RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2020:0795)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0795 advisory. - atomic-openshift: reflected XSS in authentication flow CVE-2019-3889 Note that Nessus has not tested for this issue but has instead relied...

RHCOS 4 : OpenShift Container Platform 4.2.22 skopeo (RHSA-2020:0689)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0689 advisory. - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull CVE-2020-8945 Note that Nessus has not tested for this issue...

RHCOS 4 : OpenShift Container Platform 4.3.25 openshift (RHSA-2020:2440)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2440 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

RHCOS 4 : OpenShift Container Platform 4.3.26 python-psutil (RHSA-2020:2635)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2635 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

Azure Linux 3.0 Security Update: junit (CVE-2020-15250)

The version of junit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-15250 advisory. - In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information...

Azure Linux 3.0 Security Update: samba (CVE-2020-25719)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25719 advisory. - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based...

Azure Linux 3.0 Security Update: gsl (CVE-2020-35357)

The version of gsl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-35357 advisory. - A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU...

MiracleLinux 8 : httpd:2.4 (AXSA:2020-846:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-846:01 advisory. httpd: Push diary crash on specifically crafted HTTP/2 header CVE-2020-9490 Modularity name: httpd Stream name: 2.4 CVE-2020-9490 Apache HTTP Server versions...

MiracleLinux 8 : php:7.2 (AXSA:2020-845:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-845:01 advisory. php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems may allow unwanted access during processing...

MiracleLinux 7 : python-pillow-2.0.0-21.gitd1c6db8.el7 (AXSA:2020-560:04)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-560:04 advisory. python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images CVE-2020-5313 Tenable has extracted the preceding description block directly fro...

MiracleLinux 7 : autotrace-0.31.1-38.el7, emacs-24.3-23.el7, ImageMagick-6.9.10.68-3.el7, inkscape-0.92.2-3.el7 (AXSA:2020-048:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-048:01 advisory. ImageMagick: multiple security vulnerabilities CVE-2018-12599, CVE-2018-12600, CVE-2019-9956, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974,...

MiracleLinux 7 : openssl-1.0.2k-21.el7 (AXSA:2020-994:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-994:04 advisory. openssl: EDIPARTYNAME NULL pointer de-reference CVE-2020-1971 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : mailman-2.1.15-30.el7 (AXSA:2020-4558:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4558:01 advisory. mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages CVE-2018-0618 mailman: Mishandled URLs...

MiracleLinux 7 : atk-2.28.1-2.el7evolution-data-server-3.28.5-4.el7evolution-ews-3.28.5-5.el7evolution-3.28.5-8.el7 (AXSA:2020-4566:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4566:01 advisory. evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages CVE-2018-15587 evolution-ews: all certificate...

MiracleLinux 7 : openwsman-2.6.3-7.git4391e5c.el7 (AXSA:2020-623:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-623:01 advisory. openwsman: Infinite loop in processconnection allows denial of service CVE-2019-3833 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : audiofile-0.3.6-9.el7 (AXSA:2020-752:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-752:01 advisory. audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert CVE-2018-17095 audiofile: NULL pointer dereference in...

MiracleLinux 8 : qt5, qt5-qtx11extras-5.12.5-1.0.1.el8, qt5-qtxmlpatterns-5.12.5-1.0.1.el8, qt5-5.12.5-3.0.1.el8, sip-4.19.19-1.0.1.el8security fix upate (AXSA:2020-952:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-952:01 advisory. qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp CVE-2018-19872 qt5-qtsvg: Invalid parsing of malformed url reference...

MiracleLinux 7 : wireshark-1.10.14-24.el7 (AXSA:2020-4562:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4562:01 advisory. wireshark: Out-of-bounds read in packet-ldss.c CVE-2018-11362 wireshark: Multiple dissectors could crash wnpa-sec-2018-36 CVE-2018-14340 wireshark:...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.252.b09-2.AXS4 (AXSA:2020-022:09)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-022:09 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

MiracleLinux 7 : qt5-qtbase-5.9.7-4.el7 (AXSA:2020-694:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-694:01 advisory. qt: files placed by attacker can influence the working directory and lead to malicious code execution CVE-2020-0569 qt: files placed by attacker can...