Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.12 views

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-921)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-921 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . If you need to parse untrusted XMLs, you many be impacte...

7.5CVSS7.1AI score0.02064EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.23 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-087)

The version of kernel installed on the remote host is prior to 5.10.234-225.921. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-087 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in...

7.8CVSS6.6AI score0.00245EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.21 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-920)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-920 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum...

7.8CVSS6.3AI score0.00275EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.20 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-899)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-899 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.10 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.11 views

Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-891)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-891 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...

7.8CVSS7.8AI score0.00474EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.26 views

Amazon Linux 2023 : python3-jinja2 (ALAS2023-2025-894)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-894 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template t...

8.8CVSS7.8AI score0.00465EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.14 views

Amazon Linux 2023 : libxslt, libxslt-devel, python3-libxslt (ALAS2023-2025-905)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-905 advisory. The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 1...

6.5CVSS6.9AI score0.01092EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.13 views

Amazon Linux 2023 : libcap, libcap-devel, libcap-static (ALAS2023-2025-897)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-897 advisory. The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not starting with @ are incorrectly recognized as group names. This may resul...

6.1CVSS6.5AI score0.00149EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.11 views

Amazon Linux 2023 : java-23-amazon-corretto, java-23-amazon-corretto-devel, java-23-amazon-corretto-headless (ALAS2023-2025-904)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-904 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle...

4.8CVSS6.4AI score0.01157EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.23 views

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-896)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-896 advisory. libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must...

9.8CVSS6.9AI score0.0113EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.16 views

Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-895 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...

7.8CVSS7.8AI score0.00474EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.5 views

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-893)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-893 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template t...

8.8CVSS7.8AI score0.00465EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.14 views

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2025-903)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-903 advisory. Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly...

8.3CVSS7.8AI score0.00856EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.11 views

Amazon Linux 2023 : libsndfile, libsndfile-devel, libsndfile-utils (ALAS2023-2025-902)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-902 advisory. libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Tenable has extracted the preceding description block directly from the tested product security advisor...

5.5CVSS6.2AI score0.00308EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.12 views

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-892)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-892 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...

7.8CVSS7.8AI score0.00474EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.11 views

Amazon Linux 2 : python-pip (ALAS-2025-2799)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2799 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the isprivate and isglobal properties of...

7.5CVSS6.7AI score0.01034EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.13 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-900)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-900 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potential...

7.8CVSS6.5AI score0.0067EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.12 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...

7.8CVSS6.7AI score0.01499EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.54 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-901)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-901 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nfctfindexpectation CVE-2023-52927 In the Linux kernel, the following vulnerability...

7.8CVSS6.1AI score0.00294EPSS
Exploits2References38
Rows per page
Query Builder