9379 matches found
Important: libsoup
Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-941)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-941 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds i...
Amazon Linux AMI : kernel (ALAS-2025-1970)
The version of kernel installed on the remote host is prior to 4.14.355-196.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1970 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 I...
Amazon Linux AMI : golang (ALAS-2025-1971)
The version of golang installed on the remote host is prior to 1.23.7-1.50. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1971 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
Amazon Linux 2 : edk2 (ALAS-2025-2824)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2824 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2025-229...
Amazon Linux 2 : libxslt (ALAS-2025-2831)
The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2831 advisory. The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16....
Amazon Linux 2 : thunderbird (ALAS-2025-2830)
The version of thunderbird installed on the remote host is prior to 128.8.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2830 advisory. There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99...
Amazon Linux 2 : golang (ALAS-2025-2825)
The version of golang installed on the remote host is prior to 1.23.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2825 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-053)
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-053 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
Amazon Linux 2 : libxslt (ALAS-2025-2823)
The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2823 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-052)
The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-052 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, includi...
Amazon Linux 2 : glibc (ALAS-2025-2828)
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2828 advisory. When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failur...
Amazon Linux 2 : kernel (ALAS-2025-2826)
The version of kernel installed on the remote host is prior to 4.14.355-276.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2826 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 ...
Amazon Linux 2 : containerd (ALASDOCKER-2025-055)
The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-055 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including suppo...
Amazon Linux 2023 : freetype, freetype-demos, freetype-devel (ALAS2023-2025-925)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-925 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed...
Amazon Linux 2 : vim (ALAS-2025-2827)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2827 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-088 (ALASKERNEL-5.10-2025-088)
The version of kernel installed on the remote host is prior to 5.10.235-227.919. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-088 advisory. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev...
Medium: glibc
Issue Overview: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-0395 Affected...
Medium: pcs
Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...
Important: golang
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...