17 matches found
Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3121 (ALAS-2025-3121)
The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3572.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3121 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...
OESA-2025-2827 golang security update
. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...
Amazon Linux 2 : cri-tools, --advisory ALAS2-2025-3079 (ALAS-2025-3079)
The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2025-083 (ALASECS-2025-083)
The version of ecs-init installed on the remote host is prior to 1.101.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-083 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...
Amazon Linux 2 : golist, --advisory ALAS2-2025-3069 (ALAS-2025-3069)
The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3069 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresse...
Amazon Linux 2023 : nerdctl (ALAS2023-2025-1278)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1278 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...
Amazon Linux 2023 : runc (ALAS2023-2025-1286)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1286 advisory. Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in...
Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2025-076 (ALASNITRO-ENCLAVES-2025-076)
The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-076 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than...
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1273)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1273 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...
Important: runc
Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...
Important: docker
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: golist
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: oci-add-hooks
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: containerd
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: amazon-cloudwatch-agent
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Amazon Linux 2023 : runc (ALAS2023-2025-1263)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1263 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
Golang 1.24.x < 1.24.8 / 1.25.x < 1.25.2 Multiple Vulnerabilities (qZN5nc-mBgAJ)
The version of Golang running on the remote host is 1.24.x prior to 1.24.8, 1.25.x prior to 1.25.2. It is, therefore, affected by multiple vulnerabilities as referenced in qZN5nc-mBgAJ advisory. - The Parse function permitted values other than IPv6 addresses to be included in square brackets with...