9382 matches found
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-908)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-908 advisory. Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-087)
The version of kernel installed on the remote host is prior to 5.10.234-225.921. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-087 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-920)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-920 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-921)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-921 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . If you need to parse untrusted XMLs, you many be impacte...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-910)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-910 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache...
Low: python3
Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...
Low: PackageKit
Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...
Medium: golang
Issue Overview: NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ NOTE: https://github.com/golang/go/issues/71984 NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a go1.24.1 NOTE: Fixed by:...
Low: PackageKit
Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...
Low: python3
Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...
Medium: golang
Issue Overview: NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ NOTE: https://github.com/golang/go/issues/71984 NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a go1.24.1 NOTE: Fixed by:...
Important: ghostscript
Issue Overview: Buffer overflow in Ghostscript new PDF Interpreter PDFI. CVE-2025-27833 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releasever 2023.7.20250331 or dnf update --advisory ALAS2023-2025-906 --releasever 2023.7.20250331 to update your system. More...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key CVE-2024-53179 Affected Packages: kerne...
Low: python3.9
Issue Overview: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header bein...
Medium: php
Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...
Amazon Linux 2 : PackageKit (ALAS-2025-2811)
The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2811 advisory. A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be...
Amazon Linux 2 : iptraf-ng (ALAS-2025-2810)
The version of iptraf-ng installed on the remote host is prior to 1.1.4-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2810 advisory. iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Tenable has extracted the preceding description block directly...
Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-922)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-922 advisory. NOTE:https://github.com/php/php-src/security/advisories/GHSA- rwp7-7vc6-8477https://www.tenable.com/cve/CVE-2024-11235 VersionThis vulnerability is present only in PHP 8.3+. The PHP 8.2 and...
Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-916)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-916 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...
Amazon Linux 2023 : libxslt, libxslt-devel, python3-libxslt (ALAS2023-2025-909)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-909 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free becaus...