Advisory ROSA-SA-2025-2904

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of...

CentOS 9 : kernel-5.14.0-587.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-587.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: iouring: prevent opcode speculation sqe-opcode is used for differen...

CentOS 9 : kernel-5.14.0-580.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-580.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found...

CentOS 9 : kernel-5.14.0-573.el9

"The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-573.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease Fix a...

Linux Distros Unpatched Vulnerability : CVE-2017-5972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remo...

CentOS 9 : openssh-8.7p1-45.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-45.el9 build changelog. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...

CentOS 9 : kernel-5.14.0-559.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-559.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current...

CentOS 9 : kernel-5.14.0-554.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-554.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores...

CentOS 6 : chromium-browser (RHSA-2020:4235)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4235 advisory. - Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTM...

CentOS 7 : freerdp (RHSA-2020:2405)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2405 advisory. - An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB write vulnerability has been detected in cryptorsacommon in libfreerdp/crypto/crypto.c...

CentOS 7 : java-1.7.1-ibm (RHSA-2020:5586)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5586 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 7 : java-1.8.0-ibm (RHSA-2020:5585)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5585 advisory. - In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or...

CentOS 7 : java-1.8.0-ibm (RHSA-2024:1482)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1482 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supporte...

CentOS 7 : kernel-alt (RHSA-2021:0354)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0354 advisory. - Use-after-free vulnerability in fs/blockdev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by...

CentOS 9 : kernel-5.14.0-511.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-511.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wrwait after setting maxusage Commit c73be61cede5 pipe...

CentOS 9 : kernel-5.14.0-503.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-503.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: nullblk: fix validation of block size Block size should be between...

CentOS 9 : openssl-3.2.2-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssl-3.2.2-4.el9 build changelog. - SSLselectnextproto buffer overread CVE-2024-5535 Note that Nessus has not tested for this issue but has instead relied only on the application's...

CentOS 9 : openssl-3.2.2-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.2.2-1.el9 build changelog. - Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact...

CentOS 8 : grafana (CESA-2024:3265)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3265 advisory. - It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE...

CentOS 8 : gstreamer1-plugins-bad-free (CESA-2024:3060)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3060 advisory. - GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code...