Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.13 views

Amazon Linux 2 : microcode_ctl (ALAS-2025-2787)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2787 advisory. Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to...

6.8CVSS5.9AI score0.00223EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.28 views

Amazon Linux 2 : emacs (ALAS-2025-2770)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2770 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...

8.8CVSS8.1AI score0.02679EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.4 views

Amazon Linux 2 : libglvnd (ALAS-2025-2782)

The version of libglvnd installed on the remote host is prior to 1.0.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2782 advisory. libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen...

9.8CVSS5.5AI score0.0092EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/10 12:0 a.m.10 views

Amazon Linux 2 : kernel, --advisory ALAS2-2025-2778 (ALAS-2025-2778)

The version of kernel installed on the remote host is prior to 4.14.352-267.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2778 advisory. In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time...

7.8CVSS6.2AI score0.00302EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.15 views

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-889)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is...

7.5CVSS6.3AI score0.02656EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.13 views

Amazon Linux AMI : kernel (ALAS-2025-1962)

The version of kernel installed on the remote host is prior to 4.14.353-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1962 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2st...

8.4CVSS6.5AI score0.00269EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.13 views

Amazon Linux 2023 : microcode_ctl (ALAS2023-2025-888)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-888 advisory. Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of...

6.8CVSS5.9AI score0.00223EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.15 views

Amazon Linux AMI : kernel (ALAS-2025-1961)

The version of kernel installed on the remote host is prior to 4.14.355-194.598. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1961 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun...

7.8CVSS6.7AI score0.0028EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.12 views

Amazon Linux 2023 : ecs-init (ALAS2023-2025-886)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-886 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or...

3.6CVSS6.6AI score0.00317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/07 12:0 a.m.23 views

Amazon Linux AMI : kernel (ALAS-2025-1963)

The version of kernel installed on the remote host is prior to 4.14.352-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1963 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in...

7.8CVSS6.5AI score0.0026EPSS
Exploits0References6
Amazon
Amazon
added 2025/03/06 12:0 a.m.3 views

Important: kernel-livepatch-4.14.355-275.572

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun CVE-2024-49995 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing CVE-2024-50279...

7.1CVSS6.9AI score0.00262EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.20 views

Medium: libglvnd

Issue Overview: libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen. NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server...

9.8CVSS9.6AI score0.0092EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.2 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

5.6CVSS7.5AI score0.00309EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.33 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

5.6CVSS6.3AI score0.00309EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.1 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbdopen CVE-2023-52837 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ...

7.8CVSS6.6AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Important: postgresql

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.1AI score0.89472EPSS
Exploits10
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

8.8CVSS7.5AI score0.00465EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key CVE-2024-53179 In the Linux kernel, the...

7.8CVSS6.6AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

7.5CVSS7.7AI score0.06873EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

3.1CVSS6.9AI score0.00521EPSS
Exploits0
Rows per page
Query Builder