9382 matches found
Important: git-lfs
Issue Overview: Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it...
Medium: apache-commons-compress
Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...
Medium: ansible-core
Issue Overview: This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. CVE-2024-11079...
Low: docker
Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...
Amazon Linux AMI : kernel (ALAS-2025-1960)
The version of kernel installed on the remote host is prior to 4.14.355-195.591. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1960 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method...
Medium: openjpeg2
Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250203 or dnf update --advisory ALAS2023-2025-830 --releasever 2023.6.20250203 to update your system. More information ...
Important: kernel-livepatch-6.1.94-99.176
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-6.1.94-99.176 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-837)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-837 advisory. ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wiresha...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-822 advisory. Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is...
Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-838)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-838 advisory. It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause...
Amazon Linux 2023 : nerdctl (ALAS2023-2025-833)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-833 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that...
Important: amazon-ssm-agent
Issue Overview: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags...
Important: python-virtualenv
Issue Overview: virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. CVE-2024-53899 Affected Packages: python-virtualenv Issue...
Amazon Linux 2023 : python3-virtualenv (ALAS2023-2025-831)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-831 advisory. virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as...
Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-830)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-830 advisory. openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-823)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-823 advisory. In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability ha...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-836)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-836 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability h...
Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-826)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-826 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE:...
Amazon Linux AMI : less (ALAS-2025-1958)
The version of less installed on the remote host is prior to 436-13.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1958 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-834)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-834 advisory. 2025-02-11: CVE-2024-45338 was added to this advisory. 2025-02-11: CVE-2024-51744 was added to this advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback...