43 matches found
RHCOS 3 : OpenShift Container Platform 3.11.542 (RHSA-2021:3915)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3915 advisory. - kubernetes: Node disk DOS by writing to container /etc/hosts CVE-2020-8557 Note that Nessus has not tested for this issue but has instead...
RHCOS 4 : OpenShift Container Platform 4.8.4 (RHSA-2021:2984)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2984 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...
Azure Linux 3.0 Security Update: python-tensorboard (CVE-2021-33197)
The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33197 advisory. - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from...
MiracleLinux 8 : bash-4.4.19-14.el8 (AXSA:2021-1784:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1784:01 advisory. bash: when effective UID is not equal to its real UID the saved UID is not dropped CVE-2019-18276 Tenable has extracted the preceding description block...
MiracleLinux 8 : httpd:2.4 (AXSA:2021-1401:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1401:01 advisory. httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in h2 connection shutdown CVE-2019-10082 httpd: null-pointer...
MiracleLinux 7 : etcd-3.2.32-1.el7 (AXSA:2021-1717:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1717:01 advisory. etcd: Large slice causes panic in decodeRecord method CVE-2020-15106 etcd: DoS in wal/wal.go CVE-2020-15112 Tenable has extracted the preceding...
MiracleLinux 4 : firefox-78.12.0-1.0.1.AXS4 (AXSA:2021-2238:17)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2238:17 advisory. Mozilla: Use-after-free in accessibility features of a document CVE-2021-29970 Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12...
MiracleLinux 8 : xterm-331-1.el8.2 (AXSA:2021-1518:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1518:01 advisory. xterm: crash when processing combining characters CVE-2021-27135 Tenable has extracted the preceding description block directly from the MiracleLinux securit...
MiracleLinux 7 : xstream-1.3.1-12.el7 (AXSA:2021-1252:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1252:01 advisory. XStream: remote code execution due to insecure XML deserialization when relying on blocklists CVE-2020-26217 Tenable has extracted the preceding description...
MiracleLinux 8 : firefox-78.11.0-3.el8.ML.1 (AXSA:2021-2293:19)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2293:19 advisory. Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 CVE-2021-29967 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : flatpak-1.0.9-10.el7 (AXSA:2021-1462:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1462:04 advisory. flatpak: sandbox escape via spawn portal CVE-2021-21261 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...
MiracleLinux 8 : librsvg2-2.42.7-4.0.1.el8 (AXSA:2021-1255:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1255:01 advisory. librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : pacemaker-2.0.4-6.el8.1 (AXSA:2021-1439:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1439:03 advisory. pacemaker: ACL restrictions bypass CVE-2020-25654 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Not...
MiracleLinux 8 : dotnet5.0-5.0.103-1.0.1.el8 (AXSA:2021-1546:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1546:02 advisory. dotnet: certificate chain building recursion Denial of Service CVE-2021-1721 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock...
MiracleLinux 4 : nss-3.44.0-7.0.1.AXS4 (AXSA:2021-1747:04)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1747:04 advisory. nss: TLS 1.3 CCS flood remote DoS Attack CVE-2020-25648 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...
MiracleLinux 7 : gupnp-1.0.2-6.el7 (AXSA:2021-1998:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1998:01 advisory. gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services CVE-2021-33516 Tenable has extracted t...
EUVD-2021-32374
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-29982
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. Thi...
CVE-2021-24518
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...
OESA-2024-1037 jersey security update
Jersey is the open source JAX-RS JSR 311 production quality Reference Implementation for building RESTful Web services. %if Security Fixes: Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the...