9391 matches found
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-128 (ALASECS-2026-128)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-128 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...
Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-113 (ALASNITRO-ENCLAVES-2026-113)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-113 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...
Amazon Linux 2 : rclone, --advisory ALAS2-2026-3494 (ALAS-2026-3494)
The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3494 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until...
Amazon Linux 2023 : ecs-init (ALAS2023-2026-1906)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1906 advisory. Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus ha...
Critical: rclone
Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...
Medium: ecs-init
Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL...
Important: containerd
Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...
Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1822)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1822 advisory. FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1837)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1837 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2026-3381 (ALAS-2026-3381)
The version of webkitgtk4 installed on the remote host is prior to 2.52.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3381 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7....
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1878)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1878 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-122 (ALASKERNEL-5.10-2026-122)
The version of kernel installed on the remote host is prior to 5.10.255-253.1013. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...
Amazon Linux 2 : openssl, --advisory ALAS2-2026-3365 (ALAS-2026-3365)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3365 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes i...
Amazon Linux 2 : kernel, --advisory ALAS2-2026-3374 (ALAS-2026-3374)
The version of kernel installed on the remote host is prior to 4.14.355-282.731. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3374 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions...
Amazon Linux 2 : poppler, --advisory ALAS2-2026-3362 (ALAS-2026-3362)
The version of poppler installed on the remote host is prior to 0.26.5-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3362 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1865)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1865 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...
Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3356 (ALAS-2026-3356)
The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3356 advisory. FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to...
Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-133 (ALASDOCKER-2026-133)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-133 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...
Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1869)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1869 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1863)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1863 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...