9382 matches found
Medium: python-pip
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Medium: python-requests
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Amazon Linux 2022 : qt, qt-assistant, qt-common (ALAS2022-2021-006)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-006 advisory. Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...
Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2022-011)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-011 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2024-783)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-783 advisory. An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in...
Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-023)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-023 advisory. A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to ...
Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-025)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-025 advisory. A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially craft...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-784)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-784 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-778)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-778 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers CVE-2024-41080 In the Linux kernel, the following vulnerability ha...
Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-009)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-009 advisory. A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196...
Amazon Linux 2022 : blas, blas64, blas64_ (ALAS2022-2022-029)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-029 advisory. An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapa...
Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2021-007)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2021-007 advisory. A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten...
Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2024-772)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-772 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a Transfer-Encoding\0: chunked header is...
Amazon Linux 2023 : avahi, avahi-autoipd, avahi-compat-howl (ALAS2023-2024-771)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-771 advisory. avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs CVE-2024-52616 Tenable has extracted the preceding description block...
Amazon Linux 2022 : freetype, freetype-demos, freetype-devel (ALAS2022-2022-033)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-033 advisory. A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application...
Amazon Linux 2022 : webkit2gtk3, webkit2gtk3-devel, webkit2gtk3-jsc (ALAS2022-2022-015)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-015 advisory. A use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. CVE-2021-30809 A confusion type flaw was...
Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-003)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-003 advisory. A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system log...
Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-004)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-004 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with control over Thread Context Map MDC inp...
Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-020)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-020 advisory. A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2024-777)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-777 advisory. .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-38229 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual...