9349 matches found
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1073)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1073 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...
Low: python-pip
Issue Overview: No CVE associated with this advisory Affected Packages: python-pip Issue Correction: Run dnf update python-pip --releasever 2023.8.20250707 or dnf update --advisory ALAS2023-2025-1058 --releasever 2023.8.20250707 to update your system. More information on how to update your system...
Medium: libgepub
Issue Overview: A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop...
Important: tomcat10
Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...
Medium: python-cryptography
Issue Overview: python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext. CVE-2020-25659 Affected Packages: python-cryptography Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...
Important: kernel-livepatch-4.14.355-276.639
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory CVE-2023-53137 Affected Packages: kernel-livepatch-4.14.355-276.639 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: kernel-livepatch-4.14.355-277.643
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory CVE-2023-53137 Affected Packages: kernel-livepatch-4.14.355-277.643 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Medium: runc
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about...
Medium: containerd
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more...
Medium: oci-add-hooks
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...
Medium: runfinch-finch
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runfinch-finch Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...
Medium: runfinch-finch
Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...
Medium: soci-snapshotter
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: soci-snapshotter Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more abo...
Medium: docker
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon...
Medium: nerdctl
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: nerdctl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Medium: soci-snapshotter
Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...
Medium: docker
Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...
Medium: python3
Issue Overview: There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the...
Medium: python
Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...
Medium: python3.12
Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.12 Issue Correction: Run dnf update python3.12 --releasever...