MiracleLinux 8 : aspell-0.60.6.1-22.el8.ML.1 (AXSA:2022-3329:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3329:02 advisory. aspell: Heap-buffer-overflow in acommon::ObjStack::duptop CVE-2019-25051 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : zlib-1.2.11-19.el8 (AXSA:2022-3921:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3921:04 advisory. zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 Tenable has extracted the...

MiracleLinux 8 : openssl-1.1.1c-15.el8 (AXSA:2020-289:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-289:02 advisory. openssl: side-channel weak encryption vulnerability CVE-2019-1547 openssl: information disclosure in fork CVE-2019-1549 openssl: information disclosu...

MiracleLinux 8 : libxml2-2.9.7-8.el8 (AXSA:2020-1001:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1001:04 advisory. libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c CVE-2019-19956 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c...

MiracleLinux 8 : yajl-2.1.0-11.el8 (AXSA:2022-4173:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4173:02 advisory. yajl: heap-based buffer overflow when handling large inputs due to an integer overflow CVE-2022-24795 Tenable has extracted the preceding description block...

MiracleLinux 8 : poppler-20.11.0-11.el8 (AXSA:2024-8323:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8323:02 advisory. poppler: NULL pointer dereference in FoFiType1C::convertToType1 CVE-2020-36024 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : flatpak-1.6.2-5.el8 (AXSA:2021-1455:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1455:03 advisory. flatpak: sandbox escape via spawn portal CVE-2021-21261 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 8 : grafana-pcp-3.2.0-2.el8 (AXSA:2022-4370:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4370:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang:...

MiracleLinux 8 : libexif-0.6.22-5.el8 (AXSA:2021-1382:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1382:02 advisory. libexif: out of bounds write due to an integer overflow in exif-entry.c CVE-2020-0452 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : tcpdump-4.9.3-2.el8 (AXSA:2021-2659:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2659:02 advisory. tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory CVE-2020-8037 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : c-ares-1.13.0-8.el8 (AXSA:2023-7091:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7091:05 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 Tenable has extracted the preceding description block directly fro...

MiracleLinux 8 : cyrus-imapd-3.0.7-19.el8 (AXSA:2021-1276:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1276:01 advisory. cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the...

MiracleLinux 8 : e2fsprogs-1.45.4-3.el8 (AXSA:2020-302:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-302:02 advisory. e2fsprogs: crafted ext4 partition leads to out-of-bounds write CVE-2019-5094 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : dotnet6.0-6.0.122-1.el8.ML.1 (AXSA:2023-6414:22)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6414:22 advisory. dotnet: Denial of Service with Client Certificates using .NET Kestrel CVE-2023-36799 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : flatpak-1.6.2-6.el8 (AXSA:2021-1632:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1632:06 advisory. flatpak: file forwarding feature can be used to gain unprivileged access to files CVE-2021-21381 Tenable has extracted the preceding description block direct...

MiracleLinux 8 : samba-4.15.5-10.el8 (AXSA:2022-3934:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3934:09 advisory. samba: server memory information leak via SMB1 CVE-2022-32742 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : patch-2.7.6-11.el8 (AXSA:2020-262:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-262:01 advisory. patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files CVE-2019-13636 Tenable has extracted the preceding...

MiracleLinux 8 : cpio-2.12-11.el8.ML.1 (AXSA:2022-3303:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3303:02 advisory. Update the version to 2.12-11.el8.ML.1. Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

K000140042: libldap vulnerability CVE-2020-15719

Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName SAN. This is fixed in, for example, openldap-2.4.46-10.el8 i...

Centreon 23.10-1.el8 SQL Injection Vulnerability

;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; version: centreon-vbox-vm-2310-1.el8.zip ;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html ;; ;; sqlmap request.txt POST /centreon/main.get.php?p=60201 HTTP/1.1 Host: 192.168.56.156...