Lucene search
K

801 matches found

Amazon
Amazon
added 2023/12/04 12:0 a.m.6 views

Low: advancecomp

Issue Overview: advancecomp has a segmentation fault on invalid MNG size CVE-2023-2961 Affected Packages: advancecomp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Ru...

3.3CVSS7AI score0.0019EPSS
Exploits0
Amazon
Amazon
added 2023/11/16 12:0 a.m.4 views

Medium: containerd

Issue Overview: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to...

7.8CVSS7AI score0.00482EPSS
Exploits0
Amazon
Amazon
added 2023/11/16 12:0 a.m.6 views

Medium: containerd

Issue Overview: A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to...

6.8CVSS6.7AI score0.01608EPSS
Exploits2
Amazon
Amazon
added 2023/11/16 12:0 a.m.4 views

Medium: containerd

Issue Overview: The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manife...

5CVSS6.9AI score0.02085EPSS
Exploits0
Amazon
Amazon
added 2023/11/16 12:0 a.m.5 views

Medium: docker

Issue Overview: The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manife...

5CVSS6.9AI score0.02085EPSS
Exploits0
Amazon
Amazon
added 2023/11/15 12:0 a.m.3 views

Important: nerdctl

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Text nodes not in the HTML namespace are incorrectly literally rendered,...

7.5CVSS6.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/11/15 12:0 a.m.3 views

Medium: ruby

Issue Overview: A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this...

7.5CVSS6.8AI score0.03222EPSS
Exploits1
Amazon
Amazon
added 2023/11/15 12:0 a.m.2 views

Medium: vim

Issue Overview: Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function gagrowinner in in the file src/alloc.c at line 748, which is freed in the file src/exdocmd.c in the function docmdline at line 1010 and then used again in src/cmdhist...

5.5CVSS7AI score0.00366EPSS
Exploits1
Amazon
Amazon
added 2023/10/19 12:0 a.m.3 views

Medium: firefox

Issue Overview: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 Affected Packages: firefox Note: This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section...

7.5CVSS9.2AI score0.01936EPSS
Exploits0
Amazon
Amazon
added 2023/10/19 12:0 a.m.2 views

Important: runc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: runc Note: This advisory is applicable to Amazon Linux...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/10/19 12:0 a.m.4 views

Low: containerd

Issue Overview: Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/10/19 12:0 a.m.3 views

Important: firefox

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: firefox Note: This advisory is applicable to Amaz...

8.8CVSS7.4AI score0.99739EPSS
Exploits9
Amazon
Amazon
added 2023/10/19 12:0 a.m.6 views

Important: kernel

Issue Overview: A flaw was found in rsvpchange. The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an unsign int fully controlled by users, the behavior is usually a wild pointer access. CVE-2023-42755 A use-after-free vulnerability in the Linux kernel'...

7.8CVSS6.3AI score0.004EPSS
Exploits1
Amazon
Amazon
added 2023/10/17 12:0 a.m.4 views

Important: ecs-init

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/10/17 12:0 a.m.3 views

Important: runc

Issue Overview: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are...

7.5CVSS7.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/10/17 12:0 a.m.3 views

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

6.8CVSS7AI score0.03287EPSS
Exploits0
Amazon
Amazon
added 2023/10/17 12:0 a.m.10 views

Important: nginx

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Note: This advisory is applicable to Amazon Linu...

7.5CVSS8AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/10/04 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: No CVE was issued for this update. Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

7AI score
Exploits0
Amazon
Amazon
added 2023/10/04 12:0 a.m.3 views

Medium: djvulibre

Issue Overview: An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. CVE-2021-46310 Affected Packages: djvulibre Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more abo...

6.5CVSS6.9AI score0.00862EPSS
Exploits1
Amazon
Amazon
added 2023/10/04 12:0 a.m.4 views

Important: firefox

Issue Overview: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Memory corruption in IPC FilePickerShownCallback CVE-2023-4575 XLL file extensions were downloadable without warnings. CVE-2023-4581 Memory safety bug...

8.8CVSS9.7AI score0.00693EPSS
Exploits0
Rows per page
Query Builder