Lucene search
K

9391 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.9 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1529)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1529 advisory. A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a...

5.3CVSS7AI score0.00638EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2026-3210 (ALAS-2026-3210)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3210 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has...

7.8CVSS7.2AI score0.00867EPSS
Exploits0References4
Amazon
Amazon
added 2026/04/01 12:0 a.m.11 views

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Note: This advisory i...

5.1CVSS5.9AI score0.00144EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: perl-YAML-Syck

Issue Overview: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the...

9.1CVSS6.1AI score0.00429EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.14 views

Important: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates...

8.7CVSS5.9AI score0.00375EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2023 : gstreamer1-plugins-base, gstreamer1-plugins-base-devel, gstreamer1-plugins-base-tools (ALAS2023-2026-1504)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1504 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has extracted the preceding description block directly from the tested product security...

7.8CVSS7.2AI score0.00867EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.5 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.0039EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.4 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1499)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1499 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Tenable has extracted the...

8.6CVSS7.6AI score0.00532EPSS
Exploits0References6
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

7.8CVSS7.6AI score0.00787EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Medium: gstreamer1-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and...

5.1CVSS7.2AI score0.00225EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Medium: golist

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7.1AI score0.00728EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.12 views

Amazon Linux 2 : python-pyasn1, --advisory ALAS2-2026-3215 (ALAS-2026-3215)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3215 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply neste...

7.5CVSS6.9AI score0.00679EPSS
Exploits1References4
Amazon
Amazon
added 2026/04/01 12:0 a.m.35 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values CVE-2025-71304 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue CVE-2026-23066 In the Linux kernel, the...

8.8CVSS5.3AI score0.00686EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1524)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1524 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.2AI score0.0115EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.5 views

Amazon Linux 2023 : firefox (ALAS2023-2026-1518)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1518 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3211 (ALAS-2026-3211)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3211 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...

9.8CVSS7AI score0.00671EPSS
Exploits0References86
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2 : gstreamer1-plugins-bad-free, --advisory ALAS2-2026-3222 (ALAS-2026-3222)

The version of gstreamer1-plugins-bad-free installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3222 advisory. GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allow...

7.8CVSS7.6AI score0.00787EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.3 views

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1506)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1506 advisory. Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Allocation of resources without limits or throttling in ASP.NET Core allows an...

7.5CVSS7.1AI score0.02818EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2 : rust, --advisory ALAS2-2026-3225 (ALAS-2026-3225)

The version of rust installed on the remote host is prior to 1.93.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3225 advisory. Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations wh...

8.2CVSS6AI score0.00608EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3224 (ALAS-2026-3224)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3224 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has...

7.5CVSS7.3AI score0.00225EPSS
Exploits0References4
Rows per page
Query Builder