816 matches found
Important: tigervnc
Issue Overview: XKB Integer Underflow in XkbSetCompatMap CVE-2026-33999 XSYNC Use-after-free in miSyncTriggerFence CVE-2026-34001 XKB Out-of-bounds read in CheckModifierMap CVE-2026-34002 XKB Buffer overflow in CheckKeyTypes CVE-2026-34003 Affected Packages: tigervnc Note: This advisory is...
Important: LibRaw
Issue Overview: A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. CVE-2026-20889 A heap-base...
Amazon Linux 2 : gstreamer-plugins-good, --advisory ALAS2-2026-3250 (ALAS-2026-3250)
The version of gstreamer-plugins-good installed on the remote host is prior to 0.10.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3250 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has...
Amazon Linux 2 : xorg-x11-server, --advisory ALAS2-2026-3268 (ALAS-2026-3268)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3268 advisory. XKB Integer Underflow in XkbSetCompatMap CVE-2026-33999 XSYNC Use-after-free in miSyncTriggerFence CVE-2026-34001 XKB Out-of-bounds read in CheckModifierMap CVE-2026-34002 XKB Buffer overflow in...
Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3256 (ALAS-2026-3256)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3256 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation director...
Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-014 (ALASGIMP-2026-014)
The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-014 advisory. GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-107 (ALASECS-2026-107)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-107 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in...
Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3265 (ALAS-2026-3265)
The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3265 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...
Amazon Linux 2 : python3-pytest, --advisory ALAS2-2026-3253 (ALAS-2026-3253)
The version of python3-pytest installed on the remote host is prior to 2.9.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3253 advisory. pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to...
Amazon Linux 2 : LibRaw, --advisory ALAS2-2026-3255 (ALAS-2026-3255)
The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3255 advisory. A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A speciall...
Important: thunderbird
Issue Overview: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
Amazon Linux 2 : libpng, --advisory ALAS2-2026-3266 (ALAS-2026-3266)
The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3266 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3271 (ALAS-2026-3271)
The version of thunderbird installed on the remote host is prior to 140.9.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3271 advisory. Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 an...
Amazon Linux 2 : jetty, --advisory ALAS2-2026-3277 (ALAS-2026-3277)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3277 advisory. In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early...
Amazon Linux 2 : python-jwcrypto, --advisory ALAS2-2026-3254 (ALAS-2026-3254)
The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3254 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker...
Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2026-3270 (ALAS-2026-3270)
The version of webkitgtk4 installed on the remote host is prior to 2.52.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3270 advisory. A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari...
Amazon Linux 2 : dovecot, --advisory ALAS2-2026-3252 (ALAS-2026-3252)
The version of dovecot installed on the remote host is prior to 2.2.36-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3252 advisory. Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can us...
Amazon Linux 2 : tigervnc, --advisory ALAS2-2026-3273 (ALAS-2026-3273)
The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3273 advisory. XKB Integer Underflow in XkbSetCompatMap CVE-2026-33999 XSYNC Use-after-free in miSyncTriggerFence CVE-2026-34001 XKB...
Amazon Linux 2 : openssl, --advisory ALAS2-2026-3274 (ALAS-2026-3274)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3274 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt...
Important: rclone
Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...