9382 matches found
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-814)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-814 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for wri...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-091)
The version of kernel installed on the remote host is prior to 5.4.288-202.389. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-809)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-809 advisory. In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-820)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-820 advisory. 2025-02-12: CVE-2024-11079 was removed from this advisory. 2025-02-12: The severity of this advisory has been changed from medium to low. Tenable has extracted the preceding description block directly...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-078 (ALASKERNEL-5.10-2025-078)
The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-078 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-808)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-808 advisory. Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelinesmethod would not pause writing and signal to the Protocol to drainthe buffer to the wire once the write buffer reached t...
Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-818)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-818 advisory. Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-079 (ALASKERNEL-5.10-2025-079)
The version of kernel installed on the remote host is prior to 5.10.233-223.887. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-079 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...
Amazon Linux 2 : rsync (ALAS-2025-2731)
The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2731 advisory. A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an...
Amazon Linux AMI : rsync (ALAS-2025-1954)
The version of rsync installed on the remote host is prior to 3.0.6-12.15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1954 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...
Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-800 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming...
Amazon Linux 2 : rsync (ALAS-2025-2730)
The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2730 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...
Important: rsync
Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming CVE-2024-12088 Placeholder CVE. Details forthcoming CVE-2024-12747 Affected Packages:...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-077)
The version of kernel installed on the remote host is prior to 5.10.228-219.884. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-077 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-060 (ALASKERNEL-5.15-2025-060)
The version of kernel installed on the remote host is prior to 5.15.173-118.169. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-060 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs...
Medium: expat
Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.6.20250107 to update...
Medium: python3-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...
Medium: bind
Issue Overview: Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access...
Medium: exiv2
Issue Overview: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions...
Medium: exiv2
Issue Overview: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions...