Lucene search
K

220 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.33 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-003)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-003 advisory. A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system log...

10CVSS7.8AI score0.99999EPSS
Exploits351References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.15 views

Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-013)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-013 advisory. An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations a...

6.5CVSS7.2AI score0.02936EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.9 views

Amazon Linux 2022 : qt, qt-assistant, qt-common (ALAS2022-2021-006)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-006 advisory. Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...

7.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.10 views

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-009)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-009 advisory. A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196...

7.5CVSS6.9AI score0.03958EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.17 views

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-020)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-020 advisory. A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a...

9.8CVSS7.3AI score0.02086EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.20 views

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-023)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-023 advisory. A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to ...

8.4CVSS7.2AI score0.01566EPSS
Exploits6References13
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.19 views

Amazon Linux 2022 : ctdb, ctdb-pcp-pmda, libsmbclient (ALAS2022-2022-022)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-022 advisory. A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was...

9CVSS8.1AI score0.74042EPSS
Exploits1References25
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.10 views

Amazon Linux 2022 : freetype, freetype-demos, freetype-devel (ALAS2022-2022-033)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-033 advisory. A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application...

9.6CVSS8.3AI score0.5063EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.17 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2022-011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-011 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the...

8.5CVSS8.8AI score0.97906EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.14 views

Amazon Linux 2022 : expat, expat-devel, expat-static (ALAS2022-2022-028)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-028 advisory. expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate...

9.8CVSS7.6AI score0.04525EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.16 views

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2021-007)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2021-007 advisory. A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten...

9.8CVSS6.8AI score0.10299EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.24 views

Amazon Linux 2022 : httpd, httpd-devel, httpd-filesystem (ALAS2022-2022-018)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-018 advisory. There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the...

9.8CVSS7.9AI score0.97108EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.15 views

Amazon Linux 2022 : libsepol, libsepol-devel, libsepol-static (ALAS2022-2022-030)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-030 advisory. The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. CVE-2021-36084 The CIL compiler in SELinux 3.2 has a...

3.3CVSS6.4AI score0.00592EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.18 views

Amazon Linux 2022 : jdom, jdom-demo, jdom-javadoc (ALAS2022-2022-010)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-010 advisory. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. CVE-2021-33813 Tenable has extracted the preceding description block directly...

7.5CVSS6.4AI score0.19442EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.21 views

Amazon Linux 2022 : expat, expat-devel, expat-static (ALAS2022-2022-017)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-017 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing...

9.8CVSS7.5AI score0.04829EPSS
Exploits2References17
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.38 views

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-128)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-128 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...

7.5CVSS6.9AI score0.01875EPSS
Exploits3References19
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.28 views

Amazon Linux 2022 : bcel, bcel-javadoc (ALAS2022-2023-275)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-275 advisory. Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitra...

9.8CVSS7.4AI score0.02836EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.35 views

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2023-269)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-269 advisory. The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a he...

7.8CVSS7.6AI score0.00423EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.37 views

Amazon Linux 2022 : python3.10, python3.10-devel, python3.10-idle (ALAS2022-2023-274)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-274 advisory. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing library, when used with the forkserver...

7.8CVSS7.7AI score0.02453EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.26 views

Amazon Linux 2022 : ruby3.1, ruby3.1-bundled-gems, ruby3.1-default-gems (ALAS2022-2023-262)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-262 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP...

8.8CVSS7.1AI score0.02287EPSS
Exploits1References3
Rows per page
Query Builder