AlmaLinux 8 : nginx:1.20 (ALSA-2022:0323)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0323 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding description blo...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2021:5238)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5238 advisory. QEMU: off-by-one error in modesensepage in hw/scsi/scsi-disk.c CVE-2021-3930 QEMU: net: e1000: infinite loop while processing transmit descriptors...

AlmaLinux 8 : thunderbird (ALSA-2022:0535)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0535 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs...

AlmaLinux 8 : container-tools:3.0 (ALSA-2021:4222)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4222 advisory. buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 Tenable has extracted the preceding description block...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2021:4154)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4154 advisory. buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image...

AlmaLinux 8 : vim (ALSA-2022:0366)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0366 advisory. - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3872, CVE-2021-3984, CVE-2021-4019 - vim is vulnerable to Use After Free CVE-2021-4192 - vim is...

AlmaLinux 8 : ruby:2.5 (ALSA-2022:0672)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0672 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...

AlmaLinux 8 : python-pillow (ALSA-2022:0643)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0643 advisory. - pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 - PIL.ImageMath.eval in Pill...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2021:5160)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5160 advisory. golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 Tenable...

AlmaLinux 8 : thunderbird (ALSA-2022:0129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0129 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...

AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2022:0307)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0307 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

AlmaLinux 8 : grafana (ALSA-2022:0001)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:0001 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AlmaLinux 8 : samba (ALSA-2022:0332)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0332 advisory. - The Samba vfsfruit module uses extended file attributes EA, xattr to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatal...

AlmaLinux 8 : gegl04 (ALSA-2022:0177)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0177 advisory. - loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2021:4156)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4156 advisory. golang: net: lookup functions may return invalid host names CVE-2021-33195 golang: net/http/httputil: ReverseProxy forwards connection headers if first on...

AlmaLinux 8 : parfait:0.5 (ALSA-2022:0290)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0290 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw log...

AlmaLinux 8 : openssl (ALSA-2021:5226)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5226 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

AlmaLinux 8 : httpd:2.4 (ALSA-2022:0258)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0258 advisory. httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : ruby:2.6 (ALSA-2022:0543)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0543 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

AlmaLinux 8 : varnish:6 (ALSA-2022:0418)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0418 advisory. varnish: HTTP/1 request smuggling vulnerability CVE-2022-23959 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...