3307 matches found
Important: kernel
Issue Overview: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. CVE-2023-3567 In the Linux kernel, the following...
Medium: nss-softokn
Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Medium: docker
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-057)
The version of runfinch-finch installed on the remote host is prior to 1.7.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-057 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to5.2.2 and 4.5.2, the function parse.ParseUnverified split...
Amazon Linux 2 : runc (ALASECS-2025-064)
The version of runc installed on the remote host is prior to 1.0.0-0.1.20200204.gitdc9208a. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-064 advisory. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume...
Medium: containerd
Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...
Amazon Linux 2 : runc (ALASDOCKER-2025-059)
The version of runc installed on the remote host is prior to 1.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-059 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...
Amazon Linux 2 : runc (ALASECS-2025-062)
The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-100)
The version of kernel installed on the remote host is prior to 5.4.292-208.414. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-100 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap...
Amazon Linux 2 : runc (ALASECS-2025-057)
The version of runc installed on the remote host is prior to 1.1.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-057 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allow...
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-058)
The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-058 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-070)
The version of kernel installed on the remote host is prior to 5.15.180-122.191. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-070 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when...
Important: firefox
Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left...
Medium: docker
Issue Overview: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the...
Medium: docker
Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: docker Note: This advisory is applicable to Amazon...
Important: docker
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: docker
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-052)
The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-052 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, includi...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-053)
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-053 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
Amazon Linux 2 : libxslt (ALAS-2025-2823)
The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2823 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...