 : bind (RHSA-2023:5527)	high
182782	RHEL 8 : libvpx (RHSA-2023:5534)	high
182781	RHEL 9 : nodejs (RHSA-2023:5533)	critical
182780	RHEL 8 : bind (RHSA-2023:5526)	high
182779	RHEL 8 : python3 (RHSA-2023:5528)	high
182778	RHEL 9 : libvpx (RHSA-2023:5540)	high
182777	RHEL 8 : python3 (RHSA-2023:5531)	high
182776	RHEL 8 : libvpx (RHSA-2023:5535)	high
182775	RHEL 9 : nodejs (RHSA-2023:5532)	critical
182684	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9 (Important) (RHSA-2023:5486)	critical
182683	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8 (Important) (RHSA-2023:5485)	critical
182623	RHEL 7 : thunderbird (RHSA-2023:5475)	critical
182622	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 (Important) (RHSA-2023:5484)	critical
182621	RHEL 8 : glibc (RHSA-2023:5476)	high
182608	RHEL 8 : glibc (RHSA-2023:5455)	high
182607	RHEL 9 : libeconf (RHSA-2023:5458)	high
182606	RHEL 9 : frr (RHSA-2023:5457)	high
182605	RHEL 9 : python3.9 (RHSA-2023:5472)	high
182604	RHEL 8 : bind9.16 (RHSA-2023:5460)	high
182603	RHEL 9 : glibc (RHSA-2023:5454)	high
182602	RHEL 8 : frr (RHSA-2023:5464)	high
182601	RHEL 9 : glibc (RHSA-2023:5453)	high
182600	RHEL 9 : python3.11 (RHSA-2023:5456)	high
182599	RHEL 7 : ImageMagick (RHSA-2023:5461)	high
182598	RHEL 9 : python3.9 (RHSA-2023:5462)	high
182597	RHEL 8 : python3.11 (RHSA-2023:5463)	high
182596	RHEL 8 : frr (RHSA-2023:5465)	high
182595	RHEL 9 : ghostscript (RHSA-2023:5459)	high
182594	RHEL 7 : firefox (RHSA-2023:5477)	critical
182593	RHEL 8 : bind (RHSA-2023:5473)	high
182592	RHEL 8 : bind (RHSA-2023:5474)	high
182555	RHEL 8 : thunderbird (RHSA-2023:5438)	critical
182554	RHEL 8 : thunderbird (RHSA-2023:5432)	critical
182553	RHEL 8 : thunderbird (RHSA-2023:5430)	critical
182552	RHEL 8 : firefox (RHSA-2023:5437)	critical
182551	RHEL 8 : firefox (RHSA-2023:5426)	critical
182540	RHEL 9 : thunderbird (RHSA-2023:5439)	critical

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

critical

critical

medium

critical

critical

high

high

critical

high

high

high

high

high

high

high

critical

high

high

high

high

high

critical

critical

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

high

high

critical

critical

critical

critical

critical

critical