Rocky Linux 8 : pcp (RLSA-2024:3264)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3264 advisory. * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019) Tenable has extracted the preceding description block...
8.8CVSS
7.2AI Score
0.0004EPSS
Rocky Linux 8 : pam (RLSA-2024:3163)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3163 advisory. * pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) Tenable has extracted the preceding description block directly from the Rocky...
5.5CVSS
6.9AI Score
0.0004EPSS
Rocky Linux 8 : httpd:2.4 (RLSA-2024:3121)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3121 advisory. * httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) * mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)...
7.5CVSS
8.9AI Score
0.732EPSS
Rocky Linux 8 : Image builder components bug fix, enhancement and (RLSA-2024:2961)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2961 advisory. * osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) Tenable has extracted the preceding description block...
6.1CVSS
6.9AI Score
0.0004EPSS
Rocky Linux 8 : sssd (RLSA-2024:3270)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3270 advisory. * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) Tenable has extracted the preceding description...
7.1CVSS
9.4AI Score
0.0004EPSS
Rocky Linux 8 : kernel (RLSA-2024:3138)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3138 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s),...
9.8CVSS
8AI Score
EPSS
7.1AI Score
0.0004EPSS
7.4AI Score
Rocky Linux 8 : python3 (RLSA-2024:3347)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3347 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...
7.8CVSS
7.3AI Score
0.0005EPSS
Rocky Linux 8 : ruby:3.3 (RLSA-2024:3670)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3670 advisory. * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby:...
9AI Score
EPSS
Rocky Linux 8 : grafana (RLSA-2024:3265)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3265 advisory. * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) * grafana: vulnerable to authorization bypass...
7.5CVSS
7.8AI Score
0.0005EPSS
Rocky Linux 8 : idm:DL1 (RLSA-2024:3044)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3044 advisory. * freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) Tenable has extracted the preceding description block directly...
5.3CVSS
6.8AI Score
0.0004EPSS
Rocky Linux 8 : libtiff (RLSA-2024:3059)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3059 advisory. * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) Tenable has extracted the preceding description block directly from the Rocky Linux...
6.8CVSS
6.9AI Score
0.0004EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:3259)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3259 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...
5.8AI Score
0.0004EPSS
Rocky Linux 8 : python3.11-urllib3 (RLSA-2024:2986)
The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:2986 advisory. * python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) Tenable has extracted the preceding description block...
8.1CVSS
8.3AI Score
0.001EPSS
AlmaLinux 9 : 389-ds-base (ALSA-2024:3837)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3837 advisory. * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause...
7.5CVSS
7.9AI Score
0.0004EPSS
Rocky Linux 8 : kernel-rt (RLSA-2024:2950)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. ...
9.8CVSS
8.2AI Score
EPSS
9.8CVSS
7.4AI Score
0.919EPSS
7.4AI Score
0.0004EPSS
Rocky Linux 8 : cockpit (RLSA-2024:3667)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3667 advisory. * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947) Tenable has extracted the preceding description block directly from...
7.3CVSS
7.4AI Score
0.0004EPSS
Oracle Linux 8 : ruby:3.1 (ELSA-2024-3546)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3546 advisory. ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE...
7AI Score
EPSS
Rocky Linux 8 : ghostscript (RLSA-2024:2966)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2966 advisory. * ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710) Tenable has extracted the preceding description block directly from the Rocky...
5.5CVSS
7AI Score
0.001EPSS
Rocky Linux 8 : gstreamer1-plugins-good (RLSA-2024:3089)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3089 advisory. * gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) Tenable has extracted the preceding...
7.6CVSS
7.2AI Score
0.0005EPSS
Rocky Linux 8 : squashfs-tools (RLSA-2024:3139)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3139 advisory. * squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153) * squashfs-tools: possible Directory Traversal via...
8.1CVSS
10AI Score
0.009EPSS
Rocky Linux 8 : tomcat (RLSA-2024:3666)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3666 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug...
7.1AI Score
0.0004EPSS
PHP CGI Argument Injection Remote Code Execution
PHP versions 5.0.0 < 8.1.29, 8.2.x < 8.2.20, 8.3.x < 8.3.8 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request only when PHP is installed with Apache2 and PHP-CGI on Windows with certain languages (code...
8.2AI Score
Rocky Linux 8 : pki-core:10.6 and pki-deps:10.6 (RLSA-2024:3061)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3061 advisory. * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) Tenable has extracted the preceding description block directly from...
7.5CVSS
7.2AI Score
0.002EPSS
Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2024:3253)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3253 advisory. * libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494) Tenable has extracted the preceding description block directly from the.....
6.2CVSS
9.4AI Score
0.001EPSS
Rocky Linux 8 : python-pillow (RLSA-2024:3005)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3005 advisory. * python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) Tenable has...
7.5CVSS
7AI Score
0.001EPSS
Rocky Linux 8 : kernel-rt (RLSA-2024:3627)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3627 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...
7.8CVSS
9.3AI Score
0.001EPSS
Rocky Linux 8 : webkit2gtk3 (RLSA-2024:2982)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2982 advisory. * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) * webkitgtk: Processing web content may lead to arbitrary code.....
9.8CVSS
8.7AI Score
0.017EPSS
Rocky Linux 8 : exempi (RLSA-2024:3066)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3066 advisory. * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp...
6.5CVSS
7.3AI Score
0.001EPSS
Rocky Linux 8 : LibRaw (RLSA-2024:2994)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2994 advisory. * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) Tenable has extracted the preceding...
7.8CVSS
7.5AI Score
0.001EPSS
Rocky Linux 9 : 389-ds-base (RLSA-2024:3837)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3837 advisory. * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause.....
7.5CVSS
7.8AI Score
0.0004EPSS
Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:3254)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3254 advisory. * buildah: full container escape at build time (CVE-2024-1753) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters.....
8.6CVSS
6AI Score
0.002EPSS
Rocky Linux 8 : idm:DL1 (RLSA-2024:3755)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3755 advisory. * CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another target service * CVE-2024-3183 freeipa:...
8.1CVSS
8.3AI Score
0.0005EPSS
Rocky Linux 8 : glibc (RLSA-2024:3344)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3344 advisory. * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion ...
7.5AI Score
0.0004EPSS
Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:3466)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3466 advisory. * python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python39:3.9/python39: python: The zipfile module is...
7.8CVSS
7.3AI Score
EPSS
Rocky Linux 8 : ruby:3.1 (RLSA-2024:3546)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3546 advisory. * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby:...
8.9AI Score
EPSS
Rocky Linux 8 : booth (RLSA-2024:3659)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3659 advisory. * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049) Tenable has extracted the preceding description block...
5.9CVSS
7.4AI Score
0.001EPSS
Rocky Linux 8 : grub2 (RLSA-2024:3184)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3184 advisory. * grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048) * grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...
7.8CVSS
10AI Score
0.001EPSS
Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] ...
8.8CVSS
7.5AI Score
0.002EPSS
Rocky Linux 8 : traceroute (RLSA-2024:3211)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3211 advisory. * traceroute: improper command line parsing (CVE-2023-46316) Tenable has extracted the preceding description block directly from the Rocky Linux security...
5.5CVSS
9.6AI Score
0.0004EPSS
Rocky Linux 8 : git-lfs (RLSA-2024:3346)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3346 advisory. * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding...
5.8AI Score
0.0004EPSS
Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474) *...
8.8CVSS
7.7AI Score
0.0005EPSS
Rocky Linux 8 : xorg-x11-server (RLSA-2024:3258)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3258 advisory. * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in.....
7.8CVSS
8AI Score
0.0005EPSS
Rocky Linux 8 : libXpm (RLSA-2024:2974)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2974 advisory. * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) * libXpm: out of bounds read on XPM with corrupted colormap...
5.5CVSS
7.5AI Score
0.0004EPSS
Rocky Linux 8 : pcs (RLSA-2024:2953)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2953 advisory. * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) * rubygem-rack: Possible DoS Vulnerability with Range...
5.8CVSS
5.8AI Score
0.0004EPSS
Rocky Linux 8 : kernel update (Moderate) (RLSA-2024:3618)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3618 advisory. * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * kernel: Information disclosure in...
7.8CVSS
9.5AI Score
0.001EPSS
Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...
4.9CVSS
6.5AI Score
0.0004EPSS