9391 matches found
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1529)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1529 advisory. A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a...
Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2026-3210 (ALAS-2026-3210)
The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3210 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has...
Important: giflib
Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Note: This advisory i...
Important: perl-YAML-Syck
Issue Overview: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the...
Important: python3-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates...
Amazon Linux 2023 : gstreamer1-plugins-base, gstreamer1-plugins-base-devel, gstreamer1-plugins-base-tools (ALAS2023-2026-1504)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1504 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has extracted the preceding description block directly from the tested product security...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...
Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1499)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1499 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Tenable has extracted the...
Important: gstreamer1-plugins-bad-free
Issue Overview: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...
Medium: gstreamer1-plugins-good
Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and...
Medium: golist
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Amazon Linux 2 : python-pyasn1, --advisory ALAS2-2026-3215 (ALAS-2026-3215)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3215 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply neste...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values CVE-2025-71304 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue CVE-2026-23066 In the Linux kernel, the...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1524)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1524 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...
Amazon Linux 2023 : firefox (ALAS2023-2026-1518)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1518 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL...
Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3211 (ALAS-2026-3211)
The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3211 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...
Amazon Linux 2 : gstreamer1-plugins-bad-free, --advisory ALAS2-2026-3222 (ALAS-2026-3222)
The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3222 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allow...
Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1506)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1506 advisory. Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Allocation of resources without limits or throttling in ASP.NET Core allows an...
Amazon Linux 2 : rust, --advisory ALAS2-2026-3225 (ALAS-2026-3225)
The version of rust installed on the remote host is prior to 1.93.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3225 advisory. Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations wh...
Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3224 (ALAS-2026-3224)
The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3224 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has...