Lucene search
K

801 matches found

Amazon
Amazon
added 2024/04/18 12:0 a.m.5 views

Important: tomcat

Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

7.5CVSS7AI score0.51547EPSS
Exploits1
Amazon
Amazon
added 2024/04/18 12:0 a.m.6 views

Medium: krb5

Issue Overview: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Affected Packages: krb5 Note: This advisory is applicable to...

7.5CVSS6.9AI score0.01128EPSS
Exploits2
Amazon
Amazon
added 2024/04/18 12:0 a.m.6 views

Important: glib2

Issue Overview: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a...

7.8CVSS6.9AI score0.00567EPSS
Exploits1
Amazon
Amazon
added 2024/04/17 12:0 a.m.4 views

Important: dnsmasq

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

7.5CVSS6.9AI score0.99995EPSS
Exploits1
Amazon
Amazon
added 2024/04/01 12:0 a.m.5 views

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

5.3CVSS6.8AI score0.00884EPSS
Exploits0
Amazon
Amazon
added 2024/03/18 12:0 a.m.4 views

Medium: pcs

Issue Overview: A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. CVE-2024-25126 A Denia...

7.5CVSS6.8AI score0.35376EPSS
Exploits2
Amazon
Amazon
added 2024/03/18 12:0 a.m.7 views

Medium: tomcat

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

7.5CVSS6.9AI score0.05848EPSS
Exploits2
Amazon
Amazon
added 2024/03/18 12:0 a.m.4 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

8.6CVSS7AI score0.88818EPSS
Exploits0
Amazon
Amazon
added 2024/03/18 12:0 a.m.4 views

Important: rust

Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section f...

7AI score
Exploits0
Amazon
Amazon
added 2024/03/18 12:0 a.m.3 views

Medium: ipa

Issue Overview: A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. CVE-2024-1481 Affected Packages: ipa Note: This advisory ...

5.3CVSS6.9AI score0.0111EPSS
Exploits1
Amazon
Amazon
added 2024/03/18 12:0 a.m.4 views

Medium: fontforge

Issue Overview: Splinefont in FontForge through 20230101 allows command injection via crafted filenames. CVE-2024-25081 Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. CVE-2024-25082 Affected Packages: fontforge Note: This advisory is...

6.5CVSS7.7AI score0.0187EPSS
Exploits2
Amazon
Amazon
added 2024/03/06 12:0 a.m.3 views

Medium: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 Affected Packages: postgresql Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit...

5.9CVSS7AI score0.01501EPSS
Exploits0
Amazon
Amazon
added 2024/03/06 12:0 a.m.3 views

Important: aws-nitro-enclaves-cli

Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Vis...

7AI score
Exploits0
Amazon
Amazon
added 2024/03/04 12:0 a.m.3 views

Medium: wpa_supplicant

Issue Overview: wpasupplicant: potential authorization bypass CVE-2023-52160 Affected Packages: wpasupplicant Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

6.5CVSS7AI score0.01177EPSS
Exploits0
Amazon
Amazon
added 2024/03/04 12:0 a.m.5 views

Important: shim

Issue Overview: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive...

8.3CVSS8.2AI score0.04852EPSS
Exploits0
Amazon
Amazon
added 2024/03/04 12:0 a.m.4 views

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

7.5CVSS6.9AI score0.99995EPSS
Exploits1
Amazon
Amazon
added 2024/03/04 12:0 a.m.5 views

Medium: xerces-c

Issue Overview: Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE page for fix status. CVE-2024-23807 Affected Packages: xerces-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

9.8CVSS8.4AI score0.09503EPSS
Exploits1
Amazon
Amazon
added 2024/02/23 12:0 a.m.4 views

Important: sudo

Issue Overview: In sudo-1.8.23-10.amzn2.3.6 Amazon Linux 2 and sudo-1.8.23-10.58.amzn1 Amazon Linux 1, a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been...

7AI score
Exploits1
Amazon
Amazon
added 2024/02/20 12:0 a.m.3 views

Low: containerd

Issue Overview: Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/02/20 12:0 a.m.4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Rows per page
Query Builder