9382 matches found
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-062)
The version of kernel installed on the remote host is prior to 5.15.176-118.178. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-062 advisory. Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-092)
The version of kernel installed on the remote host is prior to 5.4.289-204.398. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-092 advisory. Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has...
Amazon Linux 2 : python3 (ALAS-2025-2743)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2743 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for th...
Important: amazon-ssm-agent
Issue Overview: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags...
Important: gstreamer1-plugins-good
Issue Overview: GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-samples to accommodate stream-nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the...
Medium: python
Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...
Medium: python3
Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...
Important: gstreamer1
Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a lar...
Important: kernel
Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additiona...
Important: kernel
Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat CVE-2024-49884 In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UA...
Amazon Linux 2 : nerdctl (ALAS-2025-2749)
The version of nerdctl installed on the remote host is prior to 2.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2749 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization...
Amazon Linux 2 : python (ALAS-2025-2744)
The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2744 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the...
Amazon Linux 2 : qemu (ALAS-2025-2742)
The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2742 advisory. A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM...
Amazon Linux 2 : edk2 (ALAS-2025-2750)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2750 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature...
Important: kernel
Issue Overview: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory...
Amazon Linux 2 : kernel (ALAS-2025-2752)
The version of kernel installed on the remote host is prior to 4.14.256-197.484. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2752 advisory. A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls...
Important: iperf3
Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Issue Correction: Run dnf update iperf3 --releasever 2023.6.20250123 or dnf update --advisory ALAS2023-2025-812 --releasever...
Medium: perl-Module-ScanDeps
Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-090 (ALASKERNEL-5.4-2025-090)
The version of kernel installed on the remote host is prior to 5.4.286-201.385. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-090 advisory. In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity...
Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-821)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-821 advisory. openjpeg: denail of service via crafted image file CVE-2023-39328 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not teste...