9378 matches found
Important: python2-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: cni-plugins
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: cni-plugins
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Amazon Linux 2023 : ecs-init (ALAS2023-2025-1011)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1011 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly bei...
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1014)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1014 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called...
Medium: screen
Issue Overview: TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before. screen in Debian not installed setuid or setgid DEBIANBUG: 1105191 Info:...
Amazon Linux 2023 : screen (ALAS2023-2025-1006)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1006 advisory. TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before.screen in Debian not...
Amazon Linux 2 : screen (ALAS-2025-2878)
The version of screen installed on the remote host is prior to 4.1.0-0.27.20120314git3c2946. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2878 advisory. TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach...
Medium: screen
Issue Overview: TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before. screen in Debian not installed setuid or setgid DEBIANBUG: 1105191 Info:...
Important: perl
Issue Overview: Thread creation while a directory handle is open does a fchdir, affecting other threads race condition CVE-2025-40909 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Medium: gnutls
Issue Overview: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send...
Amazon Linux 2 : libtasn1 (ALAS-2025-2886)
The version of libtasn1 installed on the remote host is prior to 4.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2886 advisory. When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific elemen...
Medium: libtasn1
Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...
Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2025-1016)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1016 advisory. MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan. CVE-2023-52971 Tenable has extracted the preceding description block directly from the tested product...
Medium: git
Issue Overview: Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed...
Medium: qt
Issue Overview: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-38197 Affected Packages: qt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...
Medium: perl-FCGI
Issue Overview: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in...
Important: libsoup
Issue Overview: A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-1008)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1008 advisory. External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. CVE-2025-26646 Tenable has extracted th...
Amazon Linux 2023 : python3.12-setuptools, python3.12-setuptools-wheel (ALAS2023-2025-1004)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1004 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...