9382 matches found
Medium: haproxy
Issue Overview: Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain...
Medium: curl
Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...
Important: jackson-databind
Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...
Medium: orc
Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...
Medium: python3-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...
Medium: python-webob
Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-796)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-796 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...
Amazon Linux 2023 : python3-tornado (ALAS2023-2025-792)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-792 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to...
Amazon Linux 2 : python-webob (ALAS-2025-2726)
The version of python-webob installed on the remote host is prior to 1.2.3-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2726 advisory. WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request...
Amazon Linux 2 : orc (ALAS-2025-2727)
The version of orc installed on the remote host is prior to 0.4.26-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2727 advisory. Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a...
Amazon Linux 2023 : jackson-databind (ALAS2023-2025-798)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-798 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is...
Amazon Linux 2023 : perl-Module-ScanDeps, perl-Module-ScanDeps-tests (ALAS2023-2025-797)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-797 advisory. Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a pesky pipe such...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-795)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-795 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...
Amazon Linux AMI : expat (ALAS-2025-1953)
The version of expat installed on the remote host is prior to 2.1.0-15.35. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1953 advisory. An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490...
Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2025-793)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-793 advisory. An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Tenable has extracted th...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-794)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-794 advisory. ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem e.g., if a Linux distribution is configured to allow unprivileged...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-059)
The version of kernel installed on the remote host is prior to 5.15.173-118.169. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-059 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs...
Amazon Linux 2 : libxml2 (ALAS-2024-2717)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2717 advisory. An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint...
Amazon Linux 2 : gnome-shell (ALAS-2024-2714)
The version of gnome-shell installed on the remote host is prior to 3.28.3-34. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2714 advisory. In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network respons...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-074)
The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...