Lucene search
K

801 matches found

Amazon
Amazon
added 2025/07/10 12:0 a.m.4 views

Important: kernel-livepatch-4.14.355-276.639

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory CVE-2023-53137 Affected Packages: kernel-livepatch-4.14.355-276.639 Issue Correction: Please ensure you have live patching enabled. Run yum update...

6.7AI score
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.6 views

Important: kernel-livepatch-4.14.355-277.643

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory CVE-2023-53137 Affected Packages: kernel-livepatch-4.14.355-277.643 Issue Correction: Please ensure you have live patching enabled. Run yum update...

6.7AI score
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.12 views

Medium: libgepub

Issue Overview: A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop...

5.5CVSS6.7AI score0.00191EPSS
Exploits1
Amazon
Amazon
added 2025/07/10 12:0 a.m.5 views

Medium: soci-snapshotter

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: soci-snapshotter Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more abo...

6.8CVSS7AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.4 views

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon...

6.8CVSS7AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/06/24 12:0 a.m.6 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookuprec when index is 0 CVE-2023-53075 In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4xattrdeleteinode CVE-2023-53089 In the...

7.8CVSS6.6AI score0.00164EPSS
Exploits0
Amazon
Amazon
added 2025/06/24 12:0 a.m.2 views

Important: libvpx

Issue Overview: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium Duplicate: https://console.harmony.a2z.com/al-cve-eval/cve/TEMP-1106689-EC87F6 CVE-2025-528...

5.4CVSS7.5AI score0.00493EPSS
Exploits0
Amazon
Amazon
added 2025/06/24 12:0 a.m.3 views

Medium: udisks2

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: udisks2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

7CVSS7.1AI score0.00423EPSS
Exploits18
Amazon
Amazon
added 2025/06/24 12:0 a.m.4 views

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

7.5CVSS7.1AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.4 views

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.2 views

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.4 views

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.2 views

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

5.5CVSS7AI score0.00236EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.3 views

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

7.5CVSS7.8AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/06/12 12:0 a.m.3 views

Medium: ghostscript

Issue Overview: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2...

4CVSS7.1AI score0.00274EPSS
Exploits0
Amazon
Amazon
added 2025/06/12 12:0 a.m.6 views

Important: python2-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Amazon
Amazon
added 2025/06/12 12:0 a.m.4 views

Medium: perl-FCGI

Issue Overview: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in...

9.3CVSS7.4AI score0.00566EPSS
Exploits1
Amazon
Amazon
added 2025/06/12 12:0 a.m.4 views

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

7.5CVSS6.9AI score0.00667EPSS
Exploits0
Amazon
Amazon
added 2025/06/12 12:0 a.m.6 views

Important: perl-File-Find-Rule

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

8.8CVSS7.4AI score0.00736EPSS
Exploits0
Amazon
Amazon
added 2025/06/12 12:0 a.m.2 views

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

7.5CVSS6.8AI score0.00868EPSS
Exploits0
Rows per page
Query Builder