9382 matches found
Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-830)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-830 advisory. openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-823)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-823 advisory. In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability ha...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-836)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-836 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability h...
Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-826)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-826 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE:...
Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2025-827)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-827 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE:...
Important: bind
Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...
Medium: java-11-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...
Medium: java-17-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...
Important: bind
Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...
Amazon Linux 2 : kernel (ALAS-2025-2745)
The version of kernel installed on the remote host is prior to 4.14.355-275.582. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2745 advisory. In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in...
Amazon Linux 2 : bind (ALAS-2025-2751)
The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2751 advisory. It is possible to construct a zone such that some queries to it will generate responses containing numerous records in t...
Important: gstreamer1
Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a lar...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify CVE-2024-26852 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify CVE-2024-26852 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-081)
The version of kernel installed on the remote host is prior to 5.10.233-224.894. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-081 advisory. Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has...
Amazon Linux 2 : java-17-amazon-corretto (ALAS-2025-2740)
The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.14+7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2740 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracl...
Amazon Linux 2 : java-11-amazon-corretto (ALAS-2025-2741)
The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.26+4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2741 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracl...
Amazon Linux 2 : gstreamer1 (ALAS-2025-2746)
The version of gstreamer1 installed on the remote host is prior to 1.18.4-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2746 advisory. GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the...
Medium: edk2
Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...
Medium: edk2
Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...