12 matches found
RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:0774)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0774 advisory. Red Hat Certificate System RHCS is a complete implementation of an enterprise software system designed to manage enterprise Public Key Infrastructure...
CentOS 9 : jss-5.0.3-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the jss-5.0.3-1.el9 build changelog. - memory leak in TLS connection leads to OOM rhel-9.0 CVE-2021-4213 Note that Nessus has not tested for this issue but has instead relied only on the...
OESA-2024-1208 jss security update
JSS offers a implementation for java-based applications to use native NSS. Security Fixes: A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the...
Rocky Linux 8 : pki-core:10.6 (RLSA-2022:1851)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1851 advisory. - A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server's RAM...
CVE-2021-4213
CVE-2021-4213 is a memory-leak flaw in JSS (and related PKI components like pki-core/jss) that can cause server memory to gradually exhaust RAM, enabling a denial-of-service via out-of-memory conditions. Publicly documented in multiple advisories and Nessus detections across distros (Alibaba Clou...
Oracle Linux 8 : pki-core:10.6 (ELSA-2022-1851)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1851 advisory. - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM rhel-8 Tenable has extracted the preceding description block directl...
AlmaLinux 8 : pki-core:10.6 (ALSA-2022:1851)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1851 advisory. JSS: memory leak in TLS connection leads to OOM CVE-2021-4213 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...
RHEL 8 : pki-core:10.6 (RHSA-2022:1851)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1851 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: JSS: memory leak in TLS...
Moderate: Red Hat Security Advisory: pki-core:10.6 security and bug fix update
An update for the pki-core:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: pki-core:10.6 security and bug fix update
The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: JSS: memory leak in TLS connection leads to OOM CVE-2021-4213 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
ALSA-2022:1851 Moderate: pki-core:10.6 security and bug fix update
The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: JSS: memory leak in TLS connection leads to OOM CVE-2021-4213 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CentOS 8 : pki-core:10.6 (CESA-2022:1851)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:1851 advisory. - JSS: memory leak in TLS connection leads to OOM CVE-2021-4213 Note that Nessus has not tested for this issue but has instead relied only on the application's...