AlmaLinux 8 : doxygen (ALSA-2025:1314)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1314 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block directly...

AlmaLinux 9 : thunderbird (ALSA-2025:1184)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:1184 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox: thunderbir...

AlmaLinux 9 : buildah (ALSA-2025:0923)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0923 advisory. podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile CVE-2024-11218 Tenable has extracted the precedi...

AlmaLinux 8 : libsoup (ALSA-2025:0838)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0838 advisory. libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 Tenable has extracted the preceding description block directly from...

AlmaLinux 8 : python-jinja2 (ALSA-2025:0711)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:0711 advisory. jinja2: Jinja has a sandbox breakout through indirect reference to format method CVE-2024-56326 Tenable has extracted the preceding description block directly from...

AlmaLinux 9 : python-jinja2 (ALSA-2025:0667)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:0667 advisory. jinja2: Jinja has a sandbox breakout through indirect reference to format method CVE-2024-56326 Tenable has extracted the preceding description block directly from...

AlmaLinux 9 : java-17-openjdk security update for AlmaLinux 8.6, 8.8, 8.10, 9.4 and 9.5 (Medium) (ALSA-2025:0422)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0422 advisory. JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The AlmaLinux OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files to a new...

ALSA-2025:0422 Moderate: java-17-openjdk security update for AlmaLinux 8.6, 8.8, 8.10, 9.4 and 9.5

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The AlmaLinux OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files ...

AlmaLinux 8 : iperf3 (ALSA-2025:0168)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:0168 advisory. iperf: Denial of Service in iperf Due to Improper JSON Handling CVE-2024-53580 Tenable has extracted the preceding description block directly from the AlmaLinux...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:10860)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:10860 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

AlmaLinux 9 : edk2 (ALSA-2024:8935)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:8935 advisory. openssl: Possible denial of service in X.509 name checks CVE-2024-6119 Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 8 : python-gevent (ALSA-2024:8834)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:8834 advisory. python-gevent: privilege escalation via a crafted script to the WSGIServer component CVE-2023-41419 Tenable has extracted the preceding description block directly...

AlmaLinux 8 : python3.11-urllib3 (ALSA-2024:8843)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:8843 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description block...

AlmaLinux 9 : less (ALSA-2024:1692)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1692 advisory. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus has not tested for this issue but has instead...

AlmaLinux 8 : edk2 (ALSA-2024:0888)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0888 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or...

ALSA-2024:0748 Important: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file descriptor leak "Leaky Vessels" CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is available in th...

ALSA-2023:5867 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 golang: net/http, x/net/http2: rapid stream resets can cause...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2023:2764)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2764 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...