Lucene search
K

801 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.8 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-106 (ALASKERNEL-5.4-2025-106)

The version of kernel installed on the remote host is prior to 5.4.296-217.427. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-106 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...

7.8CVSS6.4AI score0.00247EPSS
Exploits0References52
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.7 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-101 (ALASKERNEL-5.10-2025-101)

The version of kernel installed on the remote host is prior to 5.10.240-238.959. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-101 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...

7.8CVSS6.7AI score0.00467EPSS
Exploits0References70
Amazon
Amazon
added 2025/08/04 12:0 a.m.3 views

Medium: thunderbird

Issue Overview: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Affected Packages:...

9.8CVSS7AI score0.73495EPSS
Exploits3
Amazon
Amazon
added 2025/08/04 12:0 a.m.3 views

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

8.7CVSS6.7AI score0.00188EPSS
Exploits0
Amazon
Amazon
added 2025/08/04 12:0 a.m.6 views

Medium: ruby

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

7.5CVSS6.9AI score0.00539EPSS
Exploits0
Amazon
Amazon
added 2025/08/04 12:0 a.m.4 views

Medium: php

Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...

7.5CVSS7.8AI score0.00953EPSS
Exploits2
Amazon
Amazon
added 2025/08/04 12:0 a.m.5 views

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

7.8CVSS8.5AI score0.01051EPSS
Exploits1
Amazon
Amazon
added 2025/08/04 12:0 a.m.4 views

Medium: libvpx

Issue Overview: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. ...

7.5CVSS9.5AI score0.01936EPSS
Exploits1
Amazon
Amazon
added 2025/08/04 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null CVE-2022-50073 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak CVE-2023-53131 ...

7.8CVSS6.5AI score0.00178EPSS
Exploits0
Amazon
Amazon
added 2025/08/04 12:0 a.m.3 views

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7AI score0.00467EPSS
Exploits0
Amazon
Amazon
added 2025/08/04 12:0 a.m.2 views

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7AI score0.00467EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.2 views

Important: golang

Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

8.6CVSS7.3AI score0.00273EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.6 views

Medium: ecs-init

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.9AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.2 views

Important: kernel-livepatch-5.10.236-228.935

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-5.10.236-228.935 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.236-228.935 o...

5.5CVSS6.7AI score0.00178EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.5 views

Medium: runc

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux...

6.8CVSS7AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.4 views

Medium: jackson

Issue Overview: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth...

8.7CVSS6.9AI score0.00634EPSS
Exploits0
Amazon
Amazon
added 2025/07/22 12:0 a.m.6 views

Low: gimp

Issue Overview: GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/fixed-vulnerabilities NOTE:...

7.8CVSS7.6AI score0.56404EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.4 views

Medium: tomcat

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or...

7.5CVSS7AI score0.53228EPSS
Exploits1
Amazon
Amazon
added 2025/07/10 12:0 a.m.4 views

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon...

6.8CVSS7AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.5 views

Important: kernel-livepatch-4.14.355-276.618

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory CVE-2023-53137 Affected Packages: kernel-livepatch-4.14.355-276.618 Issue Correction: Please ensure you have live patching enabled. Run yum update...

6.7AI score
Exploits0
Rows per page
Query Builder