'Fudousan Plugin' Series Security Vulnerabilities
Oracle Linux 8 : pam (ELSA-2024-3163)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3163 advisory. [1.3.1-33] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21242 [1.3.1-32] - pam_access:...
6.2AI Score
Fedora 40 : buildah (2024-77a0ab280f)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-77a0ab280f advisory. Security fix for CVE-2024-3727 Automatic update for buildah-1.35.4-1.fc40. ##### Changelog for buildah ``` * Fri May 10 2024 Packit <[email protected]>...
7AI Score
Oracle Linux 8 : gstreamer1-plugins-base (ELSA-2024-3088)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3088 advisory. [1.16.1-3.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-3] - CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing - Resolves:...
6.8AI Score
Oracle Linux 8 : traceroute (ELSA-2024-3211)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3211 advisory. [3:2.1.0-8] - add gating.yaml [3:2.1.0-7] - fix improper command line parsing (CVE-2023-46316) Tenable has extracted the preceding description block directly...
6.9AI Score
Oracle Linux 8 : motif (ELSA-2024-3022)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3022 advisory. [2.3.4-20] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted...
6.9AI Score
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...
7AI Score
Oracle Linux 8 : ghostscript (ELSA-2024-2966)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2966 advisory. [9.27-12] - fix to prevent divison by zero in devices - Resolves: rhbz#2235009 Tenable has extracted the preceding description block directly from the Oracle...
6.7AI Score
Oracle Linux 8 : kernel (ELSA-2024-3138)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3138 advisory. [4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was....
7.8AI Score
Oracle Linux 8 : libX11 (ELSA-2024-2973)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2973 advisory. [1.6.8-8] - Backport fix for Xlib lockups due to recursive XError (RHEL-23452) [1.6.8-7] - Fix CVE-2023-43785: out-of-bounds memory access in...
7.7AI Score
Oracle Linux 8 : systemd (ELSA-2024-3203)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3203 advisory. [239-82.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old...
6.6AI Score
AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability May 28, 2024 CVE Number CVE-2024-21785 SUMMARY A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E...
7.8AI Score
Oracle Linux 8 : harfbuzz (ELSA-2024-2980)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2980 advisory. [1.7.5-4] - Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive marks Tenable has extracted the preceding description block directly...
6.9AI Score
RHEL 9 : rust (RHSA-2024:3418)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3418 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security...
6.5AI Score
Talos Vulnerability Report TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-23315 SUMMARY A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory...
7AI Score
Oracle Linux 8 : mutt (ELSA-2024-3058)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3058 advisory. [5:2.0.7-3] - Fix for: CVE-2023-4874 CVE-2023-4875 - Resolves: RHEL-2811 Tenable has extracted the preceding description block directly from the Oracle.....
7.1AI Score
RHEL 9 : kernel-rt (RHSA-2024:3414)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3414 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
7.3AI Score
Oracle Linux 8 : python3.11-urllib3 (ELSA-2024-2986)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2986 advisory. [1.26.12-2] - Security fix for CVE-2023-43804 Resolves: RHEL-11996 Tenable has extracted the preceding description block directly from the Oracle Linux...
6.6AI Score
Oracle Linux 8 : grub2 (ELSA-2024-3184)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3184 advisory. [2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure...
7AI Score
Oracle Linux 8 : LibRaw (ELSA-2024-2994)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2994 advisory. [0.19.5-4] - Backport fix for CVE-2021-32142 from upstream Resolves: RHEL-9523 Tenable has extracted the preceding description block directly from the...
6.7AI Score
Oracle Linux 8 : ansible-core (ELSA-2024-3043)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3043 advisory. [2.16.3-2] - rebuild with python 3.12 (RHEL-24141) [2.16.3-1] - ansible-core 2.16.3 release (RHEL-23782) - Fix CVE-2024-0690 (possible information leak in tasks.....
6.5AI Score
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-2962)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2962 advisory. hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream...
7.8AI Score
Oracle Linux 8 : qt5-qtbase (ELSA-2024-3056)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3056 advisory. [5.15.3-7] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25725 [5.15.3-6] - Fix incorrect integer...
7.3AI Score
Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...
7.2AI Score
Oracle Linux 8 : pcs (ELSA-2024-2953)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency...
7AI Score
Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...
8AI Score
Talos Vulnerability Report TALOS-2024-1940 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Write-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-22187 SUMMARY A write-what-where vulnerability exists in the Programming Software Connection Remote Memory...
7.6AI Score
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
7.2AI Score
Oracle Linux 8 : freeglut (ELSA-2024-3120)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3120 advisory. [3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves:...
7.1AI Score
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2024-624)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-624 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a ...
8AI Score
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2024-632)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-632 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...
7AI Score
RHEL 9 : mod_http2 (RHSA-2024:3417)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3417 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...
6.7AI Score
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-625)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-625 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...
7.2AI Score
Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro:...
8AI Score
Amazon Linux 2023 : bcc, bcc-devel, bcc-tools (ALAS2023-2024-626)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-626 advisory. If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux...
6.3AI Score
RHEL 9 : kpatch-patch (RHSA-2024:3427)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3427 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...
7AI Score
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type...
7.1AI Score
AlmaLinux 9 : glibc (ALSA-2024:3339)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3339 advisory. * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache...
7.7AI Score
Oracle Linux 8 : openssh (ELSA-2024-3166)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3166 advisory. [8.0p1-24.0.1] - Update upstream references [Orabug: 36587718] [8.0p1-24] - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves:...
6.7AI Score
Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-2996)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2996 advisory. [21.1.3-15] Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 [21.1.3-14] - Fix for...
7AI Score
Oracle Linux 8 : webkit2gtk3 (ELSA-2024-2982)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2982 advisory. [2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3961 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3961 Resolves: RHEL-19365 [2.42.3-1]...
7.5AI Score
Oracle Linux 8 : Image / builder / components (ELSA-2024-2961)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2961 advisory. osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit...
6.7AI Score
Oracle Linux 8 : idm:DL1 (ELSA-2024-3044)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3044 advisory. bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves:...
7.8AI Score
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
7.2AI Score
RHEL 9 : glibc (RHSA-2024:3423)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3423 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
7.7AI Score
Oracle Linux 8 : frr (ELSA-2024-2981)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2981 advisory. [7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out.....
7.5AI Score
Oracle Linux 8 : zziplib (ELSA-2024-3127)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3127 advisory. [0.13.68-13] - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 [0.13.68-12] - Add the gating tests from the 8.8.0...
6.8AI Score
Oracle Linux 8 : linux-firmware (ELSA-2024-3178)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3178 advisory. [20240415-999.32.git5da74b16.el8] - Rebase to latest upstream [Orabug: 36482906] Tenable has extracted the preceding description block directly from...
6.9AI Score
Oracle Linux 8 : libsndfile (ELSA-2024-3030)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3030 advisory. [1.0.28-14] - fix integer overflows causing CVE-2022-33065 (#RHEL-3750) Tenable has extracted the preceding description block directly from the Oracle Linux...
6.7AI Score
RHEL 8 : varnish:6 (RHSA-2024:3426)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3426 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...
6.9AI Score
Amazon Linux 2023 : fdupes (ALAS2023-2024-633)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-633 advisory. In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. (CVE-2022-48682) Tenable has extracted the preceding description block directly from the...
7.1AI Score