Lucene search
K

801 matches found

Amazon
Amazon
added 2025/02/04 12:0 a.m.7 views

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

4.8CVSS5.6AI score0.00971EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.5 views

Important: redis

Issue Overview: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional...

9.8CVSS7.9AI score0.07802EPSS
Exploits2
Amazon
Amazon
added 2025/01/24 12:0 a.m.6 views

Medium: runfinch-finch

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 golang-jwt is a Go implementation of JSON Web Tokens. Unclear...

5.3CVSS6.8AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.5 views

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

6.5CVSS6.9AI score0.0197EPSS
Exploits1
Amazon
Amazon
added 2025/01/09 12:0 a.m.6 views

Medium: python-webob

Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...

6.1CVSS6.9AI score0.00497EPSS
Exploits1
Amazon
Amazon
added 2025/01/09 12:0 a.m.3 views

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

7.5CVSS7AI score0.01051EPSS
Exploits0
Amazon
Amazon
added 2024/12/19 12:0 a.m.5 views

Medium: glibc

Issue Overview: glibc: null pointer dereferences after failed netgroup cache insertion CVE-2024-33600 Affected Packages: glibc Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

5.9CVSS7AI score0.01216EPSS
Exploits0
Amazon
Amazon
added 2024/12/19 12:0 a.m.3 views

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

7AI score0.00393EPSS
Exploits0
Amazon
Amazon
added 2024/12/19 12:0 a.m.6 views

Medium: dovecot

Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Cor...

7.5CVSS7AI score0.01284EPSS
Exploits1
Amazon
Amazon
added 2024/12/19 12:0 a.m.3 views

Medium: python38-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS6.9AI score0.0034EPSS
Exploits0
Amazon
Amazon
added 2024/12/19 12:0 a.m.2 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes CVE-2024-38538 In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers...

7.8CVSS7.1AI score0.00333EPSS
Exploits0
Amazon
Amazon
added 2024/11/15 12:0 a.m.4 views

Important: tigervnc

Issue Overview: A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions wher...

7.8CVSS7.2AI score0.00894EPSS
Exploits0
Amazon
Amazon
added 2024/11/15 12:0 a.m.4 views

Important: xorg-x11-server

Issue Overview: A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions wher...

7.8CVSS7.2AI score0.00894EPSS
Exploits0
Amazon
Amazon
added 2024/11/15 12:0 a.m.5 views

Medium: python3-idna

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python3-idna Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

7.5CVSS7AI score0.01386EPSS
Exploits1
Amazon
Amazon
added 2024/11/15 12:0 a.m.4 views

Important: perl-App-cpanminus

Issue Overview: The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. CVE-2024-45321 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section...

9.8CVSS7.8AI score0.00737EPSS
Exploits1
Amazon
Amazon
added 2024/11/15 12:0 a.m.3 views

Medium: cloud-init

Issue Overview: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. CVE-2023-1786 Affected Packages: cloud-init Note: This advisory is applicable to Amazon Linux 2 AL2...

5.5CVSS7AI score0.00263EPSS
Exploits0
Amazon
Amazon
added 2024/11/13 12:0 a.m.4 views

Medium: python38-pip

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python38-pip Note: This advisory is applicable to Amazon Linux 2 - Python3.8 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and th...

7.5CVSS7.1AI score0.01386EPSS
Exploits1
Amazon
Amazon
added 2024/11/13 12:0 a.m.4 views

Important: firefox

Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...

7.5CVSS9.2AI score0.00701EPSS
Exploits0
Amazon
Amazon
added 2024/11/13 12:0 a.m.4 views

Important: libreoffice

Issue Overview: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before 24.2.5. CVE-2024-7788 Affected Packages: libreoffice Note: This...

7.8CVSS7AI score0.00196EPSS
Exploits0
Amazon
Amazon
added 2024/11/01 12:0 a.m.4 views

Medium: python-idna

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python-idna Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

7.5CVSS7AI score0.01386EPSS
Exploits1
Rows per page
Query Builder