9378 matches found
Amazon Linux 2 : python3-requests (ALAS-2025-2846)
The version of python3-requests installed on the remote host is prior to 2.14.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2846 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is mad...
Amazon Linux 2 : java-17-amazon-corretto (ALAS-2025-2838)
The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.15+6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2838 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...
Important: kernel
Issue Overview: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. CVE-2023-3567 In the Linux kernel, the following...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue CVE-2021-46981 A use-after-free flaw was found in btrfssearchslot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and...
Amazon Linux 2 : qt (ALAS-2025-2847)
The version of qt installed on the remote host is prior to 4.8.5-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2847 advisory. In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization...
Amazon Linux 2 : libsoup (ALAS-2025-2841)
The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2841 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the...
Important: libsoup
Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...
Important: libsoup
Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...
Important: redis
Issue Overview: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not...
Important: firefox
Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: runc
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: containerd
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: docker
Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: docker Note: This advisory is applicable to Amazon...
Medium: containerd
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Important: kernel-livepatch-6.1.127-135.201
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-6.1.127-135.201 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-955)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-955 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...
Medium: kernel-livepatch-5.10.75-79.358
Issue Overview: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access t...
Amazon Linux 2023 : java-24-amazon-corretto, java-24-amazon-corretto-devel, java-24-amazon-corretto-headless (ALAS2023-2025-951)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-951 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...