Lucene search
K

801 matches found

Amazon
Amazon
added 2025/04/01 12:0 a.m.6 views

Low: PackageKit

Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...

3.3CVSS6.7AI score0.00228EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.3 views

Medium: php

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

9.8CVSS7AI score0.0079EPSS
Exploits2
Amazon
Amazon
added 2025/04/01 12:0 a.m.3 views

Medium: iptraf-ng

Issue Overview: iptraf-ng 1.2.1 has a stack-based buffer overflow. CVE-2024-52949 Affected Packages: iptraf-ng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

7.5CVSS7.3AI score0.00727EPSS
Exploits1
Amazon
Amazon
added 2025/04/01 12:0 a.m.4 views

Important: kernel-livepatch-5.10.234-225.910

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00256EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.7 views

Important: libcap

Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...

6.1CVSS6.8AI score0.00149EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.10 views

Low: python-pip

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

7.5CVSS6.9AI score0.01034EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.2 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

5.6CVSS7.5AI score0.00309EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: microcode_ctl

Issue Overview: Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of processor instructions leads to unexpected behavior in the IntelR DSA V1.0 for some Intel...

6.8CVSS6.3AI score0.00223EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.2 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS7AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.24 views

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

6.5CVSS6.5AI score0.0236EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.7 views

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...

5.3CVSS6.9AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.3 views

Important: kernel

Issue Overview: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquir...

7.8CVSS6.1AI score0.00279EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.6 views

Medium: gcc10-binutils

Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...

7.5CVSS6.8AI score0.00732EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Low: ecs-init

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

3.6CVSS6.7AI score0.00317EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.4 views

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

5.5CVSS7AI score0.00296EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Low: python-ipaddress

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

7.5CVSS6.9AI score0.01034EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.10 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify CVE-2024-26852 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem...

7.8CVSS6.5AI score0.00286EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.4 views

Important: amazon-ssm-agent

Issue Overview: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags...

9.8CVSS7.4AI score0.0124EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.5 views

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

9.1CVSS7AI score0.05582EPSS
Exploits1
Amazon
Amazon
added 2025/02/04 12:0 a.m.2 views

Medium: edk2

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

4.1CVSS6.2AI score0.00601EPSS
Exploits0
Rows per page
Query Builder