62 matches found
Amazon Linux 2023 : mariadb-connector-c, mariadb-connector-c-config, mariadb-connector-c-devel (ALAS2023-2026-1873)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1873 advisory. An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injection...
Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1892)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1892 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...
Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1787)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1787 advisory. An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data befor...
Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1814)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1814 advisory. libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1804)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1804 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...
Amazon Linux 2 : vorbis-tools, --advisory ALAS2-2026-3349 (ALAS-2026-3349)
The version of vorbis-tools installed on the remote host is prior to 1.4.0-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3349 advisory. A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function...
Amazon Linux 2023 : firefox (ALAS2023-2026-1725)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1725 advisory. In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. CVE-2026-45186 Use-after-free in th...
Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2026-1656)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1656 advisory. As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...
Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2026-1703)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1703 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1695)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1695 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC CVE-2025-71269 In the Linux kernel, the following...
Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3278 (ALAS-2026-3278)
The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3278 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 a...
Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1597)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1597 advisory. A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. Thi...
Amazon Linux 2023 : gdk-pixbuf2, gdk-pixbuf2-devel, gdk-pixbuf2-modules (ALAS2023-2026-1553)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1553 advisory. In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani...
Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1499)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1499 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Tenable has extracted the...
Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1533)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1533 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1484)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1484 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js...
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1375)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1375 advisory. No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.htmlNOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722...
Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2026-1425)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1425 advisory. In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Tenable has...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1438)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1438 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Tenable has extracted the preceding description block directly from...
Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2026-1384)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1384 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE...