9366 matches found
Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2023-264)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-264 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...
Medium: screen
Issue Overview: TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before. screen in Debian not installed setuid or setgid DEBIANBUG: 1105191 Info:...
Important: perl-File-Find-Rule
Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...
Medium: ghostscript
Issue Overview: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2...
Important: python2-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: python-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: python2-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Amazon Linux 2 : libtasn1 (ALAS-2025-2886)
The version of libtasn1 installed on the remote host is prior to 4.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2886 advisory. When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific elemen...
Medium: libtasn1
Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...
Amazon Linux 2 : qt (ALAS-2025-2890)
The version of qt installed on the remote host is prior to 4.8.5-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2890 advisory. An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in...
Medium: screen
Issue Overview: TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before. screen in Debian not installed setuid or setgid DEBIANBUG: 1105191 Info:...
Medium: git
Issue Overview: Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed...
Medium: qt
Issue Overview: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-38197 Affected Packages: qt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...
Medium: perl-FCGI
Issue Overview: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in...
Important: perl
Issue Overview: Thread creation while a directory handle is open does a fchdir, affecting other threads race condition CVE-2025-40909 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Important: perl-File-Find-Rule
Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...
Medium: perl-FCGI
Issue Overview: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in...
Important: libsoup
Issue Overview: A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-998)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-998 advisory. A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the...
Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2025-1016)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1016 advisory. MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan. CVE-2023-52971 Tenable has extracted the preceding description block directly from the tested product...