The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9601 advisory.

    Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop     environment not only on the machine where it is running, but from anywhere on the Internet and from a wide     variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

    Security Fix(es):

    * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9579 advisory.

    Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop     environment not only on the machine where it is running, but from anywhere on the Internet and from a wide     variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

    Security Fix(es):

    * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9573 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: infinite loop while reading websocket data (CVE-2024-52532)

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9524 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9554 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)

    * firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in     the browser (CVE-2024-10464)

    * firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response     (CVE-2024-10461)

    * firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

    * firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and     Thunderbird 128.4 (CVE-2024-10467)

    * firefox: thunderbird: Clipboard paste button persisted across tabs (CVE-2024-10465)

    * firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

    * firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

    * firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

    * firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9547 advisory.

    Kerberos is a network authentication system, which can improve the security of your network by eliminating     the insecure practice of sending passwords over the network in unencrypted form. It allows clients and     servers to authenticate to each other with the help of a trusted third party, the Kerberos key     distribution center (KDC).

    Security Fix(es):

    * freeradius: forgery attack (CVE-2024-3596)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9566 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9525 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9481 advisory.

    Django is a high-level Python Web framework that encourages rapid     development and a clean, pragmatic design. It focuses on automating as much     as possible and adhering to the DRY (Don't Repeat Yourself) principle.

    Security Fix(es):

    * Potential denial-of-service in django.utils.html.urlize()     (CVE-2024-38875)

    * Potential denial-of-service in     django.utils.translation.get_supported_language_variant() (CVE-2024-39614)

    * Username enumeration through timing difference for users with unusable     passwords (CVE-2024-39329)

    * Potential directory-traversal in django.core.files.storage.Storage.save()     (CVE-2024-39330)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9552 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)

    * firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in     the browser (CVE-2024-10464)

    * firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response     (CVE-2024-10461)

    * firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

    * firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and     Thunderbird 128.4 (CVE-2024-10467)

    * firefox: thunderbird: Clipboard paste button persisted across tabs (CVE-2024-10465)

    * firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

    * firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

    * firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

    * firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9559 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: infinite loop while reading websocket data (CVE-2024-52532)

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9572 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8984 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.17.4. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:8981

    Security Fix(es):

    * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)
    * Podman: Buildah: CRI-O: symlink traversal vulnerability in the     containers/storage library can cause Denial of Service (DoS)     (CVE-2024-9676)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.17/updating/updating_a_cluster/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9497 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)

    * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

    * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

    * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772)

    * kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)

    * kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)

    * kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (CVE-2024-31076)

    * kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)

    * kernel: firmware: cs_dsp: Fix overflow checking of wmfw header (CVE-2024-41039)

    * kernel: net/iucv: fix use after free in iucv_sock_close() (CVE-2024-42271)

    * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9498 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)

    * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

    * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

    * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772)

    * kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)

    * kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)

    * kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (CVE-2024-31076)

    * kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)

    * kernel: firmware: cs_dsp: Fix overflow checking of wmfw header (CVE-2024-41039)

    * kernel: net/iucv: fix use after free in iucv_sock_close() (CVE-2024-42271)

    * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9502 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * libexpat: expat: DoS via XML_ResumeParser (CVE-2024-50602)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9501 advisory.

    The libsoup packages provide an HTTP client and server library for GNOME.

    Security Fix(es):

    * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9500 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

    * kernel: scsi: mpt3sas: Fix use-after-free warning (CVE-2022-48695)

    * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9472 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can     cause a panic due to stack exhaustion (CVE-2024-34156)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9450 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9473 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can     cause a panic due to stack exhaustion (CVE-2024-34156)

    * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9150 advisory.

    The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a     Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9452 advisory.

    Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and     analysis of system-level performance measurements. Its light-weight distributed architecture makes it     particularly well-suited to centralized analysis of complex systems.

    Security Fix(es):

    * pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)

    * pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9192 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

    * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9243 advisory.

    The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH     (SASL), and TLS.

    Security Fix(es):

    * postfix: SMTP smuggling vulnerability (CVE-2023-51764)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9470 advisory.

    The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar     operating systems.

    Security Fix(es):

    * cups: libppd: remote command injection via attacker controlled data in PPD file ()

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9088 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package     contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)

    * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

    * openssl: denial of service via null dereference (CVE-2024-0727)

    * edk2: Temporary DoS vulnerability (CVE-2024-1298)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9102 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * podman: Symlink error leads to information disclosure (CVE-2022-4122)

    * containers/image: digest type does not guarantee valid type (CVE-2024-3727)

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

    * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9184 advisory.

    The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3     packages contain GTK+ version 3.

    Security Fix(es):

    * gtk3: gtk2: Library injection from CWD (CVE-2024-6655)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9458 advisory.

    The python-urllib3 package provides the Python HTTP module with connection pooling and file POST     abilities.

    Security Fix(es):

    * urllib3: proxy-authorization request header is not stripped during cross-origin redirects     (CVE-2024-37891)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9181 advisory.

    Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose     package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption     (NBDE) in Red Hat Enterprise Linux.

    Security Fix(es):

    * jose: resource exhaustion (CVE-2024-28176)

    * jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9115 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)

    * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)

    * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

    * go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

    * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9442 advisory.

    GLib provides the core application building blocks for libraries and applications written in C. It     provides the core object system used in GNOME, the main loop implementation, and a large set of utility     functions for strings and common data structures.

    Security Fix(es):

    * glib2: Signal subscription vulnerabilities (CVE-2024-34397)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9439 advisory.

    FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including     PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed     fonts.

    Security Fix(es):

    * fontforge: command injection via crafted archives or compressed files (CVE-2024-25082)

    * fontforge: command injection via crafted filenames (CVE-2024-25081)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9306 advisory.

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    * httpd: HTTP response splitting (CVE-2023-38709)

    * httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9098 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * containers/image: digest type does not guarantee valid type (CVE-2024-3727)

    * golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)

    * go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

    * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9097 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * containers/image: digest type does not guarantee valid type (CVE-2024-3727)

    * net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9454 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a     panic/stack exhaustion (CVE-2024-34155)

    * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can     cause a panic due to stack exhaustion (CVE-2024-34156)

    * go/build/constraint: golang: Calling Parse on a // +build build tag line with deeply nested     expressions can cause a panic due to stack exhaustion (CVE-2024-34158)

    * Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library     (CVE-2024-9341)

    * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount     Instruction (CVE-2024-9407)

    * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)

    * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause     Denial of Service (DoS) (CVE-2024-9676)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9187 advisory.

    BPF Compiler Collection (BCC) is a toolkit for easier creation of efficient kernel tracing and     manipulation programs. BCC uses the extended Berkeley Packet Filter (eBPF) tool.

    Security Fix(es):

    * bcc: unprivileged users can force loading of compromised linux headers (CVE-2024-2314)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9136 advisory.

    Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm packages provide the user-space component for running virtual machines that     use KVM.

    Security Fix(es):

    * QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow (CVE-2024-26327)

    * QEMU: virtio: DMA reentrancy issue leads to double free vulnerability (CVE-2024-3446)

    * QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure     (CVE-2024-7409)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9474 advisory.

    Kerberos is a network authentication system, which can improve the security of your network by eliminating     the insecure practice of sending passwords over the network in unencrypted form. It allows clients and     servers to authenticate to each other with the help of a trusted third party, the Kerberos key     distribution center (KDC).

    Security Fix(es):

    * freeradius: forgery attack (CVE-2024-3596)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9167 advisory.

    Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

    Security Fix(es):

    * poppler: pdfinfo: crash in broken documents when using -dests parameter (CVE-2024-6239)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9122 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)

    * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9413 advisory.

    The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach,     hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.

    Security Fix(es):

    * bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution     (CVE-2023-45866)

    * BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability     (CVE-2023-27349)

    * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability     (CVE-2023-51596)

    * bluez: OBEX library out-of-bounds read information disclosure vulnerability (CVE-2023-51594)

    * bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability     (CVE-2023-51592)

    * bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability     (CVE-2023-51589)

    * bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability     (CVE-2023-51580)

    * bluez: AVRCP stack-based buffer overflow remote code execution vulnerability (CVE-2023-44431)

    * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability     (CVE-2023-50230)

    * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability     (CVE-2023-50229)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9331 advisory.

    Kerberos is a network authentication system, which can improve the security of your network by eliminating     the insecure practice of sending passwords over the network in unencrypted form. It allows clients and     servers to authenticate to each other with the help of a trusted third party, the Kerberos key     distribution center (KDC).

    Security Fix(es):

    * krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c (CVE-2024-26458)

    * krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (CVE-2024-26461)

    * krb5: Memory leak at /krb5/src/kdc/ndr.c (CVE-2024-26462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9405 advisory.

    Vim (Vi IMproved) is an updated and improved version of the vi editor.

    Security Fix(es):

    * vim: heap-based buffer overflow vulnerability (CVE-2021-3903)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9188 advisory.

    BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter (eBPF) available in     recent Linux kernels (4.x). BPFtrace uses LLVM as a backend to compile scripts to BPF-bytecode and makes     use of BCC for interacting with the Linux BPF system, as well as existing Linux tracing capabilities:
    kernel dynamic tracing (kprobes), user-level dynamic tracing (uprobes), and tracepoints. The BPFtrace     language is inspired by awk and C, and predecessor tracers such as DTrace and SystemTap

    Security Fix(es):

    * bpftrace: unprivileged users can force loading of compromised linux headers (CVE-2024-2313)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9457 advisory.

    urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that     are missing from the Python standard libraries:
       Thread safety.
       Connection pooling.
       Client-side SSL/TLS verification.
       File uploads with multipart encoding.
       Helpers for retrying requests and dealing with HTTP redirects.
       Support for gzip, deflate, brotli, and zstd encoding.
       Proxy support for HTTP and SOCKS.
       100% test coverage.

    Security Fix(es):

    * urllib3: proxy-authorization request header is not stripped during cross-origin redirects     (CVE-2024-37891)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9190 advisory.

    Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed     with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem     of third-party libraries.  The python3.12 package provides the python3.12 executable: the reference     interpreter for the Python language, version 3. The majority of its standard library is provided in the     python3.12-libs package, which should be installed automatically along with python3.12. The remaining     parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test     packages, which may need to be installed separately.  Documentation for Python is provided in the     python3.12-docs package.  Packages containing additional libraries for Python are generally named with the     python3.12- prefix.

    Security Fix(es):

    * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

    * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)

    * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
210921	RHEL 9 : tigervnc (RHSA-2024:9601)	high
210911	RHEL 9 : tigervnc (RHSA-2024:9579)	high
210910	RHEL 8 : libsoup (RHSA-2024:9573)	high
210908	RHEL 8 : libsoup (RHSA-2024:9524)	high
210907	RHEL 9 : firefox (RHSA-2024:9554)	critical
210906	RHEL 9 : krb5 (RHSA-2024:9547)	critical
210905	RHEL 8 : libsoup (RHSA-2024:9566)	high
210904	RHEL 8 : libsoup (RHSA-2024:9525)	high
210903	RHEL 9 : Red Hat OpenStack Platform 18.0.3 (python-django) (RHSA-2024:9481)	medium
210902	RHEL 9 : thunderbird (RHSA-2024:9552)	critical
210901	RHEL 9 : libsoup (RHSA-2024:9559)	high
210900	RHEL 9 : libsoup (RHSA-2024:9572)	high
210892	RHEL 8 / 9 : OpenShift Container Platform 4.17.4 (RHSA-2024:8984)	medium
210888	RHEL 9 : kernel (RHSA-2024:9497)	high
210887	RHEL 9 : kernel-rt (RHSA-2024:9498)	high
210886	RHEL 8 : expat (RHSA-2024:9502)	medium
210885	RHEL 8 : libsoup (RHSA-2024:9501)	high
210884	RHEL 8 : kernel (RHSA-2024:9500)	high
210843	RHEL 9 : grafana-pcp (RHSA-2024:9472)	high
210842	RHEL 9 : python3.11 (RHSA-2024:9450)	high
210841	RHEL 9 : grafana (RHSA-2024:9473)	critical
210840	RHEL 9 : python-jinja2 (RHSA-2024:9150)	medium
210839	RHEL 9 : pcp (RHSA-2024:9452)	medium
210838	RHEL 9 : python3.11 (RHSA-2024:9192)	high
210837	RHEL 9 : postfix (RHSA-2024:9243)	medium
210836	RHEL 9 : cups (RHSA-2024:9470)	high
210835	RHEL 9 : edk2 (RHSA-2024:9088)	medium
210834	RHEL 9 : podman (RHSA-2024:9102)	medium
210833	RHEL 9 : gtk3 (RHSA-2024:9184)	high
210832	RHEL 9 : python3.11-urllib3 (RHSA-2024:9458)	medium
210831	RHEL 9 : jose (RHSA-2024:9181)	high
210830	RHEL 9 : grafana (RHSA-2024:9115)	critical
210829	RHEL 9 : mingw-glib2 (RHSA-2024:9442)	medium
210828	RHEL 9 : fontforge (RHSA-2024:9439)	medium
210827	RHEL 9 : httpd (RHSA-2024:9306)	high
210826	RHEL 9 : skopeo (RHSA-2024:9098)	medium
210825	RHEL 9 : buildah (RHSA-2024:9097)	high
210824	RHEL 9 : podman (RHSA-2024:9454)	medium
210822	RHEL 9 : bcc (RHSA-2024:9187)	low
210821	RHEL 9 : qemu-kvm (RHSA-2024:9136)	high
210820	RHEL 9 : krb5 (RHSA-2024:9474)	critical
210819	RHEL 9 : poppler (RHSA-2024:9167)	high
210818	RHEL 9 : xorg-x11-server (RHSA-2024:9122)	high
210817	RHEL 9 : bluez (RHSA-2024:9413)	medium
210816	RHEL 9 : krb5 (RHSA-2024:9331)	high
210815	RHEL 9 : kernel (RHSA-2024:9315)	high
210814	RHEL 9 : vim (RHSA-2024:9405)	high
210813	RHEL 9 : bpftrace (RHSA-2024:9188)	low
210812	RHEL 9 : python3.12-urllib3 (RHSA-2024:9457)	medium
210811	RHEL 9 : python3.12 (RHSA-2024:9190)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

high

critical

critical

high

high

medium

critical

high

high

medium

high

high

medium

high

high

high

high

critical

medium

medium

high

medium

high

medium

medium

high

medium

high

critical

medium

medium

high

medium

high

medium

low

high

critical

high

high

medium

high

high

high

low

medium

high