The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6887 advisory.

    The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java     Software Development Kit.

    Security Fix(es):

    * OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121) (CVE-2023-22025)

    * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 21.0.0     release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release,     21.0.1, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With     both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true.

    * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 20.0.0     release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some     JAR files. This release, 20.0.1, increases it to 16 MB. (RHEL-14952)

    * When Transparent Huge Pages (THP) are unconditionally enabled on a system, Java applications using many     threads were found to have a large Resident Set Size (RSS). This was due to a race between the kernel     transforming thread stack memory into huge pages and the Java Virtual Machine (JVM) shattering these pages     into smaller ones when adding a guard page. This release resolves this issue by getting glibc to insert a     guard page and prevent the creation of huge pages. (RHEL-14961)

    * Installing the same java-21-openjdk-headless package on two different systems resulted in distinct     classes.jsa files getting generated. This was because the CDS archive was being generated by a post script     action of the java-21-openjdk-headless package. This prevented the use of the dynamic dump feature,     because the checksum in the archive would be different on each system. This release resolves this issue by     using the .jsa files generated during the initial build. (RHEL-14944)

    * The /usr/bin/jfr alternative is now owned by the java-21-openjdk package. (RHEL-14960)

    * The jcmd tool is now provided by the java-21-openjdk-headless package, rather than java-21-openjdk-     devel, to make it more accessible. (RHEL-14950)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6938 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents     (CVE-2022-3064)

    * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

    * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

    * golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

    * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

    * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption     (CVE-2023-24536)

    * golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

    * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

    * golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

    * runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)

    * runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

    * runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount     configuration (CVE-2023-28642)

    * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

    * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6933 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Empty entry in Java class path (CVE-2022-38745)

    * libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

    * libreoffice: Arbitrary file write (CVE-2023-1183)

    * libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6976 advisory.

    The libfastjson library provides essential JavaScript Object Notation (JSON) handling functions. The     library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert     JSON-formatted strings back to the C representation of JSON objects.

    Security Fix(es):

    * json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file (CVE-2020-12762)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7190 advisory.

    Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero     Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware     applications allow you to plug your computer into a network and, with no configuration, view other people     to chat with, view printers to print with, and find shared files on other computers.

    Security Fix(es):

    * avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7160 advisory.

    The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on     cards that support cryptographic operations and enables their use for authentication, mail encryption, or     digital signatures.

    Security Fix(es):

    * opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package (CVE-2023-2977)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7202 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * could not find symbol `criu_set_lsm_mount_context` in `libcriu.so` (BZ#2242871)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7077 advisory.

  - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in     drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a     crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28388)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this     vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The     manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to     apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
    (CVE-2022-3594)

  - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function     l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads     to use after free. It is recommended to apply a patch to fix this issue. The identifier of this     vulnerability is VDB-211944. (CVE-2022-3640)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - Information exposure through microarchitectural state after transient execution in certain vector     execution units for some Intel(R) Processors may allow an authenticated user to potentially enable     information disclosure via local access. (CVE-2022-40982)

  - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req     function which can be used to leak kernel pointers remotely. We recommend upgrading past commit     https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e     https://www.google.com/url (CVE-2022-42895)

  - A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to     cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the     TDP MMU are enabled. (CVE-2022-45869)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a     memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)

  - A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user     registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw     allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)

  - A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The     resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be     used to leak the contents. We recommend upgrading past version 6.1.8 or commit     739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)

  - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race     problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race     condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)

  - A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was     found in the way user can guess location of exception stack(s) or other important data. A local user could     use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)

  - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a     user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their     privileges on the system. (CVE-2023-1073)

  - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may     occur when a user starts a malicious networking service and someone connects to this service. This could     allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)

  - A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness,     potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field     that overlaps with rec->tx_ready. (CVE-2023-1075)

  - A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when     plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to     the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED     controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led     structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
    (CVE-2023-1079)

  - A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the     way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate     their privileges on the system. (CVE-2023-1118)

  - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6     functionality when a user makes a new kind of SYN flood attack. A user located in the local network or     with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up     to 95%. (CVE-2023-1206)

  - A use-after-free flaw was found in the Linux kernel's Ext4 File System in how a user triggers several file     operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially     escalate their privileges on the system. Only if patch 9a2544037600 (ovl: fix use after free in struct     ovl_aio_req) not applied yet, the kernel could be affected. (CVE-2023-1252)

  - A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This     issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc     protocol in the Linux kernel. (CVE-2023-1382)

  - A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware     Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system     due to a race problem. This vulnerability could even lead to a kernel information leak problem.
    (CVE-2023-1855)

  - A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In     this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on     hdev devices. (CVE-2023-1989)

  - The Linux kernel allows userspace processes to enable mitigations by calling prctl with     PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed     that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to     attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be     observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened     because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that     STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
    However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons,     which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target     injection against which STIBP protects. (CVE-2023-1998)

  - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition     rather than valid classification results). (CVE-2023-23455)

  - A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the     extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system     crash or other undefined behaviors. (CVE-2023-2513)

  - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure     (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)

  - A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in     the Linux Kernel. The message from user space is not checked properly before transferring into the device.
    This flaw allows a local user to crash the system or potentially cause a denial of service.
    (CVE-2023-28328)

  - An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer     overflow. (CVE-2023-28772)

  - An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64     lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

  - An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a     blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is     called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event,     down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and     down(&fepriv->sem) may block the process. (CVE-2023-31084)

  - A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the     Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading     to a kernel information leak. (CVE-2023-3141)

  - qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write     because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

  - A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and     font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds     occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)

  - A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on     corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it     has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
    (CVE-2023-3212)

  - An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in     kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel     internal information. (CVE-2023-3268)

  - The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in     drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
    (CVE-2023-33203)

  - A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within     the handling of GEM objects. The issue results from improper locking when performing operations on an     object. This flaw allows a local privileged user to disclose information in the context of the kernel.
    (CVE-2023-33951)

  - A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the     handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an     object prior to performing further free operations on the object. This flaw allows a local privileged user     to escalate privileges and execute code in the context of the kernel. (CVE-2023-33952)

  - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in     drivers/media/pci/saa7134/saa7134-core.c. (CVE-2023-35823)

  - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in     drivers/media/pci/dm1105/dm1105.c. (CVE-2023-35824)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to     achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return     an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can     control the reference counter and set it to zero, they can cause the reference to be freed, leading to a     use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
    (CVE-2023-3609)

  - An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited     to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-     of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend     upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs     during device initialization when the siano device is plugged in. This flaw allows a local user to crash     the system, causing a denial of service condition. (CVE-2023-4132)

  - A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using     SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke     the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can     trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel     configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to     achieve local privilege escalation. When route4_change() is called on an existing filter, the whole     tcf_result struct is always copied into the new instance of the filter. This causes a problem when     updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the     success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading     to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
    (CVE-2023-4206)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to     achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result     struct is always copied into the new instance of the filter. This causes a problem when updating a filter     bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path,     decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-     free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec. (CVE-2023-4207)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to     achieve local privilege escalation. When u32_change() is called on an existing filter, the whole     tcf_result struct is always copied into the new instance of the filter. This causes a problem when     updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the     success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading     to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
    (CVE-2023-4208)

  - A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this     flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement     referencing pmd_t x. (CVE-2023-4732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7053 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: buffer overflow in base/sbcp.c leading to data corruption (CVE-2023-28879)

    * ghostscript: Out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in DoS     (CVE-2023-38559)

    * ghostscript: Incomplete fix for CVE-2020-16305 (CVE-2023-4042)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7187 advisory.

    The procps-ng packages contain a set of system utilities that provide system information, including ps,     free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.

    Security Fix(es):

    * procps: ps buffer overflow (CVE-2023-4016)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7052 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: Invalid IKEv2 REKEY proposal causes restart (CVE-2023-38710)

    * libreswan: Invalid IKEv1 Quick Mode ID causes restart (CVE-2023-38711)

    * libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart (CVE-2023-38712)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6939 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents     (CVE-2022-3064)

    * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

    * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

    * golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

    * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

    * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption     (CVE-2023-24536)

    * golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

    * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

    * golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

    * containerd: Supplementary groups are not set up properly (CVE-2023-25173)

    * runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)

    * runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

    * runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount     configuration (CVE-2023-28642)

    * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

    * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7177 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    Security Fix(es):

    * bind: flooding with UPDATE requests may lead to DoS (CVE-2022-3094)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7150 advisory.

    The librabbitmq packages provide an Advanced Message Queuing Protocol (AMQP) client library that allows     you to communicate with AMQP servers using protocol version 0-9-1.

    Security Fix(es):

    * rabbitmq-c/librabbitmq: Insecure credentials submission (CVE-2023-35789)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7174 advisory.

    HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl.

    Security Fix(es):

    * http-tiny: insecure TLS cert default (CVE-2023-31486)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7213 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data     objects.

    Security Fix(es):

    * squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)

    * squid: Request/Response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7112 advisory.

    The shadow-utils packages include programs for converting UNIX password files to the shadow password     format, as well as utilities for managing user and group accounts.

    Security Fix(es):

    * shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7083 advisory.

    GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing     features, a scripting language (elisp), and the capability to read e-mail and news.

    Security Fix(es):

    * emacs: command execution via shell metacharacters (CVE-2022-48337)

    * emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7050 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: tarfile module directory traversal (CVE-2007-4559)

    * python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7025 advisory.

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text     files and to perform system management tasks.

    Security Fix(es):

    * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)

    * ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

    * ruby: ReDoS vulnerability in URI (CVE-2023-28755)

    * ruby: ReDoS vulnerability in Time (CVE-2023-28756)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6901 advisory.

  - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in     drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a     crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28388)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this     vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The     manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to     apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
    (CVE-2022-3594)

  - A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function     l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads     to use after free. It is recommended to apply a patch to fix this issue. The identifier of this     vulnerability is VDB-211944. (CVE-2022-3640)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - Information exposure through microarchitectural state after transient execution in certain vector     execution units for some Intel(R) Processors may allow an authenticated user to potentially enable     information disclosure via local access. (CVE-2022-40982)

  - There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req     function which can be used to leak kernel pointers remotely. We recommend upgrading past commit     https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e     https://www.google.com/url (CVE-2022-42895)

  - A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to     cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the     TDP MMU are enabled. (CVE-2022-45869)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a     memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)

  - A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user     registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw     allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)

  - A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The     resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be     used to leak the contents. We recommend upgrading past version 6.1.8 or commit     739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)

  - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race     problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race     condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)

  - A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was     found in the way user can guess location of exception stack(s) or other important data. A local user could     use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)

  - A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a     user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their     privileges on the system. (CVE-2023-1073)

  - A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may     occur when a user starts a malicious networking service and someone connects to this service. This could     allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)

  - A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness,     potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field     that overlaps with rec->tx_ready. (CVE-2023-1075)

  - A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when     plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to     the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED     controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led     structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
    (CVE-2023-1079)

  - A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the     way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate     their privileges on the system. (CVE-2023-1118)

  - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6     functionality when a user makes a new kind of SYN flood attack. A user located in the local network or     with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up     to 95%. (CVE-2023-1206)

  - A use-after-free flaw was found in the Linux kernel's Ext4 File System in how a user triggers several file     operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially     escalate their privileges on the system. Only if patch 9a2544037600 (ovl: fix use after free in struct     ovl_aio_req) not applied yet, the kernel could be affected. (CVE-2023-1252)

  - A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This     issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc     protocol in the Linux kernel. (CVE-2023-1382)

  - A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware     Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system     due to a race problem. This vulnerability could even lead to a kernel information leak problem.
    (CVE-2023-1855)

  - A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In     this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on     hdev devices. (CVE-2023-1989)

  - The Linux kernel allows userspace processes to enable mitigations by calling prctl with     PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed     that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to     attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be     observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened     because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that     STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
    However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons,     which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target     injection against which STIBP protects. (CVE-2023-1998)

  - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition     rather than valid classification results). (CVE-2023-23455)

  - A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the     extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system     crash or other undefined behaviors. (CVE-2023-2513)

  - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure     (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)

  - A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in     the Linux Kernel. The message from user space is not checked properly before transferring into the device.
    This flaw allows a local user to crash the system or potentially cause a denial of service.
    (CVE-2023-28328)

  - An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer     overflow. (CVE-2023-28772)

  - An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64     lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

  - An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a     blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is     called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event,     down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and     down(&fepriv->sem) may block the process. (CVE-2023-31084)

  - A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the     Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading     to a kernel information leak. (CVE-2023-3141)

  - qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write     because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

  - A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and     font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds     occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)

  - A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on     corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it     has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
    (CVE-2023-3212)

  - An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in     kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel     internal information. (CVE-2023-3268)

  - The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in     drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
    (CVE-2023-33203)

  - A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within     the handling of GEM objects. The issue results from improper locking when performing operations on an     object. This flaw allows a local privileged user to disclose information in the context of the kernel.
    (CVE-2023-33951)

  - A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the     handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an     object prior to performing further free operations on the object. This flaw allows a local privileged user     to escalate privileges and execute code in the context of the kernel. (CVE-2023-33952)

  - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in     drivers/media/pci/saa7134/saa7134-core.c. (CVE-2023-35823)

  - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in     drivers/media/pci/dm1105/dm1105.c. (CVE-2023-35824)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to     achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return     an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can     control the reference counter and set it to zero, they can cause the reference to be freed, leading to a     use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
    (CVE-2023-3609)

  - An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited     to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-     of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend     upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs     during device initialization when the siano device is plugged in. This flaw allows a local user to crash     the system, causing a denial of service condition. (CVE-2023-4132)

  - A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using     SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke     the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can     trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel     configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to     achieve local privilege escalation. When route4_change() is called on an existing filter, the whole     tcf_result struct is always copied into the new instance of the filter. This causes a problem when     updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the     success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading     to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
    (CVE-2023-4206)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to     achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result     struct is always copied into the new instance of the filter. This causes a problem when updating a filter     bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path,     decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-     free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec. (CVE-2023-4207)

  - A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to     achieve local privilege escalation. When u32_change() is called on an existing filter, the whole     tcf_result struct is always copied into the new instance of the filter. This causes a problem when     updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the     success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading     to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
    (CVE-2023-4208)

  - A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this     flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement     referencing pmd_t x. (CVE-2023-4732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7029 advisory.

    The libX11 packages contain the core X11 protocol client library.

    Security Fix(es):

    * libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request     leads to a buffer overflow (CVE-2023-3138)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7058 advisory.

    rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and     subscription management.

    Security Fix(es):

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7139 advisory.

    Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common     Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and     various information.

    The following packages have been upgraded to a later upstream version: samba (4.18.6). (BZ#2190417)

    Security Fix(es):

    * samba: out-of-bounds read in winbind AUTH_CRAP (CVE-2022-2127)

    * samba: infinite loop in mdssvc RPC service for spotlight (CVE-2023-34966)

    * samba: type confusion in mdssvc RPC service for spotlight (CVE-2023-34967)

    * samba: spotlight server-side share path disclosure (CVE-2023-34968)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7109 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7042 advisory.

    Python is an interpreted, interactive, object-oriented programming language that supports modules,     classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a     stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and     PostgreSQL.

    Security Fix(es):

    * python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7015 advisory.

    The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running     on a computer network.

    Security Fix(es):

    * wireshark: RTPS dissector crash (CVE-2023-0666)

    * wireshark: VMS TCPIPtrace file parser crash (CVE-2023-2856)

    * wireshark: NetScaler file parser crash (CVE-2023-2858)

    * wireshark: XRA dissector infinite loop (CVE-2023-2952)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7010 advisory.

    The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk,     network, and other I/O activity.

    Security Fix(es):

    * sysstat: check_overflow() function can work incorrectly that lead to an overflow (CVE-2023-33204)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6944 advisory.

    The protobuf-c packages provide C bindings for Google's Protocol Buffers.

    Security Fix(es):

    * protobuf-c: unsigned integer overflow in parse_required_member (CVE-2022-48468)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6943 advisory.

    The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special     scripts to run during initialization to retrieve and install SSH keys, and to let the user run various     scripts.

    Security Fix(es):

    * cloud-init: sensitive data could be exposed in logs (CVE-2023-1786)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6940 advisory.

    The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an     Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

    Security Fix(es):

    * mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character (CVE-2022-23527)

    * mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is     supplied (CVE-2023-28625)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6916 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability     (CVE-2023-1393)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7046 advisory.

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic     Host Configuration Protocol) server.

    Security Fix(es):

    * dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7024 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: tarfile module directory traversal (CVE-2007-4559)

    * python: file path truncation at \0 characters (CVE-2023-41105)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7165 advisory.

    The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar     operating systems.

    Security Fix(es):

    * cups: heap buffer overflow may lead to DoS (CVE-2023-32324)

    * cups: use-after-free in cupsdAcceptClient() in scheduler/client.c (CVE-2023-34241)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7090 advisory.

    GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another     application.

    Security Fix(es):

    * libmicrohttpd: remote DoS (CVE-2023-27371)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6886 advisory.

    The Plexus project provides a full software stack for creating and executing software projects. Based on     the Plexus container, the applications can utilise component-oriented programming to build modular,     reusable components that can easily be assembled and reused. The plexus-archiver component provides     functions to create and extract archives.

    Security Fix(es):

    * plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6882 advisory.

    The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web     clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from squid34, this version of     Red Hat Enterprise Linux also includes the squid packages which provide Squid version 3.1.

    Security Fix(es):

    * squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6883 advisory.

    MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

    Security Fix(es):

    * mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 (CVE-2023-5157)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6885 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6884 advisory.

    Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data     objects.

    Security Fix(es):

    * squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6799 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

    * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function     (CVE-2023-3776)

    * kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6823 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: TLS handshake bypass (CVE-2023-40217)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6822 advisory.

    MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

    Security Fix(es):

    * mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 (CVE-2023-5157)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6821 advisory.

    MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

    Security Fix(es):

    * mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 (CVE-2023-5157)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6796 advisory.

    Red Hat Insights is a service that provides analysis of registered Red Hat-based systems. The insights-     client package can gather the required data (such as installed packages, running services, or software     configurations) to proactively identify threats to security, performance, and stability across your     environment.

    Security Fix(es):

    * insights-client: unsafe handling of temporary files and directories (CVE-2023-3972)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6802 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6798 advisory.

    Red Hat Insights is a service that provides analysis of registered Red Hat-based systems. The insights-     client package can gather the required data (such as installed packages, running services, or software     configurations) to proactively identify threats to security, performance, and stability across your     environment.

    Security Fix(es):

    * insights-client: unsafe handling of temporary files and directories (CVE-2023-3972)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6811 advisory.

    Red Hat Insights is a service that provides analysis of registered Red Hat-based systems. The insights-     client package can gather the required data (such as installed packages, running services, or software     configurations) to proactively identify threats to security, performance, and stability across your     environment.

    Security Fix(es):

    * insights-client: unsafe handling of temporary files and directories (CVE-2023-3972)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6793 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    The following packages have been upgraded to a later upstream version: rh-python38-python (3.8.18), rh-     python38-python-cryptography (2.8), rh-python38-python-pip (19.3.1), rh-python38-python-requests (2.22.0),     rh-python38-python-setuptools (41.6.0), rh-python38-python-wheel (0.33.6).

    Security Fix(es):

    * python: urllib.parse url blocklisting bypass (CVE-2023-24329)

    * python: TLS handshake bypass (CVE-2023-40217)

    * python: tarfile module directory traversal (CVE-2007-4559)

    * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)

    * python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli     (CVE-2022-40898)

    * python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)

    * python-cryptography: memory corruption via immutable objects (CVE-2023-23931)

    * python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
185686	RHEL 8 : java-21-openjdk (RHSA-2023:6887)	low
185685	RHEL 8 : container-tools:4.0 (RHSA-2023:6938)	critical
185684	RHEL 8 : libreoffice (RHSA-2023:6933)	high
185683	RHEL 8 : libfastjson (RHSA-2023:6976)	high
185682	RHEL 8 : avahi (RHSA-2023:7190)	medium
185681	RHEL 8 : opensc (RHSA-2023:7160)	high
185680	RHEL 8 : container-tools:4.0 (RHSA-2023:7202)	medium
185679	RHEL 8 : kernel (RHSA-2023:7077)	high
185678	RHEL 8 : ghostscript (RHSA-2023:7053)	critical
185677	RHEL 8 : procps-ng (RHSA-2023:7187)	low
185676	RHEL 8 : libreswan (RHSA-2023:7052)	medium
185675	RHEL 8 : container-tools:rhel8 (RHSA-2023:6939)	high
185674	RHEL 8 : bind (RHSA-2023:7177)	high
185673	RHEL 8 : librabbitmq (RHSA-2023:7150)	medium
185672	RHEL 8 : perl-HTTP-Tiny (RHSA-2023:7174)	high
185671	RHEL 8 : squid:4 (RHSA-2023:7213)	medium
185670	RHEL 8 : shadow-utils (RHSA-2023:7112)	medium
185669	RHEL 8 : emacs (RHSA-2023:7083)	critical
185668	RHEL 8 : python38:3.8 and python38-devel:3.8 (RHSA-2023:7050)	high
185667	RHEL 8 : ruby:2.5 (RHSA-2023:7025)	high
185666	RHEL 8 : kernel-rt (RHSA-2023:6901)	high
185665	RHEL 8 : libX11 (RHSA-2023:7029)	high
185664	RHEL 8 : rhc (RHSA-2023:7058)	high
185663	RHEL 8 : samba (RHSA-2023:7139)	medium
185662	RHEL 8 : linux-firmware (RHSA-2023:7109)	medium
185661	RHEL 8 : python27:2.7 (RHSA-2023:7042)	critical
185660	RHEL 8 : wireshark (RHSA-2023:7015)	medium
185659	RHEL 8 : sysstat (RHSA-2023:7010)	high
185658	RHEL 8 : protobuf-c (RHSA-2023:6944)	medium
185657	RHEL 8 : cloud-init (RHSA-2023:6943)	medium
185656	RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:6940)	medium
185655	RHEL 8 : xorg-x11-server (RHSA-2023:6916)	high
185654	RHEL 8 : dnsmasq (RHSA-2023:7046)	high
185652	RHEL 8 : python3.11 (RHSA-2023:7024)	high
185651	RHEL 8 : cups (RHSA-2023:7165)	high
185650	RHEL 8 : libmicrohttpd (RHSA-2023:7090)	medium
185498	RHEL 7 : plexus-archiver (RHSA-2023:6886)	critical
185495	RHEL 6 : squid34 (RHSA-2023:6882)	high
185494	RHEL 9 : galera and mariadb (RHSA-2023:6883)	high
185493	RHEL 7 : python (RHSA-2023:6885)	high
185492	RHEL 6 : squid (RHSA-2023:6884)	high
185419	RHEL 8 : kpatch-patch (RHSA-2023:6799)	critical
185381	RHEL 7 : python3 (RHSA-2023:6823)	high
185380	RHEL 8 : mariadb:10.5 (RHSA-2023:6822)	high
185379	RHEL 8 : mariadb:10.5 (RHSA-2023:6821)	high
185376	RHEL 9 : insights-client (RHSA-2023:6796)	high
185375	RHEL 7 : xorg-x11-server (RHSA-2023:6802)	high
185370	RHEL 8 : insights-client (RHSA-2023:6798)	high
185369	RHEL 8 : insights-client (RHSA-2023:6811)	high
185367	RHEL 7 : rh-python38-python (RHSA-2023:6793)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

low

critical

high

high

medium

high

medium

high

critical

low

medium

high

high

medium

high

medium

medium

critical

high

high

high

high

high

medium

medium

critical

medium

high

medium

medium

medium

high

high

high

high

medium

critical

high

high

high

high

critical

high

high

high

high

high

high

high

high