9378 matches found
CVE-2022-34266
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service application crash, a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset function within...
Medium: nodejs22
Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 Affected Packages: nodejs22 Issue Correction: Run dnf update nodejs22 --releasever 2023.7.20250512 to update your system. New Packages: aarch64: ...
Medium: openvpn
Issue Overview: OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase CVE-2025-2704 Affected Packages: openvpn Issue Correction: Run dnf update openvpn...
Amazon Linux 2 : jetty (ALAS-2025-2855)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2855 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-099)
The version of kernel installed on the remote host is prior to 5.4.156-83.273. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-099 advisory. A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users d...
Amazon Linux 2023 : kmod-nvidia-open-dkms (ALAS2023NVIDIA-2025-069)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-069 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-968)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-968 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-091)
The version of kernel installed on the remote host is prior to 5.10.236-228.935. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-071)
The version of kernel installed on the remote host is prior to 5.15.180-123.192. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2025-071 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit...
Amazon Linux 2023 : nvidia-open (ALAS2023NVIDIA-2025-061)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-061 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Medium: pcs
Issue Overview: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrar...
Medium: pcs
Issue Overview: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrar...
Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2025-970)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-970 advisory. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted inpu...
Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2025-967)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-967 advisory. OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...
Amazon Linux 2023 : gnuplot-common, gnuplot-latex, gnuplot-minimal (ALAS2023-2025-960)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-960 advisory. A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment. CVE-2025-3359 Tenable has extracted the preceding description block directly from the tested...
Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2025-971)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-971 advisory. SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such ...
Amazon Linux 2023 : kmod-nvidia-latest-dkms (ALAS2023NVIDIA-2025-070)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-070 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Amazon Linux 2023 : nvidia-persistenced (ALAS2023NVIDIA-2025-060)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-060 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Amazon Linux 2 : edk2 (ALAS-2025-2852)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2852 advisory. EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this...
Medium: gnuplot
Issue Overview: A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment. CVE-2025-3359 Affected Packages: gnuplot Issue Correction: Run dnf update gnuplot --releasever 2023.7.20250512 or dnf update --advisory ALAS2023-2025-960 --releasever...