9378 matches found
Important: oci-add-hooks
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Medium: python-requests
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Medium: tomcat
Issue Overview: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security...
Important: runfinch-finch
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Medium: microcode_ctl
Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...
Important: kernel-livepatch-5.10.234-225.921
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 Affected Packages: kernel-livepatch-5.10.234-225.921 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: ppp
Issue Overview: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Low: kernel
Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...
Medium: mariadb
Issue Overview: MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2. CVE-2023-52969 MariaDB Server 10.4 through 10.5., 10.6 through 10.6.,...
Medium: yelp-xsl
Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp-xsl...
Important: kernel-livepatch-4.14.355-276.639
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type CVE-2025-21920 Affected Packages: kernel-livepatch-4.14.355-276.639 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Medium: yelp
Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp Not...
Medium: yelp
Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp Not...
Amazon Linux 2 : python-requests (ALAS-2025-2868)
The version of python-requests installed on the remote host is prior to 2.6.0-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2868 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made...
Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2025-061)
The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-061 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid...
Amazon Linux 2 : jetty (ALAS-2025-2871)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2871 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Tenable has extracted the precedin...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-072)
The version of kernel installed on the remote host is prior to 5.15.182-123.190. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2025-072 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...
Medium: jetty
Issue Overview: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FA...
Important: postgresql
Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...
Low: ImageMagick
Issue Overview: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 Affected Packages: ImageMagick Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference betwe...