Lucene search
K

75 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1906)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1906 advisory. Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus ha...

5.8AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.4 views

Security update for amazon-ecs-init (important)

openSUSE security update: security update for amazon-ecs-init ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21013-1 Rating: important References: bsc1265843 bsc1266652 Cross-References: CVE-2026-33814 CVE-2026-39821 CVSS scores: CVE-2026-33814 SUS...

9.1CVSS6.6AI score0.00781EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/29 12:0 a.m.9 views

Medium: ecs-init

Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init --releasever 2023.12.20260629 or dnf update --advisory ALAS2023-2026-1906 --releasever 2023.12.20260629 to update your system. More...

5.7AI score
Exploits0
Amazon
Amazon
added 2026/06/29 12:0 a.m.10 views

Medium: ecs-init

Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/22 2:35 p.m.3 views

SUSE-SU-2026:22320-1 Security update for amazon-ecs-init

This update for amazon-ecs-init fixes the following issues Update to version 1.103.2: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265843. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded...

9.6CVSS6.9AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 2:30 p.m.2 views

OPENSUSE-SU-2026:21013-1 Security update for amazon-ecs-init

This update for amazon-ecs-init fixes the following issues Update to version 1.103.2: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265843. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded...

9.6CVSS6.9AI score0.00781EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-120 (ALASECS-2026-120)

The version of ecs-init installed on the remote host is prior to 1.103.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References16
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/29 12:0 a.m.10 views

amazon-ecs-init-1.103.2-1.1 on GA media (moderate)

amazon-ecs-init-1.103.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10871-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...

9.1CVSS5.8AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/05/28 12:0 a.m.6 views

OPENSUSE-SU-2026:10871-1 amazon-ecs-init-1.103.2-1.1 on GA media

These are all security issues fixed in the amazon-ecs-init-1.103.2-1.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/25 12:0 a.m.12 views

amazon-ecs-init-1.103.0-2.1 on GA media (moderate)

amazon-ecs-init-1.103.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10848-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
OSV
OSV
added 2026/05/24 12:0 a.m.7 views

OPENSUSE-SU-2026:10848-1 amazon-ecs-init-1.103.0-2.1 on GA media

These are all security issues fixed in the amazon-ecs-init-1.103.0-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.13 views

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)

"The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Amazon
Amazon
added 2026/03/06 12:0 a.m.8 views

Medium: ecs-init

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

10CVSS7.2AI score0.01945EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.8 views

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-097 (ALASECS-2026-097)

The version of ecs-init installed on the remote host is prior to 1.101.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-097 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, whi...

10CVSS7.3AI score0.01945EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1443)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1443 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

10CVSS7.3AI score0.01945EPSS
Exploits3References14
Amazon
Amazon
added 2026/02/18 12:0 a.m.9 views

Medium: ecs-init

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

10CVSS7.2AI score0.01945EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.6 views

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1341)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1341 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

7.5CVSS7.7AI score0.00459EPSS
Exploits2References6
Amazon
Amazon
added 2026/01/07 12:0 a.m.6 views

Important: ecs-init

Issue Overview: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is...

7.5CVSS6.6AI score0.00585EPSS
Exploits1
Amazon
Amazon
added 2026/01/07 12:0 a.m.10 views

Medium: ecs-init

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
Amazon
Amazon
added 2026/01/05 12:0 a.m.8 views

Medium: ecs-init

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.9AI score0.00459EPSS
Exploits2
Rows per page
Query Builder