801 matches found
Amazon Linux 2 : cairo, --advisory ALAS2-2025-2989 (ALAS-2025-2989)
The version of cairo installed on the remote host is prior to 1.15.12-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2989 advisory. An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program...
Amazon Linux 2 : vorbis-tools, --advisory ALAS2-2025-2983 (ALAS-2025-2983)
The version of vorbis-tools installed on the remote host is prior to 1.4.0-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2983 advisory. Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of...
Amazon Linux 2 : libxml2, --advisory ALAS2-2025-2977 (ALAS-2025-2977)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2977 advisory. A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management...
Amazon Linux 2 : golang, --advisory ALAS2-2025-2984 (ALAS-2025-2984)
The version of golang installed on the remote host is prior to 1.24.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2984 advisory. os/exec: LookPath may return unexpected paths. If the PATH environment variable contains paths which are executables rathe...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ CVE-2023-5328...
Important: python3
Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...
Important: python
Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...
Medium: gstreamer-plugins-bad-free
Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...
Important: kernel-livepatch-5.10.237-230.949
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.237-230.949 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: kernel-livepatch-5.10.239-236.958
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Medium: mod_security
Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xm...
Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2025-2964)
The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2964 advisory. GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files...
Amazon Linux 2 : python (ALAS-2025-2961)
The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2961 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation...
Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2025-009 (ALASNGINX1-2025-009)
The version of nginx installed on the remote host is prior to 1.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-009 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to...
Amazon Linux 2 : edk2 (ALAS-2025-2975)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2975 advisory. EDK2 contains a vulnerability in BIOS where an attacker may cause Protection Mechanism Failure by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impa...
Amazon Linux 2 : libtiff (ALAS-2025-2965)
The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2965 advisory. A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the functi...
Amazon Linux 2 : webkitgtk4 (ALAS-2025-2970)
The version of webkitgtk4 installed on the remote host is prior to 2.48.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2970 advisory. A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequo...
Amazon Linux 2 : gstreamer-plugins-bad-free (ALAS-2025-2972)
The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2972 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE:...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-097)
The version of kernel installed on the remote host is prior to 5.10.238-234.956. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-097 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-106 (ALASKERNEL-5.4-2025-106)
The version of kernel installed on the remote host is prior to 5.4.296-217.427. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-106 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...