633 matches found
CVE-2026-33131
CVE-2026-33131 affects H3, a minimal HTTP framework. Versions 2.0.0-0 through 2.0.1-rc.14 expose a Host header spoofing flaw in the NodeRequestUrl/FastURL path, enabling middleware bypass when an attacker manipulates event.url properties (e.g., via Host header) so route matching succeeds but auth...
Important: runc
Issue Overview: cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to...
Medium: amazon-ecr-credential-helper
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: runc
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-087 (ALASNITRO-ENCLAVES-2026-087)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-087 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: docker
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: containerd
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-091 (ALASNITRO-ENCLAVES-2026-091)
The version of oci-add-hooks installed on the remote host is prior to 0-0.7.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-091 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of...
Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-089 (ALASNITRO-ENCLAVES-2026-089)
The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-089 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...
Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-088 (ALASNITRO-ENCLAVES-2026-088)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-088 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsin...
Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-090 (ALASNITRO-ENCLAVES-2026-090)
The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-090 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...
Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-092 (ALASNITRO-ENCLAVES-2026-092)
The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-092 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code...
[SECURITY] Fedora 42 Update: rust-eif_build-0.2.1-6.fc42
This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...
[SECURITY] Fedora 43 Update: rust-eif_build-0.2.1-6.fc43
This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...
Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2026-1371)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1371 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...
Medium: aws-nitro-enclaves-cli
Issue Overview: openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ sectio...
Medium: aws-nitro-enclaves-cli
Issue Overview: openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update aws-nitro-enclaves-cli --releasever 2023.10.20260202 or dnf update --advisory ALAS2023-2026-1371 --releasever 2023.10.202602...
Amazon Linux 2 : aws-nitro-enclaves-cli, --advisory ALAS2NITRO-ENCLAVES-2026-086 (ALASNITRO-ENCLAVES-2026-086)
The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.4.4-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2026-086 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted...
Important: docker
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...