AlmaLinux 8 : kernel (ALSA-2020:4431)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4431 advisory. - In the Android kernel in the video driver there is a kernel pointer leak due to a WARNON statement. This could lead to local information disclosure with...

AlmaLinux 8 : annobin (ALSA-2021:4593)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4593 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

AlmaLinux 8 : python-jinja2 (ALSA-2021:4161)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4161 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple...

AlmaLinux 8 : libcroco (ALSA-2020:3654)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:3654 advisory. - libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption. CVE-2020-12825 Note that Nessus has not...

AlmaLinux 8 : libgcrypt (ALSA-2020:4482)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4482 advisory. - It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4...

AlmaLinux 8 : grafana (ALSA-2021:4226)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4226 advisory. - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during...

AlmaLinux 8 : sqlite (ALSA-2020:4442)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4442 advisory. - An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a u...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2021:1064)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1064 advisory. QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in AlmaLinux CVE-2021-20295 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : cups (ALSA-2021:4393)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4393 advisory. - An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security...

AlmaLinux 8 : lz4 (ALSA-2021:2575)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:2575 advisory. - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of...

AlmaLinux 8 : virt:rhel (ALSA-2019:3345)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2019:3345 advisory. ntfs-3g: heap-based buffer overflow leads to local root privilege escalation CVE-2019-9755 QEMU: slirp: information leakage in tcpemu due to uninitialized...

AlmaLinux 8 : libtiff (ALSA-2020:4634)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:4634 advisory. - tifgetimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer...

AlmaLinux 8 : thunderbird (ALSA-2021:4130)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4130 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...

AlmaLinux 8 : brotli (ALSA-2021:1702)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1702 advisory. - A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a one-shot decompression request to a...

AlmaLinux 8 : libxml2 (ALSA-2020:4479)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4479 advisory. - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956 - xmlSchemaPreRun in...

AlmaLinux 8 : glib2 (ALSA-2021:2170)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:2170 advisory. - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on 64-bit platforms due to an implic...

AlmaLinux 8 : pandoc (ALSA-2021:1972)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1972 advisory. - The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes On n time to parse certain inputs. An attacker could craft a markdown table whi...

AlmaLinux 8 : gcc (ALSA-2021:4587)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4587 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

AlmaLinux 8 : wpa_supplicant (ALSA-2021:1686)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1686 advisory. - In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target devi...

AlmaLinux 8 : openssl (ALSA-2020:5476)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:5476 advisory. - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a...