Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.15 views

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-062)

The version of kernel installed on the remote host is prior to 5.15.176-118.178. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-062 advisory. Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has...

7.8CVSS6.5AI score0.00233EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.11 views

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-092)

The version of kernel installed on the remote host is prior to 5.4.289-204.398. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-092 advisory. Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has...

7.8CVSS6.6AI score0.00273EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.16 views

Amazon Linux 2 : python3 (ALAS-2025-2743)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2743 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for th...

9.1CVSS7.3AI score0.05582EPSS
Exploits1References4
Amazon
Amazon
added 2025/02/04 12:0 a.m.4 views

Important: amazon-ssm-agent

Issue Overview: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags...

9.8CVSS7.4AI score0.0124EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.12 views

Important: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-samples to accommodate stream-nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the...

9.8CVSS8.6AI score0.00997EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.23 views

Medium: python

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

9.1CVSS7.8AI score0.05582EPSS
Exploits1
Amazon
Amazon
added 2025/02/04 12:0 a.m.5 views

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

9.1CVSS7AI score0.05582EPSS
Exploits1
Amazon
Amazon
added 2025/02/04 12:0 a.m.2 views

Important: gstreamer1

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a lar...

9.8CVSS8.1AI score0.01344EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.9 views

Important: kernel

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additiona...

7.8CVSS6.8AI score0.00233EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.4 views

Important: kernel

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat CVE-2024-49884 In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UA...

7.8CVSS6.6AI score0.00273EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.8 views

Amazon Linux 2 : nerdctl (ALAS-2025-2749)

The version of nerdctl installed on the remote host is prior to 2.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2749 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization...

9.1CVSS7.3AI score0.03092EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.22 views

Amazon Linux 2 : python (ALAS-2025-2744)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2744 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the...

9.1CVSS7.3AI score0.05582EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.11 views

Amazon Linux 2 : qemu (ALAS-2025-2742)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2742 advisory. A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM...

8.2CVSS7.6AI score0.0025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.18 views

Amazon Linux 2 : edk2 (ALAS-2025-2750)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2750 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature...

4.1CVSS6.2AI score0.00601EPSS
Exploits0References4
Amazon
Amazon
added 2025/02/04 12:0 a.m.20 views

Important: kernel

Issue Overview: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory...

7.8CVSS7AI score0.01245EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.12 views

Amazon Linux 2 : kernel (ALAS-2025-2752)

The version of kernel installed on the remote host is prior to 4.14.256-197.484. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2752 advisory. A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls...

7.8CVSS6.1AI score0.01245EPSS
Exploits2References26
Amazon
Amazon
added 2025/01/24 12:0 a.m.2 views

Important: iperf3

Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Issue Correction: Run dnf update iperf3 --releasever 2023.6.20250123 or dnf update --advisory ALAS2023-2025-812 --releasever...

7.5CVSS7.2AI score0.00908EPSS
Exploits1
Amazon
Amazon
added 2025/01/24 12:0 a.m.4 views

Medium: perl-Module-ScanDeps

Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

7.8CVSS7.4AI score0.08598EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.27 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-090 (ALASKERNEL-5.4-2025-090)

The version of kernel installed on the remote host is prior to 5.4.286-201.385. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-090 advisory. In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity...

9.1CVSS7.2AI score0.01367EPSS
Exploits2References163
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.10 views

Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-821)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-821 advisory. openjpeg: denail of service via crafted image file CVE-2023-39328 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not teste...

5.5CVSS6AI score0.00242EPSS
Exploits0References4
Rows per page
Query Builder