Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.21 views

Amazon Linux 2 : libxml2 (ALAS-2025-2794)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2794 advisory. libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...

9.8CVSS7AI score0.0113EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.19 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-064 (ALASKERNEL-5.15-2025-064)

The version of kernel installed on the remote host is prior to 5.15.166-111.163. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-064 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer...

7.8CVSS6.2AI score0.00879EPSS
Exploits2References36
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.20 views

Amazon Linux 2 : python-pillow (ALAS-2025-2803)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2803 advisory. Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library...

6.5CVSS6.8AI score0.03998EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.21 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-095 (ALASKERNEL-5.4-2025-095)

The version of kernel installed on the remote host is prior to 5.4.282-194.378. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-095 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to...

8.4CVSS6.8AI score0.00398EPSS
Exploits1References68
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.12 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...

7.8CVSS6.7AI score0.01499EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.54 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-901)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-901 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nfctfindexpectation CVE-2023-52927 In the Linux kernel, the following vulnerability...

7.8CVSS6.1AI score0.00294EPSS
Exploits2References38
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.10 views

Amazon Linux 2 : xorg-x11-server (ALAS-2025-2791)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2791 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to free...

7.8CVSS7.8AI score0.00474EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.16 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-086)

The version of kernel installed on the remote host is prior to 5.10.135-122.509. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-086 advisory. An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a...

7.8CVSS7.6AI score0.05561EPSS
Exploits3References120
Amazon
Amazon
added 2025/03/26 12:0 a.m.7 views

Medium: python3.9

Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...

6.3CVSS7.6AI score0.01499EPSS
Exploits0
Amazon
Amazon
added 2025/03/26 12:0 a.m.3 views

Medium: libxslt

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. CVE-2023-40403...

6.5CVSS6.1AI score0.01092EPSS
Exploits0
Amazon
Amazon
added 2025/03/26 12:0 a.m.3 views

Medium: libsndfile

Issue Overview: libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Affected Packages: libsndfile Issue Correction: Run dnf update libsndfile --releasever 2023.6.20250317 or dnf update --advisory ALAS2023-2025-902 --releasever 2023.6.20250317 to upda...

5.5CVSS8AI score0.00308EPSS
Exploits1
Amazon
Amazon
added 2025/03/26 12:0 a.m.6 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

8.8CVSS8.6AI score0.00465EPSS
Exploits0
Amazon
Amazon
added 2025/03/26 12:0 a.m.3 views

Medium: libsndfile

Issue Overview: libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Affected Packages: libsndfile Issue Correction: Run dnf update libsndfile --releasever 2023.6.20250317 to update your system. New Packages: aarch64: ...

5.5CVSS6.8AI score0.00308EPSS
Exploits1
Amazon
Amazon
added 2025/03/26 12:0 a.m.3 views

Important: kernel-livepatch-6.1.124-134.200

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 Affected Packages: kernel-livepatch-6.1.124-134.200 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.1CVSS6.4AI score0.00271EPSS
Exploits0
Amazon
Amazon
added 2025/03/26 12:0 a.m.6 views

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

7.8CVSS7.8AI score0.0067EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.12 views

Important: libcap

Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...

6.1CVSS6.5AI score0.00149EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.7 views

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file. CVE-2016-2533 Affected Packages: python-pillow Note: This...

6.5CVSS7AI score0.03998EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.7 views

Important: libcap

Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...

6.1CVSS6.8AI score0.00149EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.2 views

Medium: batik

Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...

7.1CVSS6.8AI score0.00786EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.9 views

Medium: batik

Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...

7.1CVSS5.7AI score0.00786EPSS
Exploits0
Rows per page
Query Builder