Lucene search
+L

1244 matches found

nessus
nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1545 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.7 views

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...

8.1CVSS5.9AI score0.00397EPSS
Exploits3References8
nessus
nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2026-1546)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1546 advisory. A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.9 views

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1579)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1579 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has extracted the preceding description block directly from the tested product security...

7.5CVSS7.3AI score0.00225EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.8 views

Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1537)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1537 advisory. In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.7 views

Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1562)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1562 advisory. Whitespace padding in filenames bypasses file upload extension checks NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w CVE-2026-33691 Tenable has extracted the...

7.5CVSS5.8AI score0.02172EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.10 views

Amazon Linux 2023 : squid (ALAS2023-2026-1569)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1569 advisory. Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References6
nessus
nessus
added 2026/04/13 12:0 a.m.13 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

7.5CVSS6.8AI score0.00621EPSS
Exploits0References18
nessus
nessus
added 2026/04/13 12:0 a.m.14 views

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1558)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1558 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...

7.1CVSS5.7AI score0.00308EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.14 views

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1549)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1549 advisory. DoS via WINPRASSERT in rtsreadauthverifiernochecks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 CVE-2026-33952 DoS via WINPRASSERT in IMA ADPCM audio decode...

8.1CVSS5.8AI score0.00426EPSS
Exploits2References20
amazon
amazon
added 2026/04/13 12:0 a.m.11 views

Important: python3.13

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
nessus
nessus
added 2026/04/13 12:0 a.m.10 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1556)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1556 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...

7.1CVSS5.7AI score0.00308EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.12 views

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1555)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1555 advisory. The webbrowser.open API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to...

7.1CVSS5.7AI score0.00308EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.2 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
nessus
nessus
added 2026/04/13 12:0 a.m.5 views

Amazon Linux 2023 : corosync, corosync-vqsim, corosynclib (ALAS2023-2026-1560)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1560 advisory. A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially craft...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References6
nessus
nessus
added 2026/04/13 12:0 a.m.2 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1574)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1574 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
nessus
nessus
added 2026/04/13 12:0 a.m.10 views

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2026-1559)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1559 advisory. In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References4
amazon
amazon
added 2026/04/13 12:0 a.m.10 views

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
nessus
nessus
added 2026/04/13 12:0 a.m.14 views

Amazon Linux 2023 : runc (ALAS2023-2026-1541)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1541 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
amazon
amazon
added 2026/04/13 12:0 a.m.7 views

Medium: vim

Issue Overview: Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.007...

7.8CVSS5.9AI score0.00177EPSS
Exploits0
Rows per page
Query Builder