9341 matches found
Important: python3.13-wheel
Issue Overview: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-111 (ALASKERNEL-5.10-2026-111)
The version of kernel installed on the remote host is prior to 5.10.247-246.992. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2026-111 advisory. In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075...
Amazon Linux 2 : java-1.8.0-amazon-corretto, --advisory ALAS2CORRETTO8-2026-022 (ALASCORRETTO8-2026-022)
The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2026-022 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...
Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3147 (ALAS-2026-3147)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3147 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire respon...
Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1404)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1404 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1413)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1413 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire...
Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3155 (ALAS-2026-3155)
The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3155 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program ...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)
The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...
Medium: runc
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: golist
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: containerd
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3135 (ALAS-2026-3135)
The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3135 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary Z...
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1370)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1370 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2026-095 (ALASECS-2026-095)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-095 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service whe...
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1405)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1405 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1374)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1374 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-096 (ALASDOCKER-2026-096)
The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-096 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZI...
Amazon Linux 2 : cni-plugins, --advisory ALAS2-2026-3134 (ALAS-2026-3134)
The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3134 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary...
Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2026-1389)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1389 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...