CentOS 7 : kernel (RHSA-2023:5622)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5622 advisory. - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and...

CentOS 7 : thunderbird (RHSA-2023:5191)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5191 advisory. - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. CVE-2023-5129 - Heap buffer...

CentOS 8 : webkit2gtk3 (CESA-2023:7055)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7055 advisory. - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6...

CentOS 8 : wireshark (CESA-2023:7015)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7015 advisory. - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to...

CentOS 8 : librabbitmq (CESA-2023:7150)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7150 advisory. - An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for...

CentOS 8 : postgresql:15 (CESA-2023:5269)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5269 advisory. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with...

CentOS 7 : emacs (RHSA-2023:3481)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3481 advisory. - An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter fil...

CentOS 8 : webkit2gtk3 (CESA-2023:2834)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2834 advisory. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing...

CentOS 8 : grafana (CESA-2023:2784)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:2784 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...

CentOS 8 : git (CESA-2023:2859)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2859 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untruste...

CentOS 8 : xorg-x11-server (CESA-2023:2806)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2806 advisory. - A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function GetCountedString of the file...

CentOS 7 : thunderbird (RHSA-2023:1806)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1806 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...

CentOS 8 : nodejs:14 (CESA-2023:1743)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1743 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

K03685068: Linux kernel vulnerability CVE-2017-5972

Security Advisory Description The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated ...

CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2023:0099)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0099 advisory. - An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed t...

CentOS 7 : firefox (RHSA-2022:8552)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8552 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined...

CentOS 8 : libtiff (CESA-2022:7585)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7585 advisory. - libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 - libtiff: Null source pointer lead to Denial of Service via crafted TIFF file...

CentOS 8 : redis:6 (CESA-2022:7541)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7541 advisory. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: Malformed Lua script can crash Redis CVE-2022-24736 Note that Ness...

CentOS 8 : mysql:8.0 (CESA-2022:7119)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7119 advisory. - mysql: Server: DML unspecified vulnerability CPU Oct 2021 CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607 - mysql: Server: Optimizer...

CentOS 8 : mariadb:10.5 (CESA-2022:5826)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5826 advisory. - mariadb: CONNECT storage engine heap-based buffer overflow CVE-2022-24052 - mariadb: Crash executing query with VIEW, aggregate and subquery...