9378 matches found
Medium: docker
Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...
Important: containerd
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Medium: ecs-init
Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2keyencode CVE-2024-36967 In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails CVE-2024-36975 Affected Packages:...
Important: python3.11-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: python-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: cni-plugins
Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 The net/http package accepted data in the chunked transfer encoding...
Important: glibc
Issue Overview: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to...
Medium: ecs-init
Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-098)
The version of kernel installed on the remote host is prior to 5.4.291-207.406. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-098 advisory. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev...
Important: kernel-livepatch-6.12.20-23.97
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir CVE-2025-37785 Affected Packages: kernel-livepatch-6.12.20-23.97 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Medium: ecs-init
Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...
Medium: git
Issue Overview: Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cowfilerange failed CVE-2024-57976 In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dupmmap failures and uprobe registering...
Amazon Linux 2023 : nvidia (ALAS2023NVIDIA-2025-073)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-073 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...
Amazon Linux 2023 : libnvjitlink-12, libnvjitlink-devel-12 (ALAS2023NVIDIA-2025-079)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-079 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...
Amazon Linux 2023 : libcusolver-12, libcusolver-devel-12 (ALAS2023NVIDIA-2025-083)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-083 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...
Amazon Linux 2023 : libcurand-12, libcurand-devel-12 (ALAS2023NVIDIA-2025-084)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-084 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...
Amazon Linux 2023 : libcublas-12, libcublas-devel-12 (ALAS2023NVIDIA-2025-086)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-086 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...
Amazon Linux 2023 : gds-tools-12, libcufile-12, libcufile-devel-12 (ALAS2023NVIDIA-2025-087)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-087 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...