9382 matches found
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-921)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-921 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . If you need to parse untrusted XMLs, you many be impacte...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-087)
The version of kernel installed on the remote host is prior to 5.10.234-225.921. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-087 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-920)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-920 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-899)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-899 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...
Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-891)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-891 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...
Amazon Linux 2023 : python3-jinja2 (ALAS2023-2025-894)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-894 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template t...
Amazon Linux 2023 : libxslt, libxslt-devel, python3-libxslt (ALAS2023-2025-905)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-905 advisory. The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 1...
Amazon Linux 2023 : libcap, libcap-devel, libcap-static (ALAS2023-2025-897)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-897 advisory. The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not starting with @ are incorrectly recognized as group names. This may resul...
Amazon Linux 2023 : java-23-amazon-corretto, java-23-amazon-corretto-devel, java-23-amazon-corretto-headless (ALAS2023-2025-904)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-904 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-896)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-896 advisory. libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must...
Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-895)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-895 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-893)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-893 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template t...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2025-903)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-903 advisory. Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly...
Amazon Linux 2023 : libsndfile, libsndfile-devel, libsndfile-utils (ALAS2023-2025-902)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-902 advisory. libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Tenable has extracted the preceding description block directly from the tested product security advisor...
Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-892)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-892 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...
Amazon Linux 2 : python-pip (ALAS-2025-2799)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2799 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the isprivate and isglobal properties of...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-900)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-900 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potential...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-901)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-901 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nfctfindexpectation CVE-2023-52927 In the Linux kernel, the following vulnerability...