Lucene search
K

14932 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.19 views

Amazon Linux 2023 : docker (ALAS2023-2026-1615)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1615 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

9.8CVSS7.3AI score0.08123EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.18 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3265 (ALAS-2026-3265)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3265 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

9.8CVSS6.1AI score0.00651EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-111 (ALASDOCKER-2026-111)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

9.8CVSS8AI score0.08123EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1598)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1598 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

9.8CVSS6AI score0.00621EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.19 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1593)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1593 advisory. SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time in the Go toolchain cmd/go due to trust layer bypass...

9.8CVSS6.4AI score0.00658EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.14 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-097 (ALASNITRO-ENCLAVES-2026-097)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-097 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

9.8CVSS8AI score0.08123EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1618)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1618 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.14 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1619)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1619 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.5 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1616)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1616 advisory. A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to...

5.5CVSS5.8AI score0.00204EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.9 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1608)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1608 advisory. A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to...

5.5CVSS5.8AI score0.00204EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1620)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1620 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...

9.1CVSS5.9AI score0.00621EPSS
Exploits0References10
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Low: nodejs22

Issue Overview: A flaw was found in zlib. An attacker providing specially crafted input to the crc32combine64 or crc32combinegen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service DoS for the...

5.5CVSS5.2AI score0.00204EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.14 views

Amazon Linux 2 : openssl, --advisory ALAS2-2026-3274 (ALAS-2026-3274)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3274 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt...

7.5CVSS5.4AI score0.00885EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-010 (ALASOPENSSL-SNAPSAFE-2026-010)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-010 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE:...

7.5CVSS5.5AI score0.00885EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.12 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-107 (ALASECS-2026-107)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-107 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in...

7.5CVSS6.9AI score0.16212EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.12 views

Amazon Linux 2 : cups, --advisory ALAS2-2026-3279 (ALAS-2026-3279)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3279 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and...

7.8CVSS6.6AI score0.00502EPSS
Exploits4References10
Amazon
Amazon
added 2026/04/30 12:0 a.m.10 views

Important: edk2

Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...

8.1CVSS5.4AI score0.00885EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: rclone

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1609)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1609 advisory. @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbound...

9.2CVSS5.7AI score0.00481EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2026-1635)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1635 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in...

7.8CVSS6.5AI score0.00502EPSS
Exploits6References14
Rows per page
Query Builder