9382 matches found
Low: tomcat
Issue Overview: Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are...
Medium: thunderbird
Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...
Medium: thunderbird
Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...
Important: kernel-livepatch-4.14.355-275.603
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer CVE-2024-53103 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted...
Important: kernel-livepatch-5.10.233-223.887
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.233-223.887 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: kernel-livepatch-5.10.234-225.917
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.917 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: kernel-livepatch-5.10.234-225.921
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.921 Issue Correction: Please ensure you have live patching enabled. Run yum update...
Important: docker
Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...
Medium: ecs-service-connect-agent
Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...
Important: golang
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Medium: ruby3.2
Issue Overview: In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. CVE-2025-27221 Affected Packages: ruby3.2 Issue Correction: Run dnf update...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-938)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-938 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 Tenable has extracted the preceding description block directly from t...
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-936)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-936 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-932)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-932 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-927)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-927 advisory. PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info:...
Amazon Linux 2023 : docker (ALAS2023-2025-934)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-934 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable ...
Important: docker
Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...
Amazon Linux 2023 : nerdctl (ALAS2023-2025-931)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-931 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-930)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-930 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-933)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-933 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...