Lucene search
K

9379 matches found

Amazon
Amazon
added 2025/04/29 12:0 a.m.2 views

Important: libsoup

Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...

7CVSS6.8AI score0.0067EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.29 views

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-941)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-941 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds i...

9CVSS6.9AI score0.00798EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2025/04/22 12:0 a.m.34 views

Amazon Linux AMI : kernel (ALAS-2025-1970)

The version of kernel installed on the remote host is prior to 4.14.355-196.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1970 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 I...

7.8CVSS6.6AI score0.08906EPSS
Exploits1References32
Tenable Nessus
Tenable Nessus
added 2025/04/22 12:0 a.m.13 views

Amazon Linux AMI : golang (ALAS-2025-1971)

The version of golang installed on the remote host is prior to 1.23.7-1.50. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1971 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

7.5CVSS7.1AI score0.01403EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.6 views

Amazon Linux 2 : edk2 (ALAS-2025-2824)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2824 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2025-229...

3.5CVSS6AI score0.00226EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.8 views

Amazon Linux 2 : libxslt (ALAS-2025-2831)

The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2831 advisory. The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16....

6.5CVSS7AI score0.01092EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.11 views

Amazon Linux 2 : thunderbird (ALAS-2025-2830)

The version of thunderbird installed on the remote host is prior to 128.8.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2830 advisory. There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99...

9.8CVSS7AI score0.01817EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.8 views

Amazon Linux 2 : golang (ALAS-2025-2825)

The version of golang installed on the remote host is prior to 1.23.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2825 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

9.1CVSS7AI score0.00724EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.13 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-053)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-053 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

7.5CVSS7.2AI score0.00868EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.12 views

Amazon Linux 2 : libxslt (ALAS-2025-2823)

The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2823 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

7.8CVSS7.1AI score0.00324EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.17 views

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-052)

The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-052 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, includi...

8.7CVSS6.9AI score0.00369EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.9 views

Amazon Linux 2 : glibc (ALAS-2025-2828)

The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2828 advisory. When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failur...

6.2CVSS6.9AI score0.00349EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.20 views

Amazon Linux 2 : kernel (ALAS-2025-2826)

The version of kernel installed on the remote host is prior to 4.14.355-276.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2826 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 ...

7.8CVSS6.6AI score0.08906EPSS
Exploits1References34
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.17 views

Amazon Linux 2 : containerd (ALASDOCKER-2025-055)

The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-055 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including suppo...

8.7CVSS6.9AI score0.00369EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.24 views

Amazon Linux 2023 : freetype, freetype-demos, freetype-devel (ALAS2023-2025-925)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-925 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed...

8.1CVSS7.2AI score0.23357EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.17 views

Amazon Linux 2 : vim (ALAS-2025-2827)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2827 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...

7.8CVSS4.1AI score0.00492EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.33 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-088 (ALASKERNEL-5.10-2025-088)

The version of kernel installed on the remote host is prior to 5.10.235-227.919. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-088 advisory. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev...

7.8CVSS6.9AI score0.08906EPSS
Exploits4References126
Amazon
Amazon
added 2025/04/16 12:0 a.m.8 views

Medium: glibc

Issue Overview: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-0395 Affected...

7.5CVSS7.2AI score0.00349EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.6 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

7.5CVSS7AI score0.00699EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.25 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.1AI score0.00724EPSS
Exploits0
Rows per page
Query Builder