Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.18 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-930)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-930 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.21 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-938)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-938 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 Tenable has extracted the preceding description block directly from t...

7.8CVSS6.1AI score0.00237EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.14 views

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-928)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-928 advisory. In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the hos...

5.3CVSS6.8AI score0.00472EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.22 views

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-936)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-936 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...

9.8CVSS6.2AI score0.0079EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.25 views

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-932)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-932 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...

7.8CVSS4AI score0.00492EPSS
Exploits1References10
Amazon
Amazon
added 2025/04/07 12:0 a.m.14 views

Medium: python3

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

7.8CVSS8AI score0.00647EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/07 12:0 a.m.17 views

Amazon Linux 2 : python3 (ALAS-2025-2817)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2817 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment we...

7.8CVSS6.8AI score0.00647EPSS
Exploits0References4
Amazon
Amazon
added 2025/04/01 12:0 a.m.4 views

Important: php8.3

Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477 https://www.tenable.com/cve/CVE-2024-11235 Version This vulnerability is present only in PHP 8.3+. The PHP 8.2 and versions before are not impacted. CVE-2024-11235 Header parser of http stream wrapper doe...

9.8CVSS6.9AI score0.01263EPSS
Exploits3
Amazon
Amazon
added 2025/04/01 12:0 a.m.14 views

Important: rust

Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code...

9.8CVSS10AI score0.01546EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.22 views

Important: ghostscript

Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...

9.8CVSS7.9AI score0.00806EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.11 views

Medium: python3

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.11 views

Medium: iniparser

Issue Overview: Heap-based Buffer Overflow vulnerability in iniparserdumpsectionini in iniparser allows attacker to read out of bound memory CVE-2025-0633 Affected Packages: iniparser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the differenc...

5.1CVSS5.5AI score0.00215EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.16 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS8AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.7 views

Medium: python38-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.3 views

Important: libxslt

Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...

7.8CVSS7.8AI score0.00324EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.5 views

Medium: iptraf-ng

Issue Overview: iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Affected Packages: iptraf-ng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

7.5CVSS7.6AI score0.00727EPSS
Exploits1
Amazon
Amazon
added 2025/04/01 12:0 a.m.3 views

Medium: iptraf-ng

Issue Overview: iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Affected Packages: iptraf-ng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

7.5CVSS7.3AI score0.00727EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.13 views

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-906)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-906 advisory. Buffer overflow in Ghostscript new PDF Interpreter PDFI. CVE-2025-27833 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...

7.8CVSS6.5AI score0.0022EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.14 views

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-907)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-907 advisory. The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.cThe calculation of the...

9.8CVSS7.1AI score0.00806EPSS
Exploits0References4
Rows per page
Query Builder