Lucene search
+L

1244 matches found

nessus
nessus
added 2026/04/13 12:0 a.m.10 views

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1579)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1579 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has extracted the preceding description block directly from the tested product security...

7.5CVSS7.3AI score0.00225EPSS
Exploits0References4
nessus
nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1545 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References4
nessus
nessus
added 2026/04/02 12:0 a.m.10 views

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1519)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1519 advisory. A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 SS4.1.11. When a JWS token contains a crit array listing...

7.5CVSS7.1AI score0.00269EPSS
Exploits1References4
amazon
amazon
added 2026/04/01 12:0 a.m.10 views

Low: python3.12-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
nessus
nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1526)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1526 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.1AI score0.0115EPSS
Exploits0References14
nessus
nessus
added 2026/04/01 12:0 a.m.9 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1529)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1529 advisory. A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a...

5.3CVSS7AI score0.00638EPSS
Exploits1References4
nessus
nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1524)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1524 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.2AI score0.0115EPSS
Exploits0References12
nessus
nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1530)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1530 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.0039EPSS
Exploits1References4
nessus
nessus
added 2026/04/01 12:0 a.m.4 views

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1505)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1505 advisory. Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Tenable has extracted the preceding description block...

7.5CVSS5.9AI score0.02818EPSS
Exploits0References4
nessus
nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2023 : firefox (ALAS2023-2026-1518)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1518 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References8
nessus
nessus
added 2026/04/01 12:0 a.m.5 views

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1531 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...

2CVSS5.9AI score0.0039EPSS
Exploits1References4
nessus
nessus
added 2026/04/01 12:0 a.m.3 views

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2026-1508)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1508 advisory. Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but...

7CVSS5.9AI score0.00144EPSS
Exploits0References4
nessus
nessus
added 2026/04/01 12:0 a.m.7 views

Amazon Linux 2023 : gstreamer1-plugins-base, gstreamer1-plugins-base-devel, gstreamer1-plugins-base-tools (ALAS2023-2026-1504)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1504 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has extracted the preceding description block directly from the tested product security...

7.8CVSS7.2AI score0.00867EPSS
Exploits0References4
nessus
nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1503)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1503 advisory. Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085...

8.8CVSS7.4AI score0.00828EPSS
Exploits0References6
amazon
amazon
added 2026/04/01 12:0 a.m.8 views

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Issue Correction: Run dnf update gstreamer1-plugins-base --releasever 2023.10.20260330 or dnf update --advisory ALAS2023-2026-1504...

7.8CVSS7.1AI score0.00867EPSS
Exploits0
nessus
nessus
added 2026/04/01 12:0 a.m.16 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1501)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1501 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.5AI score0.0052EPSS
Exploits0References8
nessus
nessus
added 2026/04/01 12:0 a.m.17 views

Amazon Linux 2023 : golist (ALAS2023-2026-1513)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1513 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

7.5CVSS7.5AI score0.0052EPSS
Exploits0References8
amazon
amazon
added 2026/04/01 12:0 a.m.11 views

Medium: golist

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7.1AI score0.0052EPSS
Exploits0
nessus
nessus
added 2026/04/01 12:0 a.m.3 views

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1506)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1506 advisory. Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Allocation of resources without limits or throttling in ASP.NET Core allows an...

7.5CVSS7.1AI score0.02818EPSS
Exploits0References6
nessus
nessus
added 2026/04/01 12:0 a.m.9 views

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1511)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1511 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to ...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References4
Rows per page
Query Builder