The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory.

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

    Security Fix(es):

    * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3955 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.12.0 ESR.

    Security Fix(es):

    * firefox: Use-after-free in networking (CVE-2024-5702)

    * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)

    * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)

    * firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window     (CVE-2024-5691)

    * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

    * firefox: Memory Corruption in Text Fragments (CVE-2024-5696)

    * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12     (CVE-2024-5700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3950 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.12.0 ESR.

    Security Fix(es):

    * firefox: Use-after-free in networking (CVE-2024-5702)

    * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)

    * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)

    * firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window     (CVE-2024-5691)

    * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

    * firefox: Memory Corruption in Text Fragments (CVE-2024-5696)

    * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12     (CVE-2024-5700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3963 advisory.

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

    Security Fix(es):

    * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.12.0 ESR.

    Security Fix(es):

    * firefox: Use-after-free in networking (CVE-2024-5702)

    * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)

    * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)

    * firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window     (CVE-2024-5691)

    * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

    * firefox: Memory Corruption in Text Fragments (CVE-2024-5696)

    * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12     (CVE-2024-5700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory.

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

    Security Fix(es):

    * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3954 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.12.0 ESR.

    Security Fix(es):

    * firefox: Use-after-free in networking (CVE-2024-5702)

    * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)

    * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)

    * firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window     (CVE-2024-5691)

    * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

    * firefox: Memory Corruption in Text Fragments (CVE-2024-5696)

    * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12     (CVE-2024-5700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.12.0 ESR.

    Security Fix(es):

    * firefox: Use-after-free in networking (CVE-2024-5702)

    * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)

    * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)

    * firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window     (CVE-2024-5691)

    * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

    * firefox: Memory Corruption in Text Fragments (CVE-2024-5696)

    * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12     (CVE-2024-5700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory.

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

    Security Fix(es):

    * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.12.0 ESR.

    Security Fix(es):
    * firefox: Use-after-free in networking (CVE-2024-5702)

    * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688)

    * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690)

    * firefox:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window     (CVE-2024-5691)

    * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

    * firefox: Memory Corruption in Text Fragments (CVE-2024-5696)

    * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12     (CVE-2024-5700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)

    * hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635)

    * hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-40964)

    * hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi (CVE-2022-36351)

    * hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi (CVE-2022-38076)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    These new packages include numerous enhancements, bug fixes, and known issues. Space precludes documenting     all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for     information on the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory.

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic     Host Configuration Protocol) server.

    Security Fix(es):

    * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)

    * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)

    * expat: XML Entity Expansion (CVE-2024-28757)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3875 advisory.

    libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

    Security Fix(es):

    * nghttp2: CONTINUATION frames DoS (CVE-2024-28182,VU#421644.5)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3700 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.29. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:3700

    Security Fix(es):

    * cri-o: malicious container can create symlink on host (CVE-2024-5154)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory.

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic     Host Configuration Protocol) server.

    Security Fix(es):

    * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)

    * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx     (CVE-2024-1023)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3715 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.59. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2024:3713

    Security Fix(es):

    * golang-protobuf: encoding/protojson, internal/encoding/json: infinite     loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON     (CVE-2024-24786)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3830 advisory.

    A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and     is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock     brings a configurable DNS server and dynamic port forwarding.

    Security Fix(es):

    * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3837 advisory.

    389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base     packages include the Lightweight Directory Access Protocol (LDAP) server and     command-line utilities for server administration.

    Security Fix(es):

    * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)

    * 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3854 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic     msrs (CVE-2023-5090)

    * kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg     (CVE-2023-51779)

    * kernel: kvm: Avoid potential UAF in LPI translation cache (CVE-2024-26598)

    * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)

    Bug Fix:

    * kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-38545)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3812 advisory.

    The protobuf-c packages provide C bindings for Google's Protocol Buffers.

    Security Fix(es):

    * protobuf-c: unsigned integer overflow in parse_required_member     (CVE-2022-48468)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3827 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

    * jose-go: improper handling of highly compressed data (CVE-2024-28180)

    * buildah: jose: resource exhaustion (CVE-2024-28176)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3855 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic     msrs (CVE-2023-5090)

    * kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg     (CVE-2023-51779)

    * kernel: kvm: Avoid potential UAF in LPI translation cache (CVE-2024-26598)

    * kernel: KVM: s390: vsie: fix race during shadow creation (CVE-2023-52639)

    * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3820 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory.

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text     files and to perform system management tasks.

    The following packages have been upgraded to a later upstream version: ruby     (3.0). (RHEL-35740)

    Security Fix(es):

    * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)

    * ruby: ReDoS vulnerability in URI (CVE-2023-28755)

    * ruby: ReDoS vulnerability in Time (CVE-2023-28756)

    * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)

    * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)

    * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3843 advisory.

    Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network     configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line     sessions, and more.

    Security Fix(es):

    * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3835 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)

    * libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3834 advisory.

    The gdk-pixbuf2 packages provide an image loading library that can be extended     by loadable modules for new image formats. It is used by toolkits such as GTK+     or clutter.

    Security Fix(es):

    * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3859 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability (CVE-2023-4155)

    * kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg     (CVE-2023-51779)

    * kernel: wifi: mac80211: fix potential key use-after-free (CVE-2023-52530)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3676 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.17. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2024:3673

    Security Fix(es):

    * cri-o: malicious container can create symlink on host (CVE-2024-5154)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3811 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3831 advisory.

    The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-     ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI     concerns itself only with network connectivity of containers and removing allocated resources when the     container is deleted.

    Security Fix(es):

    * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3823 advisory.

    The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system     trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-     ostree-client package provides commands for client systems to perform upgrades and rollbacks.

    Security Fix(es):

    * rpm-ostree: world-readable /etc/shadow file [9.4.z] (JIRA:RHEL-31852)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3842 advisory.

    The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving     API.

    Security Fix(es):

    * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3846 advisory.

    The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel     driver (amdkfd).

    Security Fix(es):

    * python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()     (CVE-2024-3651)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3826 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fixes:

    * podman: jose-go: improper handling of highly compressed data (CVE-2024-28180)

    * podman: golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

    * podman: jose: resource exhaustion (CVE-2024-28176)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3814 advisory.

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Security Fix(es):

    * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)

    * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)

    Bug Fix(es):

    * Rebase tomcat to version 9.0.87 (JIRA:RHEL-34811)

    * Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly (JIRA:RHEL-37865)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition (CVE-2023-1118)

    * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

    * kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

    * kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

    * kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

    * kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

    * kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

    * kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

    * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

    * CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-     SN-3008,CVE-2024-25742,CVE-2024-25743)

    * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

    Bug Fix(es):

    * md raid5 deadlock during sync check (JIRA:RHEL-27235)

    * NULL pointer dereference occurs in x2apic_dead_cpu() due to missing backport from upstream commit     7a22e03b0c02 (JIRA:RHEL-32733)

    * [RHEL8.8][ltp] case vma05 failed on x86_64 (JIRA:RHEL-33448)

    * XFS: thaw operation hungs if caches are dropped while FS is frozen  (JIRA:RHEL-34523)

    * Temporary values in FIPS integrity test should be zeroized (JIRA:RHEL-36693)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3805 advisory.

    This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify     the code of a running kernel.

    Security Fix(es):

    * kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3795 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3781 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):

    * automation-controller: aiohttp: DoS when trying to parse malformed POST requests (CVE-2024-30251)
    * automation-controller: Django: Potential regular expression denial-of-service in     django.utils.text.Truncator.words() (CVE-2024-27351)
    * automation-controller: pip: Mercurial configuration injectable in repo revision when installing via pip     (CVE-2023-5752)
    * automation-controller: pydantic: regular expression denial of service via crafted email string     (CVE-2024-3772)
    * automation-hub, python3/python39-galaxy-ng: follow-redirects: Possible credential leak (CVE-2024-28849)
    * python3/python39-aiohttp: DoS when trying to parse malformed POST requests (CVE-2024-30251)
    * python3/python39-aiohttp: XSS on index pages for static file handling (CVE-2024-27306)
    * python3/python39-black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file     (CVE-2024-21503)
    * python3/python39-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when     called with a non-matching certificate and private key and an hmac_hash override (CVE-2024-26130)
    * python3/python39-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)
    * python3/python39-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)
    * python3/python39-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding     headers (CVE-2024-1135)
    * python3/python39-idna: potential DoS via resource consumption via specially crafted inputs to     idna.encode() (CVE-2024-3651)
    * python3/python39-jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)
    * python3/python39-pillow: buffer overflow in _imagingcms.c (CVE-2024-28219)
    * python3/python39-pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)
    * python3/python39-pydantic: regular expression denial of service via crafted email string (CVE-2024-3772)
    * python3/python39-requests: subsequent requests to the same host ignore cert verification     (CVE-2024-35195)
    * python3/python39-social-auth-app-django: Improper Handling of Case Sensitivity in social-auth-app-django     (CVE-2024-32879)
    * python3/python39-sqlparse: parsing heavily nested list leads to denial of service (CVE-2024-4340)
    * receptor: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm     (CVE-2024-24783)
    * receptor: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS     (CVE-2023-45288)
    * receptor: golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes for automation controller:
    * Fixed Redis connection leak on version 4.5.6 (AAP-24286)
    * automation-controller has been updated to 4.5.7

    Updates and fixes for automation hub:
    * Fixed repository sync issues (AAH-3111, AAH-3218)
    * automation-hub/python3-galaxy-ng/python39-galaxy-ng have been updated to 4.9.2

    Additional changes:
    * ansible-core has been updated to 2.15.11
    * automation-eda-controller has been updated to 1.0.7
    * installer and setup have been updated to 2.4-7
    * receptor has been updated to 1.4.8

    For more details about the updates and fixes included in this release, refer to the Release Notes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3784 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.11.0.

    Security Fix(es):

    * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)

    * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)

    * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)

    * firefox: Cross-origin responses could be distinguished between script and     non-script content-types (CVE-2024-4769)

    * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)

    * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and     Thunderbird 115.11 (CVE-2024-4777)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards     compliance, performance, and portability.

    This update upgrades Firefox to version 115.11.0 ESR.

    Security Fix(es):

    * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)

    * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)

    * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)

    * firefox: Cross-origin responses could be distinguished between script and     non-script content-types (CVE-2024-4769)

    * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)

    * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and     Thunderbird 115.11 (CVE-2024-4777)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3775 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline     brute force

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3756 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute     force (CVE-2024-3183)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity     management, and authorization solution for both traditional and cloud-based     enterprise environments.

    Security Fix(es):

    * freeipa: delegation rules allow a proxy service to impersonate     any user to access another target service (CVE-2024-2698)
    * freeipa: user can obtain a hash of the passwords of all domain     users and perform offline brute force (CVE-2024-3183)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3754 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * freeipa: delegation rules allow a proxy service to impersonate any user to access another target service     (CVE-2024-2698)

    * freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force     (CVE-2024-3183)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3758 advisory.

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization     solution for both traditional and cloud-based enterprise environments.

    Security Fix(es):

    * freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force     (CVE-2024-3183)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
200663	RHEL 9 : flatpak (RHSA-2024:3959)	high
200662	RHEL 9 : firefox (RHSA-2024:3955)	medium
200661	RHEL 8 : firefox (RHSA-2024:3950)	medium
200660	RHEL 8 : flatpak (RHSA-2024:3963)	high
200659	RHEL 8 : firefox (RHSA-2024:3953)	medium
200658	RHEL 8 : flatpak (RHSA-2024:3961)	high
200657	RHEL 8 : firefox (RHSA-2024:3954)	medium
200656	RHEL 7 : firefox (RHSA-2024:3951)	medium
200655	RHEL 8 : flatpak (RHSA-2024:3962)	high
200654	RHEL 8 : firefox (RHSA-2024:3952)	medium
200649	RHEL 7 : linux-firmware (RHSA-2024:3939)	high
200554	RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)	critical
200491	RHEL 8 : dnsmasq (RHSA-2024:3929)	high
200490	RHEL 9 : expat (RHSA-2024:3926)	high
200456	RHEL 9 : nghttp2 (RHSA-2024:3875)	medium
200455	RHEL 8 / 9 : OpenShift Container Platform 4.14.29 (RHSA-2024:3700)	high
200454	RHEL 8 : dnsmasq (RHSA-2024:3877)	high
200453	RHEL 6 : vert.x (Unpatched Vulnerability)	medium
200440	RHEL 8 / 9 : OpenShift Container Platform 4.12.59 (RHSA-2024:3715)	high
200433	RHEL 9 : gvisor-tap-vsock (RHSA-2024:3830)	medium
200432	RHEL 9 : 389-ds-base (RHSA-2024:3837)	high
200431	RHEL 9 : kernel-rt (RHSA-2024:3854)	high
200430	RHEL 8 : protobuf-c (RHSA-2024:3812)	medium
200429	RHEL 9 : buildah (RHSA-2024:3827)	medium
200428	RHEL 9 : kernel (RHSA-2024:3855)	high
200427	RHEL 9 : fence-agents (RHSA-2024:3820)	medium
200426	RHEL 9 : ruby (RHSA-2024:3838)	high
200425	RHEL 9 : cockpit (RHSA-2024:3843)	high
200424	RHEL 9 : libreoffice (RHSA-2024:3835)	high
200423	RHEL 9 : gdk-pixbuf2 (RHSA-2024:3834)	high
200422	RHEL 8 : kernel (RHSA-2024:3859)	medium
200421	RHEL 8 / 9 : OpenShift Container Platform 4.15.17 (RHSA-2024:3676)	high
200420	RHEL 8 : fence-agents (RHSA-2024:3811)	medium
200419	RHEL 9 : containernetworking-plugins (RHSA-2024:3831)	medium
200418	RHEL 9 : rpm-ostree (RHSA-2024:3823)	medium
200417	RHEL 9 : c-ares (RHSA-2024:3842)	medium
200416	RHEL 9 : python-idna (RHSA-2024:3846)	high
200415	RHEL 9 : podman (RHSA-2024:3826)	medium
200414	RHEL 8 : tomcat (RHSA-2024:3814)	medium
200413	RHEL 8 : kernel (RHSA-2024:3810)	high
200332	RHEL 8 : kpatch-patch (RHSA-2024:3805)	high
200331	RHEL 8 : fence-agents (RHSA-2024:3795)	medium
200272	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:3781)	critical
200270	RHEL 8 : thunderbird (RHSA-2024:3784)	high
200269	RHEL 8 : firefox (RHSA-2024:3783)	high
200255	RHEL 8 : idm:DL1 (RHSA-2024:3775)	high
200254	RHEL 8 : idm:DL1 (RHSA-2024:3756)	high
200253	RHEL 9 : ipa (RHSA-2024:3757)	high
200252	RHEL 9 : ipa (RHSA-2024:3754)	high
200251	RHEL 8 : idm:DL1 (RHSA-2024:3758)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

medium

medium

high

medium

high

medium

medium

high

medium

high

critical

high

high

medium

high

high

medium

high

medium

high

high

medium

medium

high

medium

high

high

high

high

medium

high

medium

medium

medium

medium

high

medium

medium

high

high

medium

critical

high

high

high

high

high

high

high