9378 matches found
Medium: kernel-livepatch-5.10.75-79.358
Issue Overview: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access t...
Amazon Linux 2023 : java-24-amazon-corretto, java-24-amazon-corretto-devel, java-24-amazon-corretto-headless (ALAS2023-2025-951)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-951 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...
Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-940)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-940 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes CVE-2025-21991 Tenable has extracted the preceding descriptio...
Amazon Linux 2 : runc (ALASDOCKER-2025-059)
The version of runc installed on the remote host is prior to 1.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-059 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...
Amazon Linux 2023 : binutils, binutils-devel, binutils-gprofng (ALAS2023-2025-956)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-956 advisory. A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function bfdelfgcmarkrsec of the file elflink.c of the component ld. The manipulation leads to...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-942)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-942 advisory. c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the...
Amazon Linux 2023 : docker (ALAS2023-2025-945)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-945 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...
Important: kernel-livepatch-5.10.234-225.895
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-5.10.234-225.895 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Medium: containerd
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: containerd
Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...
Medium: docker
Issue Overview: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the...
Medium: docker
Issue Overview: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the...
Medium: libreoffice
Issue Overview: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that support...
Amazon Linux 2023 : firefox (ALAS2023-2025-943)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-943 advisory. JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after- free. This vulnerability affects Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9,...
Amazon Linux 2 : runc (ALASECS-2025-062)
The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-058)
The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-058 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...
Amazon Linux 2 : docker (ALASECS-2025-055)
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-055 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by ...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-957)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-957 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the...
Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2025-954)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-954 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...
Amazon Linux 2 : docker (ALASECS-2025-063)
The version of docker installed on the remote host is prior to 19.03.6ce-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-063 advisory. A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows...