9382 matches found
Amazon Linux 2 : libxml2 (ALAS-2025-2794)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2794 advisory. libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-064 (ALASKERNEL-5.15-2025-064)
The version of kernel installed on the remote host is prior to 5.15.166-111.163. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-064 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer...
Amazon Linux 2 : python-pillow (ALAS-2025-2803)
The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2803 advisory. Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-095 (ALASKERNEL-5.4-2025-095)
The version of kernel installed on the remote host is prior to 5.4.282-194.378. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-095 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-901)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-901 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nfctfindexpectation CVE-2023-52927 In the Linux kernel, the following vulnerability...
Amazon Linux 2 : xorg-x11-server (ALAS-2025-2791)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2791 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to free...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-086)
The version of kernel installed on the remote host is prior to 5.10.135-122.509. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-086 advisory. An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a...
Medium: python3.9
Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...
Medium: libxslt
Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. CVE-2023-40403...
Medium: libsndfile
Issue Overview: libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Affected Packages: libsndfile Issue Correction: Run dnf update libsndfile --releasever 2023.6.20250317 or dnf update --advisory ALAS2023-2025-902 --releasever 2023.6.20250317 to upda...
Important: python-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...
Medium: libsndfile
Issue Overview: libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Affected Packages: libsndfile Issue Correction: Run dnf update libsndfile --releasever 2023.6.20250317 to update your system. New Packages: aarch64: ...
Important: kernel-livepatch-6.1.124-134.200
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 Affected Packages: kernel-livepatch-6.1.124-134.200 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Medium: python3.9
Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...
Important: libcap
Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...
Medium: python-pillow
Issue Overview: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file. CVE-2016-2533 Affected Packages: python-pillow Note: This...
Important: libcap
Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...
Medium: batik
Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...
Medium: batik
Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...