Lucene search
K

801 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.5 views

Amazon Linux 2 : cairo, --advisory ALAS2-2025-2989 (ALAS-2025-2989)

The version of cairo installed on the remote host is prior to 1.15.12-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2989 advisory. An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program...

2.9CVSS5.5AI score0.00205EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.4 views

Amazon Linux 2 : vorbis-tools, --advisory ALAS2-2025-2983 (ALAS-2025-2983)

The version of vorbis-tools installed on the remote host is prior to 1.4.0-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2983 advisory. Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of...

7.8CVSS7.7AI score0.00448EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.5 views

Amazon Linux 2 : libxml2, --advisory ALAS2-2025-2977 (ALAS-2025-2977)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2977 advisory. A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.5 views

Amazon Linux 2 : golang, --advisory ALAS2-2025-2984 (ALAS-2025-2984)

The version of golang installed on the remote host is prior to 1.24.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2984 advisory. os/exec: LookPath may return unexpected paths. If the PATH environment variable contains paths which are executables rathe...

7.8CVSS4.7AI score0.00489EPSS
Exploits1References10
Amazon
Amazon
added 2025/08/19 12:0 a.m.12 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ CVE-2023-5328...

7.8CVSS6.8AI score0.00159EPSS
Exploits0
Amazon
Amazon
added 2025/08/19 12:0 a.m.5 views

Important: python3

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

7.5CVSS7AI score0.00611EPSS
Exploits0
Amazon
Amazon
added 2025/08/19 12:0 a.m.5 views

Important: python

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

7.5CVSS7AI score0.00611EPSS
Exploits0
Amazon
Amazon
added 2025/08/19 12:0 a.m.4 views

Medium: gstreamer-plugins-bad-free

Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...

8.8CVSS7.3AI score0.01871EPSS
Exploits0
Amazon
Amazon
added 2025/08/19 12:0 a.m.3 views

Important: kernel-livepatch-5.10.237-230.949

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.237-230.949 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00145EPSS
Exploits0
Amazon
Amazon
added 2025/08/19 12:0 a.m.4 views

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00145EPSS
Exploits0
Amazon
Amazon
added 2025/08/19 12:0 a.m.6 views

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xm...

6.5CVSS6.8AI score0.00346EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2025-2964)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2964 advisory. GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files...

9.8CVSS6.7AI score0.0177EPSS
Exploits0References38
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.9 views

Amazon Linux 2 : python (ALAS-2025-2961)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2961 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.12 views

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2025-009 (ALASNGINX1-2025-009)

The version of nginx installed on the remote host is prior to 1.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-009 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to...

6.3CVSS5.8AI score0.00371EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Amazon Linux 2 : edk2 (ALAS-2025-2975)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2975 advisory. EDK2 contains a vulnerability in BIOS where an attacker may cause Protection Mechanism Failure by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impa...

7CVSS7.6AI score0.0014EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Amazon Linux 2 : libtiff (ALAS-2025-2965)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2965 advisory. A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the functi...

7.8CVSS5.9AI score0.00271EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.10 views

Amazon Linux 2 : webkitgtk4 (ALAS-2025-2970)

The version of webkitgtk4 installed on the remote host is prior to 2.48.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2970 advisory. A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequo...

8.8CVSS7AI score0.0117EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Amazon Linux 2 : gstreamer-plugins-bad-free (ALAS-2025-2972)

The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2972 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE:...

8.8CVSS7AI score0.01871EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-097)

The version of kernel installed on the remote host is prior to 5.10.238-234.956. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-097 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race...

7.8CVSS6.6AI score0.00222EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.8 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-106 (ALASKERNEL-5.4-2025-106)

The version of kernel installed on the remote host is prior to 5.4.296-217.427. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-106 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...

7.8CVSS6.4AI score0.00247EPSS
Exploits0References52
Rows per page
Query Builder