Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22871 |
Description:
Nessus Plugin ID 234512 with Critical Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of golang installed on the remote host is prior to 1.23.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2825 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permit request smuggling. (CVE-2025-22871)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update golang' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234512
EPSS Score: 0.01%
April 17th, 2025 (3 days ago)
|
|
CVE-2017-9226 |
Description:
Nessus Plugin ID 234513 with Critical Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2832 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (CVE-2017-9226) A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. (CVE-2022-31631) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXP...
April 17th, 2025 (3 days ago)
|
|
CVE-2022-49179 |
Description:
Nessus Plugin ID 234515 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 4.14.355-276.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2826 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq (CVE-2022-49179) In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720) In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883) In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033) In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057) In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103) In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-5...
April 17th, 2025 (3 days ago)
|
|
CVE-2020-11879 |
Description:
Nessus Plugin ID 234518 with Medium Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of evolution installed on the remote host is prior to 3.28.5-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2833 advisory. An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) mailto?attach=... parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. (CVE-2020-11879)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update evolution' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234518
April 17th, 2025 (3 days ago)
|
|
CVE-2024-54677 |
Description:
Nessus Plugin ID 234520 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2829 advisory. Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. (CVE-2024-54677)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update tomcat' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234520
April 17th, 2025 (3 days ago)
|
|
CVE-2025-27835 |
Description:
Nessus Plugin ID 234521 with Critical Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2820 advisory. Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multiple of bytes, leading to both a read (probably benign, given the memory manager) and write buffer overflow. Info: https://bugs.ghostscript.com/show_bug.cgi?id=708131Patch: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13 (ghostpdl-10.05.0) (CVE-2025-27835) Potential print buffer overflow. Fixed in ghostpdl-10.05.0 by implementing stricter buffer length validation. Info: https://bugs.ghostscript.com/show_bug.cgi?id=708192Patch: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0) (CVE-2025-27836) Patch to error check UTF-8 conversions. Fixed in ghostpdl-10.05.0 by adding a check on the value returned by the gp_utf8_to_uint16 function. Info: https://bugs.ghostscript.com/show_bug.cgi?id=708238Patch: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=dbb9f2b11f820697e77863523a8d835ab040e5d1 (ghostpdl-10.05.0) (CVE-2...
EPSS Score: 0.02%
April 17th, 2025 (3 days ago)
|
|
CVE-2025-22868 |
Description:
Nessus Plugin ID 234522 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-056 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. (CVE-2025-22868) SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. (CVE-2025-22869)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update docker' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234522
April 17th, 2025 (3 days ago)
|
|
CVE-2023-40403 |
Description:
Nessus Plugin ID 234523 with Medium Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2831 advisory. The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. (CVE-2023-40403)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update libxslt' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234523
April 17th, 2025 (3 days ago)
|
|
CVE-2025-0395 |
Description:
Nessus Plugin ID 234526 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2828 advisory. When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. (CVE-2025-0395)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update glibc' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234526
April 17th, 2025 (3 days ago)
|
|
CVE-2025-22868 |
Description:
Nessus Plugin ID 234527 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-053 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. (CVE-2025-22868) SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. (CVE-2025-22869)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update docker' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234527
April 17th, 2025 (3 days ago)
|