The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3269 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3030 advisory.

    libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or     WAV.

    Security Fix(es):

    * libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2981 advisory.

    FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3,     ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

    Security Fix(es):

    * frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)

    * frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)

    * frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)

    * frr: mishandled malformed data leading to a crash (CVE-2023-46752)

    * frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3128 advisory.

    Perl is a high-level programming language that is commonly used for system administration utilities and     web programming.

    Security Fix(es):

    * perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2974 advisory.

    X.Org X11 libXpm runtime library.

    Security Fix(es):

    * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)

    * libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3102 advisory.

    The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a     Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.

    Security Fix(es):

    * jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3056 advisory.

    Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string,     xml, and network handling in Qt.

    Security Fix(es):

    * qt: incorrect integer overflow check (CVE-2023-51714)

    * qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3233 advisory.

    libssh is a library which implements the SSH protocol. It can be used to implement client and server     applications.

    Security Fix(es):

    * libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname     (CVE-2023-6004)

    * libssh: Missing checks for return values for digests (CVE-2023-6918)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3059 advisory.

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF)     files.

    Security Fix(es):

    * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3067 advisory.

    Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop     environment not only on the machine where it is running, but from anywhere on the Internet and from a wide     variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

    Security Fix(es):

    * xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3105 advisory.

    The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library,     which provides cryptographic primitives and recipes to Python developers.

    Security Fix(es):

    * python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3095 advisory.

    The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg     Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed     audio format.

    Security Fix(es):

    * vorbis-tools: Buffer Overflow vulnerability (CVE-2023-43361)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2950 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3275 advisory.

    The python-dns package contains the dnslib module that implements a DNS client and additional modules that     define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode.

    Security Fix(es):

    * dnspython: denial of service in stub resolver (CVE-2023-29483)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3270 advisory.

    The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote     directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the     Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to     connect to multiple different account sources.

    Security Fix(es):

    * sssd: Race condition during authorization leads to GPO policies functioning inconsistently     (CVE-2023-3758)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2995 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)

    * xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)

    * xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty     (CVE-2023-6478)

    * xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access     (CVE-2024-0229)

    * xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)

    * xorg-x11-server: SELinux context corruption (CVE-2024-0409)

    * xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)

    * xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

    * xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3043 advisory.

    Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote     task execution system. Ansible works over SSH and does not require any software or daemons to be installed     on remote nodes. Extension modules can be written in any language and are transferred to managed machines     automatically.

    Security Fix(es):

    * ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration     (CVE-2024-0690)

    Bug Fix(es):

    * Update ansible-core to 2.16.3 (JIRA:RHEL-23782)

    * Rebuild ansible-core with python 3.12 (JIRA:RHEL-24141)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3264 advisory.

    Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and     analysis of system-level performance measurements. Its light-weight distributed architecture makes it     particularly well-suited to centralized analysis of complex systems.

    Security Fix(es):

    * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3258 advisory.

    X.Org is an open-source implementation of the X Window System. It provides the basic low-level     functionality that full-fledged graphical user interfaces are designed upon.

    Security Fix(es):

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)

    * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3184 advisory.

    The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and     customizable boot loader with modular architecture. The packages support a variety of kernel formats, file     systems, computer architectures, and hardware devices.

    Security Fix(es):

    * grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048)

    * grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (CVE-2023-4692)

    * grub2: out-of-bounds read at fs/ntfs.c (CVE-2023-4693)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3259 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

    * golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect     (CVE-2023-45289)

    * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

    * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

    * golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)

    * golang: html/template: errors returned from MarshalJSON methods may break template escaping     (CVE-2024-24785)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3166 advisory.

    OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating     systems. It includes the core files necessary for both the OpenSSH client and server.

    Security Fix(es):

    * openssh: scp allows command injection when using backtick characters in the destination argument     (CVE-2020-15778)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2961 advisory.

    Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits,     that uses osbuild under the hood.

    Security Fix(es):

    * osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3203 advisory.

    The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and     LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for     starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
    In addition, it supports snapshotting and restoring of the system state, maintains mount and automount     points, and implements an elaborate transactional dependency-based service control logic. It can also work     as a drop-in replacement for sysvinit.

    Security Fix(es):

    * systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (CVE-2023-7008)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3120 advisory.

    freeglut is a completely open source alternative to the OpenGL Utility Toolkit (GLUT) library with an OSI     approved free software license.

    Security Fix(es):

    * freeglut: memory leak via glutAddSubMenu() function (CVE-2024-24258)

    * freeglut: memory leak via glutAddMenuEntry() function (CVE-2024-24259)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2980 advisory.

    HarfBuzz is an implementation of the OpenType Layout engine.

    Security Fix(es):

    * harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3139 advisory.

    SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for     manipulating squashfs file systems.

    Security Fix(es):

    * squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)

    * squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3061 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2966 advisory.

    The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript     translates PostScript code to common bitmap formats so that the code can be displayed or printed.

    Security Fix(es):

    * ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3261 advisory.

    Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop     environment not only on the machine where it is running, but from anywhere on the Internet and from a wide     variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

    Security Fix(es):

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)

    * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)

    * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2996 advisory.

    Xwayland is an X server for running X clients under Wayland.

    Security Fix(es):

    * xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)

    * xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)

    * xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty     (CVE-2023-6478)

    * xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)

    * xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access     (CVE-2024-0229)

    * xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)

    * xorg-x11-server: SELinux context corruption (CVE-2024-0409)

    * xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)

    * xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3163 advisory.

    Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need     to recompile programs to handle authentication.

    Security Fix(es):

    * pam: allowing unprivileged user to block another user namespace (CVE-2024-22365)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3211 advisory.

    The traceroute utility displays the route used by IP packets on their way to a specified network (or     Internet) host.

    Security Fix(es):

    * traceroute: improper command line parsing (CVE-2023-46316)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect     (CVE-2018-25091)

    * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large     exponents (CVE-2021-33198)

    * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)

    * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)

    * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)

    * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

    * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

    * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)

    * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)

    * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)

    * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)

    * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests     (CVE-2023-39326)

    * golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

    * urllib3: Request body not stripped after redirect from 303 status changes request method to GET     (CVE-2023-45803)

    * ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

    * moby/buildkit: Possible race condition with accessing subpaths from cache mounts (CVE-2024-23650)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3178 advisory.

    The linux-firmware packages contain all of the firmware files that are required by various devices to     operate.

    Security Fix(es):

    * hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)

    * hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem     (CVE-2023-20592)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2962 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware     platforms. The virt:rhel module contains packages which provide user-space components used to run virtual     machines using KVM. The packages also provide APIs for managing and interacting with the virtualized     systems.

    Security Fix(es):

    * QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service (CVE-2023-3255)

    * QEMU: improper IDE controller reset can lead to MBR overwrite (CVE-2023-5088)

    * QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() (CVE-2023-6683)

    * QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx() (CVE-2023-6693)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3089 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under     the LGPL license.

    Security Fix(es):

    * gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling     (CVE-2023-37327)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2973 advisory.

    The libX11 packages contain the core X11 protocol client library.

    Security Fix(es):

    * libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785)

    * libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786)

    * libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3062 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple     (CVE-2023-27043)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2979 advisory.

    Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

    Security Fix(es):

    * poppler: NULL pointer dereference in `FoFiType1C::convertToType1` (CVE-2020-36024)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3060 advisory.

    GStreamer is a streaming media framework based on graphs of filters which operate on media data. The     gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

    Security Fix(es):

    * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed     video (CVE-2023-40474)

    * gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio     (CVE-2023-40475)

    * gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite     (CVE-2023-40476)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3022 advisory.

    The motif packages include the Motif shared libraries needed to run applications which are dynamically     linked against Motif, as well as MWM, the Motif Window Manager.

    Security Fix(es):

    * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)

    * libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3254 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * buildah: full container escape at build time (CVE-2024-1753)

    * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)

    * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

    * golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when     unmarshaling certain forms of invalid JSON (CVE-2024-24786)

    * jose-go: improper handling of highly compressed data (CVE-2024-28180)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2953 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)

    * rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)

    * rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3268 advisory.

    Kerberos is a network authentication system, which can improve the security of your network by eliminating     the insecure practice of sending passwords over the network in unencrypted form. It allows clients and     servers to authenticate to each other with the help of a trusted third party, the Kerberos key     distribution center (KDC).

    Security Fix(es):

    * krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c (CVE-2024-26458)

    * krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (CVE-2024-26461)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3127 advisory.

    The zziplib is a lightweight library to easily extract data from zip files.

    Security Fix(es):

    * zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3047 advisory.

    389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the     Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

    Security Fix(es):

    * 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in     log_entry_attr) (CVE-2024-1062)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3271 advisory.

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.
    BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing     with DNS); and tools for verifying that the DNS server is operating correctly.

    The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP     network to get their own network configuration information, including an IP address, a subnet mask, and a     broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and     administer DHCP on a network.

    Security Fix(es):

    * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)

    * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)

    * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

    Bug Fix:

    * dhcp rebuilt after API change of bind-export-libs

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2952 advisory.

    The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts.
    These scripts interface with several services to allow operating in a high-availability (HA) environment.

    Security Fix(es):

    * urllib3: Request body not stripped after redirect from 303 status changes request method to GET     (CVE-2023-45803)

    * pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex     (CVE-2023-52323)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3214 advisory.

    The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers     operations, rational numbers, and floating point numbers.

    Security Fix(es):

    * gmp: Integer overflow and resultant buffer overflow via crafted input (CVE-2021-43618)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
197806	RHEL 8 : glibc (RHSA-2024:3269)	high
197805	RHEL 8 : libsndfile (RHSA-2024:3030)	high
197804	RHEL 8 : frr (RHSA-2024:2981)	high
197803	RHEL 8 : perl:5.32 (RHSA-2024:3128)	high
197802	RHEL 8 : libXpm (RHSA-2024:2974)	medium
197801	RHEL 8 : python-jinja2 (RHSA-2024:3102)	medium
197800	RHEL 8 : qt5-qtbase (RHSA-2024:3056)	critical
197799	RHEL 8 : libssh (RHSA-2024:3233)	medium
197798	RHEL 8 : libtiff (RHSA-2024:3059)	medium
197797	RHEL 8 : tigervnc (RHSA-2024:3067)	medium
197796	RHEL 8 : python3.11-cryptography (RHSA-2024:3105)	critical
197795	RHEL 8 : vorbis-tools (RHSA-2024:3095)	high
197794	RHEL 8 : kernel-rt (RHSA-2024:2950)	critical
197793	RHEL 8 : python-dns (RHSA-2024:3275)	high
197792	RHEL 8 : sssd (RHSA-2024:3270)	high
197791	RHEL 8 : xorg-x11-server (RHSA-2024:2995)	high
197790	RHEL 8 : ansible-core (RHSA-2024:3043)	medium
197789	RHEL 8 : pcp (RHSA-2024:3264)	high
197788	RHEL 8 : xorg-x11-server (RHSA-2024:3258)	high
197787	RHEL 8 : grub2 (RHSA-2024:3184)	high
197786	RHEL 8 : go-toolset:rhel8 (RHSA-2024:3259)	high
197785	RHEL 8 : openssh (RHSA-2024:3166)	high
197784	RHEL 8 : Image builder components (RHSA-2024:2961)	medium
197783	RHEL 8 : systemd (RHSA-2024:3203)	medium
197782	RHEL 8 : freeglut (RHSA-2024:3120)	high
197781	RHEL 8 : harfbuzz (RHSA-2024:2980)	high
197780	RHEL 8 : squashfs-tools (RHSA-2024:3139)	high
197779	RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2024:3061)	high
197778	RHEL 8 : ghostscript (RHSA-2024:2966)	medium
197777	RHEL 8 : tigervnc (RHSA-2024:3261)	high
197776	RHEL 8 : xorg-x11-server-Xwayland (RHSA-2024:2996)	critical
197775	RHEL 8 : pam (RHSA-2024:3163)	medium
197774	RHEL 8 : traceroute (RHSA-2024:3211)	medium
197773	RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)	critical
197772	RHEL 8 : linux-firmware (RHSA-2024:3178)	medium
197771	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:2962)	high
197770	RHEL 8 : gstreamer1-plugins-good (RHSA-2024:3089)	high
197769	RHEL 8 : libX11 (RHSA-2024:2973)	high
197768	RHEL 8 : python3.11 (RHSA-2024:3062)	critical
197767	RHEL 8 : poppler (RHSA-2024:2979)	medium
197766	RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2024:3060)	high
197765	RHEL 8 : motif (RHSA-2024:3022)	medium
197764	RHEL 8 : container-tools:rhel8 (RHSA-2024:3254)	high
197763	RHEL 8 : pcs (RHSA-2024:2953)	medium
197762	RHEL 8 : krb5 (RHSA-2024:3268)	high
197761	RHEL 8 : zziplib (RHSA-2024:3127)	medium
197760	RHEL 8 : 389-ds:1.4 (RHSA-2024:3047)	medium
197759	RHEL 8 : bind and dhcp (RHSA-2024:3271)	high
197758	RHEL 8 : resource-agents (RHSA-2024:2952)	medium
197757	RHEL 8 : gmp (RHSA-2024:3214)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

high

high

high

high

medium

medium

critical

medium

medium

medium

critical

high

critical

high

high

high

medium

high

high

high

high

high

medium

medium

high

high

high

high

medium

high

critical

medium

medium

critical

medium

high

high

high

critical

medium

high

medium

high

medium

high

medium

medium

high

medium

high