AlmaLinux 8 : samba (ALSA-2022:0332)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0332 advisory. - The Samba vfsfruit module uses extended file attributes EA, xattr to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatal...

AlmaLinux 8 : openssl (ALSA-2021:5226)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5226 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

AlmaLinux 8 : httpd:2.4 (ALSA-2022:0258)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0258 advisory. httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2021:5160)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5160 advisory. golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 Tenable...

AlmaLinux 8 : thunderbird (ALSA-2022:0129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0129 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...

AlmaLinux 8 : parfait:0.5 (ALSA-2022:0290)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0290 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw log...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2021:4156)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4156 advisory. golang: net: lookup functions may return invalid host names CVE-2021-33195 golang: net/http/httputil: ReverseProxy forwards connection headers if first on...

AlmaLinux 8 : gegl04 (ALSA-2022:0177)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0177 advisory. - loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the...

AlmaLinux 8 : aide (ALSA-2022:0441)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:0441 advisory. - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of a heap-based...

AlmaLinux 8 : kernel (ALSA-2021:5227)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5227 advisory. - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user...

AlmaLinux 8 : idm:DL1 (ALSA-2021:5142)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5142 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets CVE-2020-25719 Tenable has extracted the preceding description block directly from th...

AlmaLinux 8 : firefox (ALSA-2022:0510)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0510 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs...

AlmaLinux 8 : httpd:2.4 (ALSA-2021:3816)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3816 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value...

AlmaLinux 8 : kernel (ALSA-2021:4356)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4356 advisory. - Insufficient control flow in certain data structures for some IntelR Processors with IntelR Processor Graphics may allow an unauthenticated user to...

AlmaLinux 8 : librsvg2 (ALSA-2020:4709)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4709 advisory. - In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The...

AlmaLinux 8 : python-urllib3 (ALSA-2021:1631)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1631 advisory. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...

AlmaLinux 8 : openssl (ALSA-2021:4424)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4424 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to...

AlmaLinux 8 : xterm (ALSA-2021:0611)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:0611 advisory. - xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining character...

AlmaLinux 8 : lldpad (ALSA-2019:3673)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2019:3673 advisory. - lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to...

AlmaLinux 8 : mariadb:10.3 and mariadb-devel:10.3 (ALSA-2021:1242)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1242 advisory. mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user CVE-2021-27928 Tenable has...