CyberAlerts

CVE-2019-1348

Amazon Linux 2 : git (ALAS-2025-2818)

Description: Nessus Plugin ID 234508 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of git installed on the remote host is prior to 2.23.1-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2818 advisory. A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file. (CVE-2019-1348) An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution. (CVE-2019-1349) A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1350) A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git f...

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2025-1215

Amazon Linux 2 : vim (ALAS-2025-2827)

Description: Nessus Plugin ID 234509 with Low Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2827 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. (CVE-2025-1215) Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at ...

CVSS: LOW (2.4)

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2024-11403

Amazon Linux 2 : thunderbird (ALAS-2025-2830)

Description: Nessus Plugin ID 234510 with Medium Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of thunderbird installed on the remote host is prior to 128.8.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2830 advisory. There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions. (CVE-2024-11403) An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. (CVE-2024-56431)Tenable has extracted the preceding description block directly from the tested product security advisory.No...

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2025-27144

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-052)

Description: Nessus Plugin ID 234511 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-052 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, .) to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters. (CVE-2025-27144)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update container...

CVSS: MEDIUM (6.6)

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2025-22871

Amazon Linux 2 : golang (ALAS-2025-2825)

Description: Nessus Plugin ID 234512 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of golang installed on the remote host is prior to 1.23.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2825 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permit request smuggling. (CVE-2025-22871)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update golang' to update your system. Read more at https://www.tenable.com/plugins/nessus/234512

EPSS Score: 0.02%

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2017-9226

Amazon Linux 2 : php (ALAS-2025-2832)

Description: Nessus Plugin ID 234513 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2832 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (CVE-2017-9226) A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. (CVE-2022-31631) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXP...

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2025-27363

Amazon Linux 2023 : freetype, freetype-demos, freetype-devel (ALAS2023-2025-925)

🚨 Marked as known exploited on April 17th, 2025 (4 days ago).

Description: Nessus Plugin ID 234514 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-925 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. (CVE-2025-27363)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update freetype --releasever 2023.7.20250331' to update your system. Read more at https://www.tenable.com/plugins/nessus/234514

CVSS: HIGH (8.1)

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2022-49179

Amazon Linux 2 : kernel (ALAS-2025-2826)

Description: Nessus Plugin ID 234515 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.355-276.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2826 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq (CVE-2022-49179) In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720) In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883) In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033) In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057) In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103) In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-5...

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2025-2295

Amazon Linux 2 : edk2 (ALAS-2025-2824)

Description: Nessus Plugin ID 234516 with Low Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2824 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. (CVE-2025-2295)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update edk2' to update your system. Read more at https://www.tenable.com/plugins/nessus/234516

CVSS: LOW (3.5)

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

CVE-2024-55549

Amazon Linux 2 : libxslt (ALAS-2025-2823)

Description: Nessus Plugin ID 234517 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2823 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. (CVE-2024-55549) numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. (CVE-2025-24855)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update libxslt' to update your system. Read more at https://www.tenable.com/plugins/nessus/234517

CVSS: HIGH (7.8)

Source: Tenable Plugins

April 17th, 2025 (4 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2019-1348	Amazon Linux 2 : git (ALAS-2025-2818) Description: Nessus Plugin ID 234508 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of git installed on the remote host is prior to 2.23.1-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2818 advisory. A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary files, but would not have complete control on the content of the file. (CVE-2019-1348) An improper input validation flaw was discovered in git in the way it handles git submodules. A remote attacker could abuse this flaw to trick a victim user into recursively cloning a malicious repository, which, under certain circumstances, could fool git into using the same git directory twice and potentially cause remote code execution. (CVE-2019-1349) A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1350) A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git f... Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2025-1215	Amazon Linux 2 : vim (ALAS-2025-2827) Description: Nessus Plugin ID 234509 with Low Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2827 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. (CVE-2025-1215) Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at ... CVSS: LOW (2.4) Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2024-11403	Amazon Linux 2 : thunderbird (ALAS-2025-2830) Description: Nessus Plugin ID 234510 with Medium Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of thunderbird installed on the remote host is prior to 128.8.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2830 advisory. There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions. (CVE-2024-11403) An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. (CVE-2024-56431)Tenable has extracted the preceding description block directly from the tested product security advisory.No... Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2025-27144	Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-052) Description: Nessus Plugin ID 234511 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-052 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, .) to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters. (CVE-2025-27144)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update container... CVSS: MEDIUM (6.6) Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2025-22871	Amazon Linux 2 : golang (ALAS-2025-2825) Description: Nessus Plugin ID 234512 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of golang installed on the remote host is prior to 1.23.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2825 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permit request smuggling. (CVE-2025-22871)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update golang' to update your system. Read more at https://www.tenable.com/plugins/nessus/234512 EPSS Score: 0.02% Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2017-9226	Amazon Linux 2 : php (ALAS-2025-2832) Description: Nessus Plugin ID 234513 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2832 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (CVE-2017-9226) A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. (CVE-2022-31631) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXP... Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2025-27363	Amazon Linux 2023 : freetype, freetype-demos, freetype-devel (ALAS2023-2025-925) 🚨 Marked as known exploited on April 17th, 2025 (4 days ago). Description: Nessus Plugin ID 234514 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-925 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. (CVE-2025-27363)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update freetype --releasever 2023.7.20250331' to update your system. Read more at https://www.tenable.com/plugins/nessus/234514 CVSS: HIGH (8.1) Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2022-49179	Amazon Linux 2 : kernel (ALAS-2025-2826) Description: Nessus Plugin ID 234515 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.355-276.618. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2826 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq (CVE-2022-49179) In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720) In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883) In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033) In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057) In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103) In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-5... Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2025-2295	Amazon Linux 2 : edk2 (ALAS-2025-2824) Description: Nessus Plugin ID 234516 with Low Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2824 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. (CVE-2025-2295)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update edk2' to update your system. Read more at https://www.tenable.com/plugins/nessus/234516 CVSS: LOW (3.5) Source: Tenable Plugins April 17th, 2025 (4 days ago)
CVE-2024-55549	Amazon Linux 2 : libxslt (ALAS-2025-2823) Description: Nessus Plugin ID 234517 with High Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2823 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. (CVE-2024-55549) numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. (CVE-2025-24855)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update libxslt' to update your system. Read more at https://www.tenable.com/plugins/nessus/234517 CVSS: HIGH (7.8) Source: Tenable Plugins April 17th, 2025 (4 days ago)