Scalance Xm-400, Xr-500 Security Vulnerabilities

RHEL 8 : Release of OpenShift Serverless Client kn 1.21.0 (Moderate) (RHSA-2022:1056)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1056 advisory. golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) golang: syscall: don't close fd 0 on ForkExec error...

RHEL 7 / 8 / 9 : OpenShift Virtualization 4.13.0 RPMs (RHSA-2023:3204)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3204 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) golang: golang.org/x/text/language:...

RHEL 8 : Red Hat OpenShift Data Foundation 4.10.0 RPM (RHSA-2022:1361)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1361 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) golang.org/x/crypto: empty...

RHEL 8 / 9 : OpenShift Container Platform 4.13.3 (RHSA-2023:3536)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3536 advisory. golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) golang: net/http, net/textproto,...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:0855)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0855 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Moderate) (RHSA-2023:4590)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4590 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

RHEL 8 / 9 : OpenShift Container Platform 4.12.39 (RHSA-2023:5679)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5679 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple...

RHEL 8 / 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6840)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6840 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate...

RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.12.1 (RHSA-2023:6059)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6059 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...

RHEL 8 : Release of OpenShift Serverless Client kn 1.30.2 (RHSA-2023:6298)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6298 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...

RHEL 8 : openshift-gitops-kam (RHSA-2023:6782)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6782 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 / 9 : OpenShift Container Platform 4.13.17 (RHSA-2023:5675)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5675 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) Note that Nessus has not...

RHEL 8 : Release of OpenShift Serverless Client kn 1.27.0 (Moderate) (RHSA-2023:0708)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0708 advisory. golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:4692)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4692 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 8 / 9 : OpenShift Container Platform 4.14.10 (RHSA-2024:0293)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0293 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 : OpenShift Container Platform 4.11.53 (RHSA-2023:6274)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6274 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private...

RHEL 9 : golang (RHSA-2024:1963)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1963 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http, x/net/http2: unlimited number of...

RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4466 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : RHUI 4.4.0 - Security Fixes, Bug Fixes, and Enhancements Update (Moderate) (RHSA-2023:2101)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2101 advisory. Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and...

RHEL 8 / 9 : OpenShift Container Platform 4.13.5 (RHSA-2023:4093)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4093 advisory. kube-apiserver: PrivEsc (CVE-2023-1260) openshift: OCP & FIPS mode (CVE-2023-3089) golang: net/http, net/textproto: denial of...

RHEL 8 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) golang: path/filepath: path-filepath filepath.Clean path traversal...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. maven: Block repositories using http by default (CVE-2021-26291) SnakeYaml: Constructor Deserialization Remote Code Execution...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5758)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5758 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 8 / 9 : OpenShift Container Platform 4.12.30 (RHSA-2023:4674)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4674 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) Note that Nessus has not tested for this issue but has instead...

RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:1014)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1014 advisory. A highly-available key value store for shared configuration Security Fix(es): * Improve heuristics preventing CPU/memory abuse by parsing malicious...

RHEL 8 / 9 : OpenShift Container Platform 4.13.1 (RHSA-2023:3303)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3303 advisory. golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) Note that Nessus has not tested for this issue but has instead...

RHEL 8 : Satellite 6.12.5.2 Async Security Update (Important) (RHSA-2023:5979)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5979 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3663)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3663 advisory. http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048) springframework: BCrypt skips salt rounds for work factor of 31...

RHEL 8 : Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) (RHSA-2023:5970)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5970 advisory. A highly-available key value store for shared configuration Shared library for infrawatch golang components Security Fix(es): * golang:...

RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.10.6 (RHSA-2023:7699)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7699 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2023:5805)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5805 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 8 : OpenShift Container Platform 4.11.52 (RHSA-2023:5717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5717 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 9 : OpenShift Container Platform 4.13.0 (RHSA-2023:1329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1329 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) golang: crypto/tls: large handshake...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.2.2 Product Security and Bug Fix Update (Important) (RHSA-2023:5809)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5809 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2023:6172)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6172 advisory. google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization...

RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) (RHSA-2023:5964)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5964 advisory. Collectd plugin for gathering resource usage statistics from containers created with the libpod library. Security Fix(es): * golang:...

RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

RHEL 8 : Satellite 6.13 Release (Important) (RHSA-2023:2097)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2097 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

RHEL 8 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0560 advisory. google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization...

RHEL 8 : Release of OpenShift Serverless Client kn 1.20.0 (Moderate) (RHSA-2022:0432)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0432 advisory. golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) golang:...

RHEL 7 : rh-haproxy18-haproxy (RHSA-2019:1436)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1436 advisory. haproxy: Information disclosure in check_request_for_cacheability function in proto_http.c (CVE-2018-11469) haproxy: Out-of-bounds...

RHEL 7 : rh-php71-php (RHSA-2019:2519)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2519 advisory. gd: Unsigned integer underflow _gdContributionsAlloc() (CVE-2016-10166) php: Out of bounds access in php_pcre.c:php_pcre_replace_impl()...

RHEL 8 / 9 : OpenShift Container Platform 4.12.22 (RHSA-2023:3613)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3613 advisory. golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should...

RHEL 9 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) HTTP/2: Multiple HTTP/2...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) (RHSA-2023:5967)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5967 advisory. A highly-available key value store for shared configuration Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3610)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3610 advisory. jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) maven-shared-utils: Command injection...

RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...