Lucene search
+L

818 matches found

amazon
amazon
added 6 days ago8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about...

7.8CVSS6.6AI score0.00125EPSS
Exploits20
amazon
amazon
added 6 days ago5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about...

7.8CVSS6.6AI score0.00125EPSS
Exploits20
nessus
nessus
added 2026/07/08 12:0 a.m.8 views

Amazon Linux 2 : expat, --advisory ALAS2-2026-3495 (ALAS-2026-3495)

The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3495 advisory. In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocatio...

6.9CVSS6.3AI score0.00107EPSS
Exploits0References4
nessus
nessus
added 2026/07/08 12:0 a.m.8 views

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3788 (ALAS-2026-3788)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3788 advisory. Heap buffer overflow in the Matroska MKV demuxer when calculating decompressed buffer sizes for...

7.6CVSS7.3AI score0.0031EPSS
Exploits0References8
amazon
amazon
added 2026/07/08 12:0 a.m.7 views

Important: gstreamer1-plugins-good

Issue Overview: Heap buffer overflow in the Matroska MKV demuxer when calculating decompressed buffer sizes for bz2-compressed tracks. The issue occurs due to missing parentheses in the buffer size calculation, causing incorrect memory allocation and potential out-of-bounds writes. from...

7.6CVSS6.5AI score0.0031EPSS
Exploits0
amazon
amazon
added 2026/07/08 12:0 a.m.5 views

Important: tigervnc

Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffe...

7.8CVSS6.4AI score0.00165EPSS
Exploits0
amazon
amazon
added 2026/07/08 12:0 a.m.5 views

Important: ruby

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in...

7.6CVSS5.9AI score0.00324EPSS
Exploits0
amazon
amazon
added 2026/07/08 12:0 a.m.6 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...

9.2CVSS6.3AI score0.03552EPSS
Exploits1
amazon
amazon
added 2026/07/08 12:0 a.m.4 views

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: No CVE associated with this advisory Affected Packages: log4j-cve-2021-44228-hotpatch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

10CVSS7.2AI score0.99999EPSS
Exploits354
amazon
amazon
added 2026/07/08 12:0 a.m.5 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
nessus
nessus
added 2026/06/30 12:0 a.m.9 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3494 (ALAS-2026-3494)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3494 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
amazon
amazon
added 2026/06/29 12:0 a.m.8 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.9AI score0.00701EPSS
Exploits0
amazon
amazon
added 2026/06/29 12:0 a.m.10 views

Medium: ecs-init

Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL...

5.8AI score
Exploits0
nessus
nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2026-3381 (ALAS-2026-3381)

The version of webkitgtk4 installed on the remote host is prior to 2.52.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3381 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7....

8.8CVSS6.8AI score0.00693EPSS
Exploits0References34
nessus
nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-108 (ALASKERNEL-5.15-2026-108)

The version of kernel installed on the remote host is prior to 5.15.204-143.229. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-108 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitti...

7.8CVSS5.9AI score0.00172EPSS
Exploits0References10
nessus
nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-126 (ALASECS-2026-126)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2026-126 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A...

7.5CVSS6.2AI score0.00815EPSS
Exploits1References4
nessus
nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : vim, --advisory ALAS2-2026-3368 (ALAS-2026-3368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3368 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin...

8.8CVSS6.3AI score0.00224EPSS
Exploits0References10
nessus
nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-011 (ALASOPENSSL-SNAPSAFE-2026-011)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-011 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose conte...

8.8CVSS6.8AI score0.02719EPSS
Exploits0References12
nessus
nessus
added 2026/06/22 12:0 a.m.9 views

Amazon Linux 2 : golist, --advisory ALAS2-2026-3382 (ALAS-2026-3382)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3382 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

7.5CVSS6.3AI score0.00939EPSS
Exploits0References8
nessus
nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-111 (ALASNITRO-ENCLAVES-2026-111)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-111 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-256...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
Rows per page
Query Builder