14934 matches found
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1557)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1557 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...
Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1545 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...
Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2026-1546)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1546 advisory. A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded...
Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1562)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1562 advisory. Whitespace padding in filenames bypasses file upload extension checks NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w CVE-2026-33691 Tenable has extracted the...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1558)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1558 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...
Amazon Linux 2023 : squid (ALAS2023-2026-1569)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1569 advisory. Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service...
Important: python3.11
Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...
Important: python3.13
Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1584)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1584 advisory. When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore ma...
Amazon Linux 2023 : nerdctl (ALAS2023-2026-1535)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1535 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1574)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1574 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...
Amazon Linux 2023 : yq (ALAS2023-2026-1582)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...
Medium: amazon-ecr-credential-helper
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Amazon Linux 2023 : runc (ALAS2023-2026-1541)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1541 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...
Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1573)
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1573 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...
Medium: runc
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2026-1559)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1559 advisory. In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...