Lucene search
K

807 matches found

Amazon
Amazon
added 2025/10/14 12:0 a.m.6 views

Important: compat-libtiff3

Issue Overview: Write-What-Where in libtiff via TIFFReadRGBAImageOriented CVE-2025-9900 Affected Packages: compat-libtiff3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

8.8CVSS7AI score0.00739EPSS
Exploits0
Amazon
Amazon
added 2025/10/14 12:0 a.m.6 views

Important: gegl

Issue Overview: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10921 Affected Packages: gegl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7.5AI score0.00452EPSS
Exploits0
Amazon
Amazon
added 2025/10/14 12:0 a.m.17 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50410 In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev...

7.8CVSS7AI score0.00192EPSS
Exploits0
Amazon
Amazon
added 2025/10/14 12:0 a.m.3 views

Medium: openssl

Issue Overview: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds...

7.5CVSS7.3AI score0.01744EPSS
Exploits0
Amazon
Amazon
added 2025/10/14 12:0 a.m.5 views

Medium: edk2

Issue Overview: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds...

7.5CVSS7.3AI score0.01744EPSS
Exploits0
Amazon
Amazon
added 2025/10/07 12:0 a.m.4 views

Critical: 389-ds-base

Issue Overview: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM...

9.1CVSS7AI score0.01827EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2025-3025 (ALAS-2025-3025)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3025 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to...

9.1CVSS8.4AI score0.00523EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.6 views

Amazon Linux 2 : ipa, --advisory ALAS2-2025-3026 (ALAS-2025-3026)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3026 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While...

9.1CVSS8.3AI score0.00523EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.7 views

Amazon Linux 2 : cups, --advisory ALAS2-2025-3012 (ALAS-2025-3012)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3012 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, ...

6.5CVSS7.5AI score0.62269EPSS
Exploits15References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.7 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3008 (ALAS-2025-3008)

The version of thunderbird installed on the remote host is prior to 140.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3008 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143,...

8.8CVSS7AI score0.01279EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.6 views

Amazon Linux 2 : openjpeg2, --advisory ALAS2-2025-3007 (ALAS-2025-3007)

The version of openjpeg2 installed on the remote host is prior to 2.4.0-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3007 advisory. openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Tenable ha...

6.5CVSS5.4AI score0.00242EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.4 views

Amazon Linux 2 : LibRaw, --advisory ALAS2-2025-3016 (ALAS-2025-3016)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3016 advisory. There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitra...

9.3CVSS8.1AI score0.00847EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.5 views

Amazon Linux 2 : GraphicsMagick, --advisory ALAS2GRAPHICSMAGICK1.3-2025-004 (ALASGRAPHICSMAGICK1.3-2025-004)

The version of GraphicsMagick installed on the remote host is prior to 1.3.45-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GRAPHICSMAGICK1.3-2025-004 advisory. ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...

9.8CVSS5.4AI score0.00413EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.5 views

Amazon Linux 2 : optipng, --advisory ALAS2-2025-3011 (ALAS-2025-3011)

The version of optipng installed on the remote host is prior to 0.7.7-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3011 advisory. OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. CVE-2023-43907 Tenable ha...

7.8CVSS7.2AI score0.00518EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.7 views

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3013 (ALAS-2025-3013)

The version of kernel installed on the remote host is prior to 4.14.355-280.695. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3013 advisory. In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 ...

7.8CVSS6.1AI score0.00181EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.6 views

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-043 (ALASFIREFOX-2025-043)

The version of firefox installed on the remote host is prior to 140.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-043 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143,...

8.8CVSS7AI score0.01279EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.3 views

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3010 (ALAS-2025-3010)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3050.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3010 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

9.1CVSS7.4AI score0.00724EPSS
Exploits0References6
Amazon
Amazon
added 2025/09/29 12:0 a.m.5 views

Medium: LibRaw

Issue Overview: There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 Affected Packages: LibRaw Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

9.3CVSS7.7AI score0.00847EPSS
Exploits1
Amazon
Amazon
added 2025/09/29 12:0 a.m.3 views

Medium: openjpeg2

Issue Overview: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

6.5CVSS7.4AI score0.00242EPSS
Exploits0
Amazon
Amazon
added 2025/09/29 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow CVE-2022-48828 In the Linux kernel, the following...

7.8CVSS7AI score0.00263EPSS
Exploits0
Rows per page
Query Builder