9382 matches found
Medium: batik
Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...
Medium: python-pillow
Issue Overview: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file. CVE-2016-2533 Affected Packages: python-pillow Note: This...
Low: python-pip
Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...
Low: python-pip
Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...
Medium: perl-App-cpanminus
Issue Overview: The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...
Medium: python
Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount CVE-2024-49960 In the Linux kernel, the...
Amazon Linux AMI : emacs (ALAS-2025-1964)
The version of emacs installed on the remote host is prior to 24.3-20.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1964 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-067)
The version of kernel installed on the remote host is prior to 5.15.178-120.187. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-067 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-864)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-864 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash CVE-2023-53037 In the Linux kernel, the following vulnerability has...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-876)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-876 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommusvabinddevice CVE-2024-40945 In the Linux kernel, the following vulnerability has been...
Amazon Linux 2 : kernel, --advisory ALAS2-2024-2696 (ALAS-2024-2696)
The version of kernel installed on the remote host is prior to 4.14.355-271.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2696 advisory. In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-082 (ALASKERNEL-5.10-2025-082)
The version of kernel installed on the remote host is prior to 5.10.234-225.895. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-082 advisory. Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allo...
Amazon Linux 2 : python-pillow (ALAS-2025-2784)
The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2784 advisory. Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows...
Amazon Linux 2 : expat (ALAS-2025-2774)
The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2774 advisory. An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can...
Amazon Linux 2 : kernel, --advisory ALAS2-2025-2777 (ALAS-2025-2777)
The version of kernel installed on the remote host is prior to 4.14.353-270.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2777 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic...
Amazon Linux 2 : openssl11 (ALAS-2025-2781)
The version of openssl11 installed on the remote host is prior to 1.1.1zb-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2781 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature...
Amazon Linux 2 : openjpeg2 (ALAS-2025-2773)
The version of openjpeg2 installed on the remote host is prior to 2.4.0-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2773 advisory. openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c...
Amazon Linux 2 : openssh (ALAS-2025-2769)
The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2769 advisory. A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed ...
Amazon Linux 2 : microcode_ctl (ALAS-2025-2787)
The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2787 advisory. Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to...