9382 matches found
Amazon Linux 2023 : zziplib, zziplib-devel, zziplib-utils (ALAS2023-2025-859)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-859 advisory. Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overfl...
Amazon Linux 2023 : harfbuzz, harfbuzz-devel, harfbuzz-icu (ALAS2023-2025-848)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-848 advisory. HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Tenable has extracted the preceding...
Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-858)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-858 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-855)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-855 advisory. In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD CVE-2024-49994 In the Linux kernel, the following vulnerability has been resolve...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-862)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-862 advisory. xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Tenable has extracted the preceding description block directly from the tested product security advisory...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-050)
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-050 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims c...
Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...
Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2025-849)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-849 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that...
Amazon Linux 2 : python3 (ALAS-2025-2762)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2762 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally...
Amazon Linux 2 : emacs (ALAS-2025-2757)
The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2757 advisory. In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-850)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-850 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch...
Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to moun...
Amazon Linux 2 : python3 (ALAS-2025-2754)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2754 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 ...
Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-856)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-856 advisory. PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990NOTE: https://cgit.ghostscript.com/cgi-...
Amazon Linux 2023 : libglvnd, libglvnd-core-devel, libglvnd-devel (ALAS2023-2025-861)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-861 advisory. libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen. NOTE: this is disputed because there are no common situations in which...
Amazon Linux 2023 : docker (ALAS2023-2025-852)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-852 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they...
Amazon Linux 2 : grub2 (ALAS-2025-2756)
The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2756 advisory. GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-847)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-847 advisory. GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Tenable has extracted the preceding description block directly...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-843)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-843 advisory. A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be...
Amazon Linux 2023 : gsl, gsl-devel (ALAS2023-2025-853)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-853 advisory. GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Tenable h...