9341 matches found
Amazon Linux 2 : cni-plugins, --advisory ALAS2-2026-3134 (ALAS-2026-3134)
The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3134 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary...
Medium: cri-tools
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: containerd
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2026-1371)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1371 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...
Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1399)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1399 advisory. The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1402)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1402 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...
Amazon Linux 2 : capstone, --advisory ALAS2-2026-3133 (ALAS-2026-3133)
The version of capstone installed on the remote host is prior to 3.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3133 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds- checked, so a user-provide...
Amazon Linux 2 : java-17-amazon-corretto, --advisory ALAS2-2026-3140 (ALAS-2026-3140)
The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.18+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3140 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...
Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2026-1385)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1385 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE...
Medium: rsync
Issue Overview: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. CVE-2025-101...
Low: libxml2
Issue Overview: A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during...
Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1406)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1406 advisory. A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector ...
Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1421)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1421 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
Medium: amazon-ecr-credential-helper
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: runc
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Important: python-pip
Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3149 (ALAS-2026-3149)
The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3149 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...
Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3156 (ALAS-2026-3156)
The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3156 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...
Important: sox
Issue Overview: SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially crafted WAV file that causes arithmetic errors during sound file processing. CVE-2022-50798 Affect...