Amazon Linux 2 : glib2, --advisory ALAS2-2025-3117 (ALAS-2025-3117)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3117 advisory. Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Tenable has...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3117

creationtimestamp| type| source ---|---|--- 2025-06-10 09:33:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17851 2025-06-24 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-03 2025-06-25 10:49:24+00:00| published-proof-of-concept| https://t.me/icscert/1198...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3117

CVE-2025-3117 affects Schneider Electric Modicon Controllers (M241/M251/M258/LMC058/M262). The vulnerability is a Cross-Site Scripting (CWE-79) caused by improper neutralization of input during web page generation, allowing an authenticated malicious user to inject unvalidated data that could mod...

SUSE: Security Advisory (SUSE-SU-2023:3391-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 5.0: Linux PHSA-2023-5.0-0046

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0046. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3172-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3171-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3180-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3117 affecting package kernel 5.10.185.1-1

CVE-2023-3117 affecting package kernel 5.10.185.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-3117 affecting package kernel for versions less than 5.15.118.1-2

CVE-2023-3117 affecting package kernel for versions less than 5.15.118.1-2. A patched version of the package is available...

SUSE-SU-2023:3180-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially...

OESA-2023-1435 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A time-of-check to time-of-use issue exists in iouring subsystem's IORINGOPCLOSE operation in the Linux kernel's versions 5.6 - 5.11 inclusive, which allows a local user to elevate their privileges to root. Introduced in...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash o...

Amazon Linux AMI : kernel (ALAS-2023-1783)

The version of kernel installed on the remote host is prior to 4.14.320-168.534. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1783 advisory. A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2023-049)

The version of kernel installed on the remote host is prior to 5.4.249-163.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2023-049 advisory. 2023-08-03: CVE-2023-3609 was added to this advisory. A use-after-free flaw was found in the Netfilter...