9382 matches found
Amazon Linux 2 : gnome-shell (ALAS-2024-2714)
The version of gnome-shell installed on the remote host is prior to 3.28.3-34. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2714 advisory. In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network respons...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-074)
The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-075)
The version of kernel installed on the remote host is prior to 5.10.214-202.855. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-075 advisory. 2025-01-21: CVE-2024-26878 was added to this advisory. 2025-01-21: CVE-2024-27388 was added to this...
Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2024-017)
The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2024-017 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is...
Amazon Linux 2 : avahi (ALAS-2024-2704)
The version of avahi installed on the remote host is prior to 0.6.31-20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2704 advisory. avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-089)
The version of kernel installed on the remote host is prior to 5.4.272-185.370. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-089 advisory. 2025-01-21: CVE-2024-26851 was added to this advisory. 2025-01-21: CVE-2024-27024 was added to this...
Amazon Linux 2 : dovecot (ALAS-2024-2719)
The version of dovecot installed on the remote host is prior to 2.2.36-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2719 advisory. Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Tenabl...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-057)
The version of kernel installed on the remote host is prior to 5.15.153-100.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-057 advisory. 2025-01-21: CVE-2024-27025 was added to this advisory. 2025-01-21: CVE-2024-26901 was added to this...
Amazon Linux 2 : glibc (ALAS-2024-2718)
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2718 advisory. glibc: null pointer dereferences after failed netgroup cache insertion CVE-2024-33600 Tenable has extracted the preceding description...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2024-076 (ALASKERNEL-5.10-2024-076)
The version of kernel installed on the remote host is prior to 5.10.213-201.855. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-076 advisory. A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2024-058 (ALASKERNEL-5.15-2024-058)
The version of kernel installed on the remote host is prior to 5.15.152-100.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-058 advisory. A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the...
Amazon Linux 2 : expat (ALAS-2024-2710)
The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2710 advisory. An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-088)
The version of kernel installed on the remote host is prior to 5.4.286-201.385. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-088 advisory. In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release...
Medium: python38-pip
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs CVE-2023-52913 In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets CVE-2024-26718 In the Linux kernel, the following...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes CVE-2024-38538 In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers...
Medium: python-pip
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Medium: zziplib
Issue Overview: A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the zzipfetchdisktrailer function at /zzip/zip.c. CVE-2024-39134 Affected Packages: zziplib Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit th...
Medium: NetworkManager-libreswan
Issue Overview: A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special...
Medium: vim
Issue Overview: Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tboff positi...