9349 matches found
Important: glib2
Issue Overview: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the...
Amazon Linux 2 : linux-firmware, --advisory ALAS2-2025-3092 (ALAS-2025-3092)
The version of linux-firmware installed on the remote host is prior to 20200421-85.git78c0348. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3092 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high...
Amazon Linux 2 : glib2, --advisory ALAS2-2025-3094 (ALAS-2025-3094)
The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3094 advisory. A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring...
Important: glib2
Issue Overview: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the...
GHSA-G7RM-8PW5-WVG2 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-gcp, linux-aws...
Amazon Linux 2023 : firefox (ALAS2023-2025-1284)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1284 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
Amazon Linux 2023 : lz4, lz4-devel, lz4-libs (ALAS2023-2025-1266)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1266 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-045 (ALASFIREFOX-2025-045)
The version of firefox installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2025-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...
Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3058 (ALAS-2025-3058)
The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3058 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5,...
Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2025-3074 (ALAS-2025-3074)
The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3074 advisory. A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile o...
Amazon Linux 2023 : nerdctl (ALAS2023-2025-1259)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1259 advisory. go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Tenable has extracted the preceding description block directly from the tested product...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2025-081 (ALASDOCKER-2025-081)
The version of runfinch-finch installed on the remote host is prior to 1.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-081 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than...
Amazon Linux 2 : tomcat, --advisory ALAS2-2025-3067 (ALAS-2025-3067)
The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3067 advisory. Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...
Amazon Linux 2 : fontforge, --advisory ALAS2-2025-3063 (ALAS-2025-3063)
The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3063 advisory. FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. CVE-2025-50949 Tenable has extract...
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2025-079 (ALASDOCKER-2025-079)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted value...
Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-1268)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1268 advisory. A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1270)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1270 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...
Amazon Linux 2023 : xmlunit, xmlunit-assertj, xmlunit-core (ALAS2023-2025-1260)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1260 advisory. XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled...
Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-1269)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1269 advisory. A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that...
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1271)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1271 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...