Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2020-11879 |
Description:
Nessus Plugin ID 234518 with Medium Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of evolution installed on the remote host is prior to 3.28.5-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2833 advisory. An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) mailto?attach=... parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. (CVE-2020-11879)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update evolution' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234518
April 17th, 2025 (4 days ago)
|
|
CVE-2025-27111 |
Description:
Nessus Plugin ID 234519 with Medium Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2822 advisory. Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11. (CVE-2025-27111)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update pcs' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234519
CVSS: MEDIUM (6.9)
April 17th, 2025 (4 days ago)
|
|
CVE-2024-54677 |
Description:
Nessus Plugin ID 234520 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2829 advisory. Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. (CVE-2024-54677)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update tomcat' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234520
April 17th, 2025 (4 days ago)
|
|
CVE-2025-27835 |
Description:
Nessus Plugin ID 234521 with Critical Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2820 advisory. Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multiple of bytes, leading to both a read (probably benign, given the memory manager) and write buffer overflow. Info: https://bugs.ghostscript.com/show_bug.cgi?id=708131Patch: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13 (ghostpdl-10.05.0) (CVE-2025-27835) Potential print buffer overflow. Fixed in ghostpdl-10.05.0 by implementing stricter buffer length validation. Info: https://bugs.ghostscript.com/show_bug.cgi?id=708192Patch: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0) (CVE-2025-27836) Patch to error check UTF-8 conversions. Fixed in ghostpdl-10.05.0 by adding a check on the value returned by the gp_utf8_to_uint16 function. Info: https://bugs.ghostscript.com/show_bug.cgi?id=708238Patch: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=dbb9f2b11f820697e77863523a8d835ab040e5d1 (ghostpdl-10.05.0) (CVE-2...
EPSS Score: 0.02%
April 17th, 2025 (4 days ago)
|
|
CVE-2025-22868 |
Description:
Nessus Plugin ID 234522 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-056 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. (CVE-2025-22868) SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. (CVE-2025-22869)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update docker' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234522
April 17th, 2025 (4 days ago)
|
|
CVE-2023-40403 |
Description:
Nessus Plugin ID 234523 with Medium Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2831 advisory. The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. (CVE-2023-40403)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update libxslt' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234523
April 17th, 2025 (4 days ago)
|
|
CVE-2025-27144 |
Description:
Nessus Plugin ID 234524 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of nerdctl installed on the remote host is prior to 2.0.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2821 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, .) to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters. (CVE-2025-27144)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update nerdctl' to update your sy...
CVSS: MEDIUM (6.6)
April 17th, 2025 (4 days ago)
|
|
CVE-2025-27144 |
Description:
Nessus Plugin ID 234525 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-055 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, .) to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters. (CVE-2025-27144)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update containerd' to up...
CVSS: MEDIUM (6.6)
April 17th, 2025 (4 days ago)
|
|
CVE-2025-0395 |
Description:
Nessus Plugin ID 234526 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2828 advisory. When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. (CVE-2025-0395)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update glibc' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234526
April 17th, 2025 (4 days ago)
|
|
CVE-2025-22868 |
Description:
Nessus Plugin ID 234527 with High Severity
Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-053 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. (CVE-2025-22868) SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. (CVE-2025-22869)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update docker' to update your system.
Read more at https://www.tenable.com/plugins/nessus/234527
April 17th, 2025 (4 days ago)
|