AlmaLinux 8 / 9 : java-17-openjdk (ALSA-2024:1825)

The remote AlmaLinux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1825 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Support...

AlmaLinux 9 : gnutls (ALSA-2024:1879)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1879 advisory. - A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to...

AlmaLinux 9 : bind (ALSA-2024:1789)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1789 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

AlmaLinux 8 : bind and dhcp (ALSA-2024:1782)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1782 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

AlmaLinux 8 : bind9.16 (ALSA-2024:1781)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1781 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

AlmaLinux 8 : httpd:2.4/mod_http2 (ALSA-2024:1786)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1786 advisory. httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note...

AlmaLinux 9 : unbound (ALSA-2024:1750)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1750 advisory. - A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

AlmaLinux 8 : unbound (ALSA-2024:1751)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1751 advisory. - A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

AlmaLinux 8 : gnutls (ALSA-2024:1784)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1784 advisory. - A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to...

AlmaLinux 9 : varnish (ALSA-2024:1691)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1691 advisory. - Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 and before 6.0.13 LTS, and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2...

AlmaLinux 9 : nodejs:20 (ALSA-2024:1688)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1688 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP reques...

AlmaLinux 8 : rear (ALSA-2024:1719)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1719 advisory. - Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets...

AlmaLinux 8 : varnish (ALSA-2024:1690)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1690 advisory. varnish: HTTP/2 Broken Window Attack may result in denial of service CVE-2024-30156 Tenable has extracted the preceding description block directly from the AlmaLin...

AlmaLinux 9 : less (ALSA-2024:1692)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1692 advisory. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus has not tested for this issue but has instead...

AlmaLinux 8 : nodejs:20 (ALSA-2024:1687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1687 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP reques...

AlmaLinux 8 : less (ALSA-2024:1610)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1610 advisory. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus has not tested for this issue but has instead...

AlmaLinux 8 : expat (ALSA-2024:1615)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1615 advisory. - libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple...

AlmaLinux 8 : opencryptoki (ALSA-2024:1608)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1608 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potential...

AlmaLinux 8 : grafana-pcp (ALSA-2024:1644)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1644 advisory. - A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled...

AlmaLinux 8 : grafana (ALSA-2024:1646)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1646 advisory. - A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled...