9382 matches found
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-930)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-930 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-938)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-938 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 Tenable has extracted the preceding description block directly from t...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-928)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-928 advisory. In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the hos...
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-936)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-936 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-932)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-932 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...
Medium: python3
Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...
Amazon Linux 2 : python3 (ALAS-2025-2817)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2817 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment we...
Important: php8.3
Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://www.tenable.com/cve/CVE-2024-11235 Version This vulnerability is present only in PHP 8.3+. The PHP 8.2 and versions before are not impacted. CVE-2024-11235 Header parser of http stream wrapper doe...
Important: rust
Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code...
Important: ghostscript
Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...
Medium: python3
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Medium: iniparser
Issue Overview: Heap-based Buffer Overflow vulnerability in iniparserdumpsectionini in iniparser allows attacker to read out of bound memory CVE-2025-0633 Affected Packages: iniparser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the differenc...
Medium: python-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Medium: python38-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Medium: python-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Important: libxslt
Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...
Medium: iptraf-ng
Issue Overview: iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Affected Packages: iptraf-ng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...
Medium: iptraf-ng
Issue Overview: iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Affected Packages: iptraf-ng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-906)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-906 advisory. Buffer overflow in Ghostscript new PDF Interpreter PDFI. CVE-2025-27833 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-907)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-907 advisory. The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.cThe calculation of the...