9378 matches found
Important: tomcat
Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...
Important: kmod-nvidia-latest-dkms
Issue Overview: NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data...
Medium: nodejs22
Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function...
Important: nvidia-open
Issue Overview: NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data...
Medium: edk2
Issue Overview: EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. CVE-2024-38797...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux ...
Important: sqlite
Issue Overview: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Affected Packages: sqlite Issue Correction: Run dn...
Low: jetty
Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a...
Low: jetty
Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a...
Amazon Linux 2023 : elfutils, elfutils-default-yama-scope, elfutils-devel (ALAS2023-2025-969)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-969 advisory. A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function libdwthreadtail in the library libdwalloc.c of the component eu-readelf...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-965)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-965 advisory. Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a...
Amazon Linux 2023 : libnvidia-nscq (ALAS2023NVIDIA-2025-067)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-067 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2025-966)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-966 advisory. An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0...
Amazon Linux AMI : kernel (ALAS-2025-1977)
The version of kernel installed on the remote host is prior to 4.14.355-196.643. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1977 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fai...
Amazon Linux 2023 : cuda-compat-12-8 (ALAS2023NVIDIA-2025-072)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-072 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-963)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-963 advisory. In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead...
Amazon Linux 2 : kernel (ALAS-2025-2854)
The version of kernel installed on the remote host is prior to 4.14.355-277.643. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2854 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-964)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-964 advisory. Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a...
Amazon Linux 2023 : cuda-drivers (ALAS2023NVIDIA-2025-071)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-071 advisory. NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-961)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-961 advisory. A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times i...