9378 matches found
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-059)
The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-059 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2...
Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2025-949)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-949 advisory. Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the serve...
Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2025-952)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-952 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...
Important: docker
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: docker
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: docker
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: docker
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-950)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-950 advisory. Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the serve...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-944)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-944 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a...
Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-057)
The version of runfinch-finch installed on the remote host is prior to 1.7.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-057 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to5.2.2 and 4.5.2, the function parse.ParseUnverified split...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-941)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-941 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds i...
Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2025-946)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-946 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in respons...
Important: libsoup
Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...
Important: libsoup
Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-100)
The version of kernel installed on the remote host is prior to 5.4.292-208.414. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-100 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-090)
The version of kernel installed on the remote host is prior to 5.10.236-227.928. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-090 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of enc...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-070)
The version of kernel installed on the remote host is prior to 5.15.180-122.191. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-070 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-947)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-947 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfsdecref properly CVE-2024-46753 In the Linux kernel, the following vulnerability has been...
Amazon Linux 2 : runc (ALASECS-2025-064)
The version of runc installed on the remote host is prior to 1.0.0-0.1.20200204.gitdc9208a. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-064 advisory. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume...
Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-948)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-948 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal CVE-2024-58093 In the Linux kernel, the following...