Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.14 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-913)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-913 advisory. NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJNOTE: https://github.com/golang/go/issues/71984NOTE: Fixed by:...

4.4CVSS6.9AI score0.00384EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.23 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-911)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-911 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache...

10CVSS9AI score0.99945EPSS
Exploits46References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.15 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-914)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-914 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to b...

8.7CVSS7.1AI score0.00868EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.9 views

Amazon Linux 2023 : jq, jq-devel (ALAS2023-2025-919)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-919 advisory. decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated...

8.1CVSS6.1AI score0.00352EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.22 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-915)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-915 advisory. In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following...

7.8CVSS6.9AI score0.13626EPSS
Exploits3References54
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.17 views

Amazon Linux 2 : php (ALASPHP8.2-2025-007)

The version of php installed on the remote host is prior to 8.2.28-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-007 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using...

9.8CVSS6.2AI score0.0079EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.7 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-917)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-917 advisory. During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the...

2.3CVSS6.3AI score0.00561EPSS
Exploits0References4
Amazon
Amazon
added 2025/04/01 12:0 a.m.4 views

Important: libxslt

Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...

7.8CVSS7.8AI score0.00324EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.12 views

Medium: python3

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.27 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-923)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-923 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...

9.8CVSS7.8AI score0.27095EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.34 views

Amazon Linux 2 : python-pip (ALAS-2025-2814)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2814 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence i...

9.8CVSS7.8AI score0.27095EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.19 views

Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2025-018)

The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2025-018 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

9.8CVSS7.8AI score0.27095EPSS
Exploits4References4
Amazon
Amazon
added 2025/04/01 12:0 a.m.16 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS8AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.7 views

Medium: python38-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.26 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-924)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-924 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...

9.8CVSS7.8AI score0.27095EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.25 views

Amazon Linux 2 : python3 (ALAS-2025-2815)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2815 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...

9.8CVSS8.1AI score0.27095EPSS
Exploits3References6
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.6 views

Important: kernel-livepatch-5.10.233-224.894

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0...

7.8CVSS6.7AI score0.00271EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.27 views

Important: freetype

Issue Overview: FreeType 2.8.1 has a signed integer overflow in cf2doFlex in cff/cf2intrp.c. CVE-2025-23022 An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code...

8.1CVSS7.5AI score0.23357EPSS
Exploits1
Amazon
Amazon
added 2025/04/01 12:0 a.m.4 views

Important: kernel-livepatch-5.10.234-225.910

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00256EPSS
Exploits0
Rows per page
Query Builder