Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.13 views

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-908)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-908 advisory. Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and...

9.8CVSS7.2AI score0.00579EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.23 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-087)

The version of kernel installed on the remote host is prior to 5.10.234-225.921. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-087 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in...

7.8CVSS6.6AI score0.00245EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.21 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-920)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-920 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum...

7.8CVSS6.3AI score0.00275EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.12 views

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-921)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-921 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . If you need to parse untrusted XMLs, you many be impacte...

7.5CVSS7.1AI score0.02064EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.27 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-910)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-910 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache...

10CVSS9AI score0.99945EPSS
Exploits46References4
Amazon
Amazon
added 2025/04/01 12:0 a.m.18 views

Low: python3

Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...

2.3CVSS5.5AI score0.00561EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.14 views

Low: PackageKit

Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...

3.3CVSS3.6AI score0.00228EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.7 views

Medium: golang

Issue Overview: NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ NOTE: https://github.com/golang/go/issues/71984 NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a go1.24.1 NOTE: Fixed by:...

4.4CVSS7.2AI score0.00384EPSS
Exploits2
Amazon
Amazon
added 2025/04/01 12:0 a.m.6 views

Low: PackageKit

Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...

3.3CVSS6.7AI score0.00228EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.5 views

Low: python3

Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...

2.3CVSS6.9AI score0.00561EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.5 views

Medium: golang

Issue Overview: NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ NOTE: https://github.com/golang/go/issues/71984 NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a go1.24.1 NOTE: Fixed by:...

4.4CVSS9.3AI score0.00384EPSS
Exploits2
Amazon
Amazon
added 2025/04/01 12:0 a.m.5 views

Important: ghostscript

Issue Overview: Buffer overflow in Ghostscript new PDF Interpreter PDFI. CVE-2025-27833 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releasever 2023.7.20250331 or dnf update --advisory ALAS2023-2025-906 --releasever 2023.7.20250331 to update your system. More...

7.8CVSS7.8AI score0.0022EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.2 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key CVE-2024-53179 Affected Packages: kerne...

7.8CVSS6.6AI score0.00245EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.4 views

Low: python3.9

Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...

2.3CVSS6.8AI score0.00561EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.3 views

Medium: php

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

9.8CVSS7AI score0.0079EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.13 views

Amazon Linux 2 : PackageKit (ALAS-2025-2811)

The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2811 advisory. A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be...

3.3CVSS4.9AI score0.00228EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.11 views

Amazon Linux 2 : iptraf-ng (ALAS-2025-2810)

The version of iptraf-ng installed on the remote host is prior to 1.1.4-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2810 advisory. iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Tenable has extracted the preceding description block directly...

7.5CVSS7AI score0.00727EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.31 views

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-922)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-922 advisory. NOTE:https://github.com/php/php-src/security/advisories/GHSA- rwp7-7vc6-8477https://www.tenable.com/cve/CVE-2024-11235 VersionThis vulnerability is present only in PHP 8.3+. The PHP 8.2 and...

9.8CVSS6.3AI score0.01263EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.21 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-916)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-916 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...

9.8CVSS6.2AI score0.0079EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.18 views

Amazon Linux 2023 : libxslt, libxslt-devel, python3-libxslt (ALAS2023-2025-909)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-909 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free becaus...

7.8CVSS7AI score0.00324EPSS
Exploits4References6
Rows per page
Query Builder