Lucene search
K

801 matches found

Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: ruby

Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...

9.8CVSS6.9AI score0.0387EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: ruby

Issue Overview: A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. CVE-2022-28739 Affected...

7.5CVSS7AI score0.0387EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Important: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged...

8.8CVSS7.9AI score0.11726EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Important: redis

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

8.8CVSS8.2AI score0.4292EPSS
Exploits1
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Medium: ansible

Issue Overview: A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog...

5.5CVSS6.6AI score0.00333EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.2 views

Important: haproxy2

Issue Overview: An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer,...

7.5CVSS7AI score0.04347EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Important: python38

Issue Overview: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Affected...

9.8CVSS8.3AI score0.05193EPSS
Exploits1
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Important: firefox

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug only affects Firefox for Linux. Other operating systems are...

9.8CVSS9.9AI score0.00921EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Medium: haproxy2

Issue Overview: The HAProxy Github issue describes this vulnerability as follows: Crash SEGV in httpwaitforresponse in 2.2.19, 2.2.24, and 2.2.26 because sl start line variable is NULL. CVE-2023-0056 Affected Packages: haproxy2 Note: This advisory is applicable to Amazon Linux 2 - Haproxy2 Extra...

6.5CVSS7AI score0.01834EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.3 views

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

8.8CVSS8.6AI score0.01572EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.2 views

Medium: python-paramiko

Issue Overview: In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. CVE-2022-24302 Affected Packages: python-paramiko Note: This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit...

5.9CVSS6.6AI score0.0208EPSS
Exploits1
Amazon
Amazon
added 2023/09/25 12:0 a.m.2 views

Medium: python38

Issue Overview: A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer...

9.8CVSS7.3AI score0.23293EPSS
Exploits1
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Important: mono

Issue Overview: SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version...

9.8CVSS7.7AI score0.01959EPSS
Exploits1
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Medium: emr-puppet

Issue Overview: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. CVE-2021-27025 Affected Packages: emr-puppet Note: This advisory is applicable to Amazon Linux 2 -...

6.5CVSS6.9AI score0.01149EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Important: squid

Issue Overview: A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest...

8.6CVSS6.8AI score0.08161EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.2 views

Important: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the defau...

8.8CVSS7.6AI score0.11726EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: nginx

Issue Overview: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memor...

7.8CVSS6.6AI score0.01069EPSS
Exploits2
Amazon
Amazon
added 2023/09/25 12:0 a.m.3 views

Medium: tomcat

Issue Overview: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The...

6.1CVSS7.2AI score0.05972EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Important: haproxy2

Issue Overview: A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from th...

7.5CVSS6.7AI score0.1619EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Low: tomcat

Issue Overview: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5...

7.5CVSS6.9AI score0.01746EPSS
Exploits0
Rows per page
Query Builder