Launchpad – Coming Soon & Maintenance Mode Plugin Security Vulnerabilities
Oracle Linux 8 : openssh (ELSA-2024-3166)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3166 advisory. [8.0p1-24.0.1] - Update upstream references [Orabug: 36587718] [8.0p1-24] - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves:...
6.7AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Unbound vulnerability (USN-6791-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6791-1 advisory. It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update...
6.9AI Score
Oracle Linux 8 : python3.11-urllib3 (ELSA-2024-2986)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2986 advisory. [1.26.12-2] - Security fix for CVE-2023-43804 Resolves: RHEL-11996 Tenable has extracted the preceding description block directly from the Oracle Linux...
6.6AI Score
RHEL 9 : kpatch-patch (RHSA-2024:3427)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3427 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security...
7AI Score
openSUSE 15 Security Update : opera (openSUSE-SU-2024:0142-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0142-1 advisory. - Update to 110.0.5130.39 * DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint * DNA-116680 Import 0-day fix for CVE-2024-5274 -...
7AI Score
Oracle Linux 8 : grub2 (ELSA-2024-3184)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3184 advisory. [2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure...
7AI Score
RHEL 9 : kernel-rt (RHSA-2024:3414)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3414 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
7.3AI Score
Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro:...
8AI Score
Amazon Linux 2023 : bcc, bcc-devel, bcc-tools (ALAS2023-2024-626)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-626 advisory. If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux...
6.3AI Score
Oracle Linux 8 : LibRaw (ELSA-2024-2994)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2994 advisory. [0.19.5-4] - Backport fix for CVE-2021-32142 from upstream Resolves: RHEL-9523 Tenable has extracted the preceding description block directly from the...
6.7AI Score
Oracle Linux 8 : ansible-core (ELSA-2024-3043)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3043 advisory. [2.16.3-2] - rebuild with python 3.12 (RHEL-24141) [2.16.3-1] - ansible-core 2.16.3 release (RHEL-23782) - Fix CVE-2024-0690 (possible information leak in tasks.....
6.5AI Score
Oracle Linux 8 : pcs (ELSA-2024-2953)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency...
7AI Score
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-2962)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2962 advisory. hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream...
7.8AI Score
Oracle Linux 8 : qt5-qtbase (ELSA-2024-3056)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3056 advisory. [5.15.3-7] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25725 [5.15.3-6] - Fix incorrect integer...
7.3AI Score
Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix ...
7.2AI Score
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type...
7.1AI Score
Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...
7.2AI Score
RHEL 9 : mod_http2 (RHSA-2024:3417)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3417 advisory. The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd:...
6.7AI Score
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2024-624)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-624 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a ...
8AI Score
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2024-632)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-632 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP...
7AI Score
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-625)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-625 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...
7.2AI Score
Oracle Linux 8 : freeglut (ELSA-2024-3120)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3120 advisory. [3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves:...
7.1AI Score
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2024:1793-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1793-1 advisory. Update to OpenJDK 8u412 build 08 with OpenJ9 0.44.0 virtual machine: - CVE-2024-21094: Fixed C2 compilation failure with...
7.9AI Score
Oracle Linux 8 : libsndfile (ELSA-2024-3030)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3030 advisory. [1.0.28-14] - fix integer overflows causing CVE-2022-33065 (#RHEL-3750) Tenable has extracted the preceding description block directly from the Oracle Linux...
6.7AI Score
RHEL 8 : varnish:6 (RHSA-2024:3426)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3426 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and...
6.9AI Score
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Flask-Security vulnerability (USN-6792-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6792-1 advisory. Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary...
7.1AI Score
Amazon Linux 2023 : less (ALAS2023-2024-622)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-622 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled...
6.7AI Score
Amazon Linux 2023 : fdupes (ALAS2023-2024-633)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-633 advisory. In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. (CVE-2022-48682) Tenable has extracted the preceding description block directly from the...
7.1AI Score
Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2024-634)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-634 advisory. Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result...
6.9AI Score
RHEL 8 : protobuf (RHSA-2024:3433)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3433 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...
7AI Score
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...
7.1AI Score
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6787-1 advisory. It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by....
6.1AI Score
Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2024-2996)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2996 advisory. [21.1.3-15] Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 [21.1.3-14] - Fix for...
7AI Score
Oracle Linux 8 : webkit2gtk3 (ELSA-2024-2982)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2982 advisory. [2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3961 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3961 Resolves: RHEL-19365 [2.42.3-1]...
7.5AI Score
Oracle Linux 8 : Image / builder / components (ELSA-2024-2961)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2961 advisory. osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit...
6.7AI Score
Oracle Linux 8 : idm:DL1 (ELSA-2024-3044)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3044 advisory. bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves:...
7.8AI Score
Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...
7.2AI Score
RHEL 9 : glibc (RHSA-2024:3423)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3423 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
7.7AI Score
Oracle Linux 8 : frr (ELSA-2024-2981)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2981 advisory. [7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out.....
7.5AI Score
Oracle Linux 8 : zziplib (ELSA-2024-3127)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3127 advisory. [0.13.68-13] - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 [0.13.68-12] - Add the gating tests from the 8.8.0...
6.8AI Score
Oracle Linux 8 : linux-firmware (ELSA-2024-3178)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3178 advisory. [20240415-999.32.git5da74b16.el8] - Rebase to latest upstream [Orabug: 36482906] Tenable has extracted the preceding description block directly from...
6.9AI Score
RHEL 8 : rust-toolset:rhel8 (RHSA-2024:3428)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3428 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security...
6.5AI Score
Oracle Linux 8 : libXpm (ELSA-2024-2974)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2974 advisory. [3.5.12-11] - Drop hardening patches from previous version to keep ABI compatibility [3.5.12-10] - CVE-2023-43786 libX11: stack exhaustion from...
7.2AI Score
Oracle Linux 8 : pmix (ELSA-2024-3008)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3008 advisory. [2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves: RHEL-3692 Tenable has extracted the preceding description block...
6.7AI Score
AlmaLinux 9 : tomcat (ALSA-2024:3307)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3307 advisory. * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es).....
7.1AI Score
Amazon Linux 2023 : cni-plugins (ALAS2023-2024-630)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-630 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all...
6.7AI Score
Oracle Linux 8 : xorg-x11-server (ELSA-2024-2995)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2995 advisory. [1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-21] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885,...
7.1AI Score
Oracle Linux 8 : gstreamer1-plugins-good (ELSA-2024-3089)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3089 advisory. [1.16.1-4] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19469 Tenable has extracted the...
7AI Score
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : WebKitGTK vulnerabilities (USN-6788-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6788-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...
6.8AI Score
Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2024-3061)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3061 advisory. apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent [49-1] - Rebase to upstream version 49 ...
7.2AI Score