9382 matches found
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-913)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-913 advisory. NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJNOTE: https://github.com/golang/go/issues/71984NOTE: Fixed by:...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-911)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-911 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-914)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-914 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to b...
Amazon Linux 2023 : jq, jq-devel (ALAS2023-2025-919)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-919 advisory. decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-915)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-915 advisory. In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following...
Amazon Linux 2 : php (ALASPHP8.2-2025-007)
The version of php installed on the remote host is prior to 8.2.28-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-007 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-917)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-917 advisory. During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the...
Important: libxslt
Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...
Medium: python3
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-923)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-923 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...
Amazon Linux 2 : python-pip (ALAS-2025-2814)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2814 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence i...
Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2025-018)
The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2025-018 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...
Medium: python-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Medium: python38-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-924)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-924 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence...
Amazon Linux 2 : python3 (ALAS-2025-2815)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2815 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows...
Medium: python-pip
Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...
Important: kernel-livepatch-5.10.233-224.894
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0...
Important: freetype
Issue Overview: FreeType 2.8.1 has a signed integer overflow in cf2doFlex in cff/cf2intrp.c. CVE-2025-23022 An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code...
Important: kernel-livepatch-5.10.234-225.910
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum update...