Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.39 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-814)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-814 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for wri...

9.8CVSS7.2AI score0.43663EPSS
Exploits15References12
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.24 views

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-091)

The version of kernel installed on the remote host is prior to 5.4.288-202.389. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning...

7.8CVSS6.7AI score0.00612EPSS
Exploits1References112
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.101 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-809)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-809 advisory. In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following...

8.4CVSS6.7AI score0.00612EPSS
Exploits1References224
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.32 views

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-820)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-820 advisory. 2025-02-12: CVE-2024-11079 was removed from this advisory. 2025-02-12: The severity of this advisory has been changed from medium to low. Tenable has extracted the preceding description block directly...

5.5CVSS6.5AI score0.00502EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.25 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-078 (ALASKERNEL-5.10-2025-078)

The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-078 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...

7.8CVSS7.2AI score0.00809EPSS
Exploits2References82
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.24 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-808)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-808 advisory. Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelinesmethod would not pause writing and signal to the Protocol to drainthe buffer to the wire once the write buffer reached t...

8.7CVSS7.4AI score0.0188EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.25 views

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-818)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-818 advisory. Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code...

9.8CVSS7.3AI score0.07802EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.36 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-079 (ALASKERNEL-5.10-2025-079)

The version of kernel installed on the remote host is prior to 5.10.233-223.887. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-079 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...

7.8CVSS6.7AI score0.00612EPSS
Exploits2References178
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.43 views

Amazon Linux 2 : rsync (ALAS-2025-2731)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2731 advisory. A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an...

7.5CVSS7.5AI score0.09353EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2025/01/15 12:0 a.m.24 views

Amazon Linux AMI : rsync (ALAS-2025-1954)

The version of rsync installed on the remote host is prior to 3.0.6-12.15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1954 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...

7.5CVSS7.4AI score0.09353EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.17 views

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-800 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming...

7.5CVSS7.3AI score0.09353EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.28 views

Amazon Linux 2 : rsync (ALAS-2025-2730)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2730 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE...

7.5CVSS7.4AI score0.09353EPSS
Exploits4References12
Amazon
Amazon
added 2025/01/11 6:50 a.m.49 views

Important: rsync

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming CVE-2024-12088 Placeholder CVE. Details forthcoming CVE-2024-12747 Affected Packages:...

7.5CVSS7.2AI score0.09353EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/01/10 12:0 a.m.18 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-077)

The version of kernel installed on the remote host is prior to 5.10.228-219.884. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-077 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on...

7.5CVSS6.3AI score0.00875EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/01/10 12:0 a.m.27 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-060 (ALASKERNEL-5.15-2025-060)

The version of kernel installed on the remote host is prior to 5.15.173-118.169. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-060 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs...

7.8CVSS7.2AI score0.00875EPSS
Exploits2References124
Amazon
Amazon
added 2025/01/09 12:0 a.m.5 views

Medium: expat

Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.6.20250107 to update...

5.9CVSS7AI score0.0104EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.33 views

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

7.5CVSS7.7AI score0.01051EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.25 views

Medium: bind

Issue Overview: Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access...

7.5CVSS7.5AI score0.13108EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.6 views

Medium: exiv2

Issue Overview: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions...

5.5CVSS6.6AI score0.0024EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.27 views

Medium: exiv2

Issue Overview: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions...

5.5CVSS4.9AI score0.0024EPSS
Exploits0
Rows per page
Query Builder