Amazon Linux 2 : python-urllib3 (ALAS-2024-2653)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2653 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...

Medium: unbound

Issue Overview: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying...

Amazon Linux 2 : libtiff (ALAS-2024-2655)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2655 advisory. Multiple potential integer overflow in raw2tiff.c in libtiff = 4.5.1 can allow remote attackers to cause a denial of service...

Amazon Linux 2 : unbound (ALAS-2024-2650)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2650 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i...

Amazon Linux 2 : aws-cfn-bootstrap (ALAS-2024-2654)

The version of aws-cfn-bootstrap installed on the remote host is prior to 2.0-31. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2654 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made...

Amazon Linux 2 : python38-pip (ALASPYTHON3.8-2024-013)

The version of python38-pip installed on the remote host is prior to 21.0.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2024-013 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...

Amazon Linux 2 : runc (ALASECS-2024-044)

The version of runc installed on the remote host is prior to 1.1.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-044 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-003)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-003 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2024-048)

The version of runc installed on the remote host is prior to 1.1.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-048 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as...

Amazon Linux 2 : runc (ALASDOCKER-2024-047)

The version of runc installed on the remote host is prior to 1.1.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-047 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as...

Amazon Linux 2 : unbound (ALASUNBOUND-1.17-2024-003)

The version of unbound installed on the remote host is prior to 1.17.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-1.17-2024-003 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large...

Amazon Linux 2 : clamav (ALAS-2024-2644)

The version of clamav installed on the remote host is prior to 0.103.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2644 advisory. A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x...

Amazon Linux 2 : python-pillow (ALAS-2024-2648)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2648 advisory. Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. CVE-2020-10177 Tenable has...

Amazon Linux 2 : thunderbird (ALAS-2024-2638)

The version of thunderbird installed on the remote host is prior to 115.15.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2638 advisory. An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion,...

Amazon Linux 2 : python-dns (ALAS-2024-2647)

The version of python-dns installed on the remote host is prior to 1.12.0-4.20150617git465785f. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2647 advisory. eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS nam...

Amazon Linux 2 : libtiff (ALAS-2024-2639)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2639 advisory. libtiff: NULL pointer dereference in tifdirinfo.c CVE-2024-7006 Tenable has extracted the preceding description block directly fro...

Amazon Linux 2 : kernel (ALAS-2024-2642)

The version of kernel installed on the remote host is prior to 4.14.352-268.568. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2642 advisory. In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name...

Amazon Linux 2 : thunderbird (ALAS-2024-2640)

The version of thunderbird installed on the remote host is prior to 115.13.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2640 advisory. Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of...

Amazon Linux 2 : amazon-ssm-agent (ALAS-2024-2645)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.859.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2645 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive...