9349 matches found
Medium: libvpx
Issue Overview: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. ...
Important: unbound
Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...
Medium: php
Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1116)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1116 advisory. The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Tenable has...
Amazon Linux 2023 : java-24-amazon-corretto, java-24-amazon-corretto-devel, java-24-amazon-corretto-headless (ALAS2023-2025-1098)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1098 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...
Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-1105)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1105 advisory. If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer- client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process o...
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1088)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1088 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...
Amazon Linux 2023 : jackson-core (ALAS2023-2025-1127)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1127 advisory. jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deepl...
Amazon Linux 2023 : libnvsdm (ALAS2023NVIDIA-2025-136)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-136 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1129)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1129 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
Amazon Linux 2023 : libnvidia-cfg, libnvidia-ml, nvidia-driver-cuda (ALAS2023NVIDIA-2025-144)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-144 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...
Amazon Linux 2023 : pam, pam-devel (ALAS2023-2025-1132)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1132 advisory. A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this...
Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2025-2956)
The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.462.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2956 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...
Amazon Linux 2023 : mtr, mtr-gtk (ALAS2023-2025-1102)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1102 advisory. mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Tenable has extracted the preceding description block...
Amazon Linux 2023 : gnupg2, gnupg2-minimal, gnupg2-smime (ALAS2023-2025-1107)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1107 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-1095)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1095 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-1103)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1103 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Null pointer dereference leads to Denial of service DoS CVE-2025-49795 libxml: Type confusion leads to...
Amazon Linux 2023 : libmicrohttpd, libmicrohttpd-devel (ALAS2023-2025-1133)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1133 advisory. GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attack...
Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2025-1126)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1126 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1128)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1128 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...