38 matches found
Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1880)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1880 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrad...
Amazon Linux 2023 : editorconfig, editorconfig-devel, editorconfig-libs (ALAS2023-2026-1642)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1642 advisory. editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1710)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1710 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following...
Amazon Linux 2023 : socat (ALAS2023-2026-1701)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...
Amazon Linux 2023 : PackageKit, PackageKit-command-not-found, PackageKit-cron (ALAS2023-2026-1692)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1692 advisory. A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions tha...
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...
Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1525)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1525 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...
Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2026-1389)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1389 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2026-1392)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1392 advisory. A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-1325)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1325 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...
Amazon Linux 2023 : amazon-efs-utils (ALAS2023-2025-1283)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1283 advisory. regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or...
Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2025-1217)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1217 advisory. A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior,...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-1216)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1216 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...
Amazon Linux 2023 : GraphicsMagick, GraphicsMagick-c++, GraphicsMagick-c++-devel (ALAS2023-2025-1201)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1201 advisory. ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795 ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer...
Amazon Linux 2023 : perl-JSON-XS, perl-JSON-XS-tests (ALAS2023-2025-1200)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1200 advisory. JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40928 Tenable...
Amazon Linux 2023 : cuda-cuobjdump-13 (ALAS2023NVIDIA-2025-143)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-143 advisory. Placeholder CVE. Details forthcoming CVE-2025-23280 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for th...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1161)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1161 advisory. os/exec: LookPath may return unexpected paths. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath , ., and...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2025-1152)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1152 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the serve...
Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2025-1142)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1142 advisory. An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of exrmultipart.cpp. CVE-2024-31047 Tenable has...
Amazon Linux 2023 : mod_security, mod_security-mlogc (ALAS2023-2025-1139)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1139 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If...