MiracleLinux 8 : c-ares-1.13.0-6.el8.ML.1 (AXSA:2022-3337:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3337:02 advisory. c-ares: Missing input validation of host names may lead to domain hijacking CVE-2021-3672 Tenable has extracted the preceding description block directly from...

MiracleLinux 7 : firefox-115.10.0-1.0.1.el7.AXS7 (AXSA:2024-7697:15)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7697:15 advisory. GetBoundName in the JIT returned the wrong object CVE-2024-3852 Out-of-bounds-read after mis-optimized switch statement CVE-2024-3854 Incorrect...

MiracleLinux 9 : python-jwcrypto-1.5.6-2.el9 (AXSA:2024-9264:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9264:02 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-6.el8_9.6.ML.1 (AXSA:2024-7572:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7572:03 advisory. edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing DNS Servers option in a...

MiracleLinux 9 : golang-1.19.10-1.el9, go-toolset-1.19.10-1.el9 (AXSA:2023-6174:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6174:04 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang: cmd/go: go command may execute arbitrary...

MiracleLinux 7 : open-vm-tools-11.0.5-3.el7.9 (AXSA:2023-6579:12)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6579:12 advisory. open-vm-tools: SAML token signature bypass CVE-2023-34058 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper...

MiracleLinux 8 : perl-App-cpanminus:1.7044 (5.24) (AXSA:2024-9045:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9045:04 advisory. perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 Tenable has extracted the preceding description block...

MiracleLinux 9 : perl-CPAN-2.29-3.el9 (AXSA:2023-6650:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6650:01 advisory. perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 Tenable has extracted the preceding description block...

MiracleLinux 8 : edk2-20190829git37eef91017ad-9.el8 (AXSA:2020-915:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-915:01 advisory. edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib CVE-2019-14563 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : nodejs:14 nodejs-nodemon-2.0.20-2.module+el8+1579+35966ec0, nodejs-packaging-23-3.module+el8+1579+35966ec0, nodejs-14.21.1-2.module+el8+1579+35966ec0 (AXSA:2023-4653:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4653:01 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch:...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8540:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8540:01 advisory. golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped...

MiracleLinux 9 : bind-9.16.23-11.el9.1 (AXSA:2023-6228:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6228:06 advisory. bind: named's configured cache size limit can be significantly exceeded CVE-2023-2828 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python3.12-3.12.5-2.el9_5.2 (AXSA:2024-9442:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9442:17 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...

MiracleLinux 8 : freeradius:3.0 Security update (AXSA:2020-789:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-789:01 advisory. freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations CVE-2019-13456 CVE-2019-13456 Tenable has extracted the preceding...

MiracleLinux 9 : pki-core-11.5.0-2.el9_4.ML.1 (AXSA:2024-8488:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8488:02 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : kernel-4.18.0-477.21.1.el8_8 (AXSA:2023-6359:23)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6359:23 advisory. kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free vulnerabili...

MiracleLinux 9 : ruby:3.1 (AXSA:2024-7662:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7662:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

MiracleLinux 8 : git-2.18.4-2.el8 (AXSA:2020-405:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-405:06 advisory. git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak CVE-2020-11008 Tenable has extracted the preceding description...

MiracleLinux 9 : bubblewrap and flatpak (AXSA:2024-8787:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8787:02 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : python-urllib3-1.10.2-7.0.1.el7.AXS7 (AXSA:2024-9026:07)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9026:07 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...