AlmaLinux 8 : polkit (ALSA-2021:2238)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:2238 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenable Network...

AlmaLinux 8 : kernel (ALSA-2021:2714)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2714 advisory. - net/bluetooth/hcirequest.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 - fs/seqfile.c in t...

AlmaLinux 8 : mingw-glib2 (ALSA-2021:4526)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4526 advisory. - An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit...

AlmaLinux 8 : httpd:2.4 (ALSA-2021:4537)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4537 advisory. httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in AlmaLinux CVE-2021-20325 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : yum (ALSA-2019:3583)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2019:3583 advisory. - DISPUTED There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third...

AlmaLinux 8 : libvncserver (ALSA-2020:3385)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:3385 advisory. - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...

AlmaLinux 8 : flatpak (ALSA-2021:4042)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4042 advisory. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with...

AlmaLinux 8 : lua (ALSA-2019:3706)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2019:3706 advisory. - Lua 5.3.5 has a use-after-free in luaupvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a...

AlmaLinux 8 : gd (ALSA-2020:4659)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4659 advisory. - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function...

AlmaLinux 8 : python-lxml (ALSA-2021:4158)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4158 advisory. - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class...

AlmaLinux 8 : nghttp2 (ALSA-2020:2755)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:2755 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious clien...

AlmaLinux 8 : spice (ALSA-2021:1924)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1924 advisory. - A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by...

AlmaLinux 8 : curl (ALSA-2021:4059)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4059 advisory. - A user can tell curl = 7.20.0 and = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t...

AlmaLinux 8 : shim (ALSA-2021:1734)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1734 advisory. - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw...

AlmaLinux 8 : tcpdump (ALSA-2021:4236)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4236 advisory. - The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037 Note that Nessus has not tested for this issue but has...

AlmaLinux 8 : gcc-toolset-10-annobin (ALSA-2021:4592)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4592 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

AlmaLinux 8 : virt:rhel (ALSA-2020:1358)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:1358 advisory. QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server CVE-2020-1711 QEMU: slirp: OOB buffer access while emulating tcp protocols ...

AlmaLinux 8 : json-c (ALSA-2021:4382)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4382 advisory. - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762 Note that Nessus...

AlmaLinux 8 : kernel (ALSA-2021:3057)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3057 advisory. - An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed whil...

AlmaLinux 8 : spamassassin (ALSA-2021:4315)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4315 advisory. - In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this,...