AlmaLinux 8 : .NET 8.0 (ALSA-2024:0827)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0827 advisory. - .NET Denial of Service Vulnerability CVE-2024-21386, CVE-2024-21404 Note that Nessus has not tested for these issues but has instead relied only on the...

AlmaLinux 9 : dotnet7.0 (ALSA-2024:0805)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0805 advisory. - .NET Denial of Service Vulnerability CVE-2024-21386, CVE-2024-21404 Note that Nessus has not tested for these issues but has instead relied only on the...

AlmaLinux 8 : dotnet6.0 (ALSA-2024:0808)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0808 advisory. - .NET Denial of Service Vulnerability CVE-2024-21386, CVE-2024-21404 Note that Nessus has not tested for these issues but has instead relied only on the...

AlmaLinux 9 : dotnet6.0 (ALSA-2024:0807)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0807 advisory. - .NET Denial of Service Vulnerability CVE-2024-21386, CVE-2024-21404 Note that Nessus has not tested for these issues but has instead relied only on the...

AlmaLinux 8 : dotnet7.0 (ALSA-2024:0806)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0806 advisory. - .NET Denial of Service Vulnerability CVE-2024-21386, CVE-2024-21404 Note that Nessus has not tested for these issues but has instead relied only on the...

AlmaLinux 9 : sudo (ALSA-2024:0811)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0811 advisory. - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo before 1.9.13 does not escape control characters in...

AlmaLinux 8 : nss (ALSA-2024:0786)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0786 advisory. - Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could potentially allow an attacker to recover the private key...

AlmaLinux 9 : nss (ALSA-2024:0790)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0790 advisory. - Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could potentially allow an attacker to recover the private key...

AlmaLinux 8 : libmaxminddb (ALSA-2024:0768)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0768 advisory. - libmaxminddb before 1.4.3 has a heap-based buffer over-read in dumpentrydatalist in maxminddb.c. CVE-2020-28241 Note that Nessus has not tested for this issue bu...

AlmaLinux 8 : tcpdump (ALSA-2024:0769)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:0769 advisory. - Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. CVE-2021-41043 Note that Nessus has not tested for this issue but has instead...

AlmaLinux 9 : gimp (ALSA-2024:0675)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0675 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

AlmaLinux 8 : container-tools:4.0 (ALSA-2024:0748)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0748 advisory. runc: file descriptor leak Leaky Vessels CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:0752)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0752 advisory. runc: file descriptor leak CVE-2024-21626 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Nessus has...

ALSA-2024:0748 Important: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file descriptor leak "Leaky Vessels" CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is available in th...

AlmaLinux 9 : runc (ALSA-2024:0670)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:0670 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descripto...

AlmaLinux 8 : rpm (ALSA-2024:0647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0647 advisory. - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to...

AlmaLinux 8 : gnutls (ALSA-2024:0627)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0627 advisory. - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with...

AlmaLinux 8 : firefox (ALSA-2024:0608)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0608 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...

AlmaLinux 8 : libssh (ALSA-2024:0628)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0628 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks su...

AlmaLinux 9 : thunderbird (ALSA-2024:0602)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0602 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...