Lucene search
K

801 matches found

Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

7.5CVSS7AI score0.19653EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

8.8CVSS7.5AI score0.01559EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.2 views

Medium: nss-softokn

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss-softokn Note: This advisory is applicable...

4.3CVSS8.8AI score0.00714EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Medium: jetty

Issue Overview: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reje...

5.3CVSS6.8AI score0.01069EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Medium: unbound

Issue Overview: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation...

6.5CVSS6.8AI score0.0085EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.2 views

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

7.8CVSS7.6AI score0.00563EPSS
Exploits2
Amazon
Amazon
added 2024/02/05 12:0 a.m.4 views

Important: nss

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.5AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.4 views

Medium: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error page...

6.5CVSS6.8AI score0.6005EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.9 views

Important: kernel-livepatch-4.14.328-248.540

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.4AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.2 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS7AI score0.00767EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.3 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

8.6CVSS6.8AI score0.57627EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.2 views

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update sudo or yum update --advisor...

7CVSS7AI score0.00541EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.5 views

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

6.1CVSS6.6AI score0.00892EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Low: libpq

Issue Overview: No CVE associated with this advisory Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

8.8CVSS7AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.0 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

7.8CVSS6.3AI score0.00836EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

7.8CVSS6.3AI score0.00836EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Medium: qt5-qtbase

Issue Overview: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Affected Packages: qt5-qtbase...

9.8CVSS7.3AI score0.00986EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.8AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.2 views

Low: traceroute

Issue Overview: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316 Affected Packages: traceroute Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

5.5CVSS7.1AI score0.00367EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. CVE-2023-42883 The issue was addresse...

8.8CVSS9.4AI score0.03208EPSS
Exploits0
Rows per page
Query Builder