9349 matches found
Important: ghostscript
Issue Overview: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c. CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50410 In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50410 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...
Medium: libtiff
Issue Overview: A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue...
Medium: cuda-gdb-12-9
Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...
Low: docker
Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...
Medium: polkit
Issue Overview: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a...
Amazon Linux 2 : ipa, --advisory ALAS2-2025-3026 (ALAS-2025-3026)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3026 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While...
Critical: ipa
Issue Overview: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM...
Critical: 389-ds-base
Issue Overview: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM...
Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2025-3025 (ALAS-2025-3025)
The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3025 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to...
EUVD-2022-37227
Malicious code in bioql PyPI...
EUVD-2023-39807
Malicious code in bioql PyPI...
Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-1198)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1198 advisory. openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Tenable has extracted the preceding description block directly from the tested...
Amazon Linux 2023 : perl-Cpanel-JSON-XS (ALAS2023-2025-1199)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1199 advisory. Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40929...
Amazon Linux 2023 : cuda-cuobjdump-13 (ALAS2023NVIDIA-2025-143)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-143 advisory. Placeholder CVE. Details forthcoming CVE-2025-23280 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for th...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-110 (ALASKERNEL-5.4-2025-110)
The version of kernel installed on the remote host is prior to 5.4.299-219.434. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-110 advisory. In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-1195)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1195 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopenw on the history path and subsequent chmod on the...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3008 (ALAS-2025-3008)
The version of thunderbird installed on the remote host is prior to 140.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3008 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143,...
Amazon Linux 2 : openjpeg2, --advisory ALAS2-2025-3007 (ALAS-2025-3007)
The version of openjpeg2 installed on the remote host is prior to 2.4.0-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3007 advisory. openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Tenable ha...