AlmaLinux 8 : mutt (ALSA-2021:4181)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4181 advisory. - Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid...

AlmaLinux 8 : systemd (ALSA-2021:1611)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1611 advisory. - In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possib...

AlmaLinux 8 : mingw packages (ALSA-2021:1968)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1968 advisory. - In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz...

AlmaLinux 8 : libjpeg-turbo (ALSA-2021:4288)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4288 advisory. - Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and caus...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2020:4676)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4676 advisory. libvirt: leak of /dev/mapper/control into QEMU guests CVE-2020-14339 QEMU: Slirp: use-after-free during packet reassembly CVE-2019-15890 libvirt: Potentia...

AlmaLinux 8 : nghttp2 (ALSA-2020:2755)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:2755 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious clien...

AlmaLinux 8 : curl (ALSA-2021:1610)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1610 advisory. - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 - A malicious server can u...

AlmaLinux 8 : rpm (ALSA-2021:4489)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4489 advisory. - A flaw was found in RPM's hdrblobInit in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat...

AlmaLinux 8 : libsolv (ALSA-2020:4508)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4508 advisory. - repodataschema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input...

AlmaLinux 8 : cyrus-sasl (ALSA-2020:4497)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4497 advisory. - cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in OpenLDAP via a malformed LDAP packet. The...

AlmaLinux 8 : kernel (ALSA-2021:2714)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2714 advisory. - net/bluetooth/hcirequest.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 - fs/seqfile.c in t...

AlmaLinux 8 : icu (ALSA-2020:0902)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:0902 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists ...

AlmaLinux 8 : cryptsetup (ALSA-2020:4542)

"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4542 advisory. - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every...

AlmaLinux 8 : ppp (ALSA-2020:0633)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:0633 advisory. - eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Note that Nessus has not...

AlmaLinux 8 : rust-toolset:rhel8 (ALSA-2021:4590)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4590 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in rus...

AlmaLinux 8 : libxslt (ALSA-2020:4464)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2020:4464 advisory. - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -...

AlmaLinux 8 : thunderbird (ALSA-2021:5045)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:5045 advisory. - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive...

AlmaLinux 8 : libsndfile (ALSA-2020:1636)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2020:1636 advisory. - A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application crash or...

AlmaLinux 8 : spice (ALSA-2021:1924)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1924 advisory. - A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by...

AlmaLinux 8 : libvncserver (ALSA-2020:3385)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:3385 advisory. - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...