9378 matches found
Important: libsoup
Issue Overview: A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. CVE-2025-32906 A flaw was found in libsoup. The implementation of...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-959)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-959 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 In the Linux kernel, the following vulnerability has been...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option CVE-2025-219...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-963)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-963 advisory. In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead...
Amazon Linux 2 : kernel, --advisory ALAS2-2025-2837 (ALAS-2025-2837)
The version of kernel installed on the remote host is prior to 4.14.305-227.531. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2837 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of clientcount...
Amazon Linux 2 : kernel (ALAS-2025-2834)
The version of kernel installed on the remote host is prior to 4.14.330-250.540. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2834 advisory. A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this...
Amazon Linux 2 : nss-softokn (ALAS-2025-2835)
The version of nss-softokn installed on the remote host is prior to 3.67.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2835 advisory. new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Tenable has extracted the preceding...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of clientcount in dmachanget CVE-2022-49753 A memory corruption flaw was found in the Linux kernel's human interface device HID subsystem in how a user inserts a malicious USB devic...
Medium: nss-softokn
Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Medium: grub2
Issue Overview: When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak...
Low: python-requests
Issue Overview: No CVE associated with this advisory Affected Packages: python-requests Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-requests o...
Medium: python3-requests
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Low: python-requests
Issue Overview: No CVE associated with this advisory Affected Packages: python-requests Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-requests t...
Medium: python3-requests
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Amazon Linux 2 : kernel (ALAS-2025-2843)
The version of kernel installed on the remote host is prior to 4.14.355-276.639. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2843 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue...
Amazon Linux 2 : grub2 (ALAS-2025-2844)
The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2844 advisory. When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal...
Amazon Linux AMI : kernel (ALAS-2025-1973)
The version of kernel installed on the remote host is prior to 4.14.355-196.639. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1973 advisory. A use-after-free flaw was found in btrfssearchslot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allow...
Amazon Linux 2 : python-requests (ALAS-2025-2845)
The version of python-requests installed on the remote host is prior to 2.6.0-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2845 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
Medium: qt
Issue Overview: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573 Affected Packages: qt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ secti...
Medium: nss-softokn
Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...