Azure Automation State Configuration, DSC Extension Security Vulnerabilities
RHEL 7 : bluez (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS...
8.8AI Score
RHEL 6 : php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...
10AI Score
RHEL 5 : httpd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. httpd: mod_ssl NULL pointer dereference (CVE-2017-3169) httpd: Weak Digest auth nonce generation in...
8.6AI Score
RHEL 7 : php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php: Use of...
10AI Score
RHEL 7 : mercurial (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mercurial: arbitrary command execution in mercurial repo with a git submodule (CVE-2017-17458) The...
8.6AI Score
RHEL 5 : openjdk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528) (CVE-2017-3511) OpenJDK:...
5.3AI Score
RHEL 6 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution ...
10AI Score
RHEL 6 : httpd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) In Apache httpd...
10AI Score
RHEL 5 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) nss:...
7AI Score
RHEL 7 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: Insufficient timing side-channel resistance in divSpoiler (CVE-2016-9074) nss before version 3.30...
7AI Score
RHEL 7 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...
9.9AI Score
RHEL 5 : oniguruma (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read ...
9.1AI Score
RHEL 5 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. postgresql: Improper randomization of pgcrypto functions (requiring random seed) (CVE-2013-1900) ...
8.4AI Score
RHEL 5 : mysql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) ...
9.7AI Score
RHEL 5 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Sandbox escape with improperly separated process types (CVE-2020-12389) Mozilla: Memory safety...
10AI Score
RHEL 7 : grub2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) ...
8.4AI Score
RHEL 8 : openvswitch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498) ...
8AI Score
RHEL 6 : git (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. git: cvsserver command injection (CVE-2017-14867) git: Heap overflow in git archive, git log --format...
8.8AI Score
RHEL 5 : ntp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution ...
8.3AI Score
RHEL 7 : git (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. git: Recursive submodule cloning allows using git directory twice with synonymous directory name...
8.4AI Score
RHEL 5 : networkmanager (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults...
5AI Score
RHEL 6 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: XML External Entity in XML...
9.5AI Score
RHEL 7 : quagga (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. quagga: Buffer Overflow in IPv6 RA handling (CVE-2016-1245) quagga: VPNv4 NLRI parser memcpys to stack...
7.2AI Score
RHEL 7 : unbound (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042) A flaw was found in...
8.1AI Score
RHEL 5 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
9.7AI Score
RHEL 7 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: local configuration update allows privilege escalation (CVE-2016-4477) wpa_supplicant:...
8.3AI Score
Fedora 40 : mediawiki / php-oojs-oojs-ui / php-wikimedia-cdb / etc (2024-2c564b942d)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-2c564b942d advisory. Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote...
6.8AI Score
RHEL 5 : wireshark (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wireshark: free operation on an uninitialized memory address in wiretap/netmon.c (CVE-2018-6836) The...
9.1AI Score
RHEL 6 : python-pillow (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-pillow: Missing check for negative image dimensions in ImagingNew (Storage.c) (CVE-2016-9190) ...
8AI Score
RHEL 5 : krb5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. krb5: Automatic sec context deletion could lead to double-free (CVE-2017-11462) The process_db_args...
6.3AI Score
RHEL 7 : python (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) python: XML...
8.9AI Score
RHEL 8 : containernetworking-cni (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) Note that...
7.5AI Score
RHEL 7 : webkitgtk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution ...
10AI Score
RHEL 7 : qemu (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: ps2: information leakage via post_load routine (CVE-2017-16845) QEMU: net: ignore packets with...
8.5AI Score
RHEL 6 : mailman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) mailman:...
7.7AI Score
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: request mixup (CVE-2022-25762) When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80...
8.5AI Score
RHEL 6 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) postgresql:...
8.8AI Score
RHEL 7 : pip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. pip: Mercurial configuration injectable in repo revision when installing via pip (CVE-2023-5752) Note that Nessus...
6.9AI Score
RHEL 8 : libtpms (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtpms: out-of-bounds access when trying to resume the state of the vTPM (CVE-2021-3623) A flaw was...
6.5AI Score
openSUSE: Security Advisory for tinyproxy (openSUSE-SU-2024:0119-1)
The remote host is missing an update for...
7.5AI Score
0.021EPSS
RHEL 7 : postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) postgresql:...
9AI Score
RHEL 8 : nginx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name ...
7.8AI Score
RHEL 7 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
10AI Score
RHEL 5 : ghostscript (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: /invalidaccess bypass after failed restore (699654) (CVE-2018-16509) ghostscript: Safer...
9.1AI Score
RHEL 6 : nss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) An existing mitigation of...
5.9AI Score
RHEL 6 : xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. xen: Uninitialized state in x86 PV failsafe callback path (XSA-274) (CVE-2018-14678) Note that Nessus has not tested...
7.3AI Score
RHEL 8 : bootstrap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) In Bootstrap 3.x before...
6.9AI Score
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.5AI Score
RHEL 5 : binutils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699) The...
9.8AI Score
RHEL 6 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. firefox: Possible integer overflow to fix inside XML_Parse in Expat (CVE-2016-9063) firefox: arbitrary...
8AI Score