Lucene search
K

801 matches found

Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: tomcat

Issue Overview: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomc...

7CVSS6.7AI score0.56636EPSS
Exploits15
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Important: haproxy2

Issue Overview: A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from th...

7.5CVSS6.7AI score0.1619EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Low: tomcat

Issue Overview: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5...

7.5CVSS6.9AI score0.01746EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: ansible

Issue Overview: A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by nolog feature when using the snmpfacts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this...

5.5CVSS6.6AI score0.00347EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.10 views

Important: tomcat

Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...

9.8CVSS7AI score0.99677EPSS
Exploits105
Amazon
Amazon
added 2023/09/13 12:0 a.m.4 views

Medium: php

Issue Overview: A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

5.3CVSS6.8AI score0.25951EPSS
Exploits1
Amazon
Amazon
added 2023/09/13 12:0 a.m.6 views

Medium: php

Issue Overview: A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called...

9.1CVSS7AI score0.02154EPSS
Exploits0
Amazon
Amazon
added 2023/09/13 12:0 a.m.4 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
Amazon
Amazon
added 2023/09/13 12:0 a.m.6 views

Important: php

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

9.8CVSS7.1AI score0.08003EPSS
Exploits4
Amazon
Amazon
added 2023/09/13 12:0 a.m.5 views

Medium: php

Issue Overview: A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault. CVE-2021-21708 Affected Packages: php...

9.8CVSS6.8AI score0.03002EPSS
Exploits1
Amazon
Amazon
added 2023/09/06 12:0 a.m.5 views

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the...

7.5CVSS6.9AI score0.04561EPSS
Exploits0
Amazon
Amazon
added 2023/08/21 12:0 a.m.4 views

Important: runc

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7AI score0.0125EPSS
Exploits0
Amazon
Amazon
added 2023/06/28 12:0 a.m.4 views

Important: kernel-livepatch-4.14.311-233.529

Issue Overview: An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124...

7.8CVSS6.6AI score0.00495EPSS
Exploits1
Amazon
Amazon
added 2023/05/31 12:0 a.m.4 views

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

7.8CVSS6.8AI score0.00457EPSS
Exploits2
Amazon
Amazon
added 2023/05/31 12:0 a.m.7 views

Important: kernel-livepatch-5.10.176-157.645

Issue Overview: A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. CVE-2022-4379 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch...

7.8CVSS6.7AI score0.12966EPSS
Exploits7
Amazon
Amazon
added 2023/05/31 12:0 a.m.4 views

Important: kernel-livepatch-5.10.179-166.674

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

7.8CVSS6.8AI score0.12966EPSS
Exploits7
Amazon
Amazon
added 2023/05/01 12:0 a.m.2 views

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

6.3CVSS6.8AI score0.00807EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.1 views

SUSE CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service application crash, a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset function within...

7.5CVSS7.3AI score0.00253EPSS
Exploits0References7
Amazon
Amazon
added 2023/01/23 12:0 a.m.4 views

Important: kernel-livepatch-4.14.299-223.520

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

5.5CVSS7.1AI score0.00733EPSS
Exploits0
Amazon
Amazon
added 2023/01/23 12:0 a.m.13 views

Important: kernel-livepatch-5.10.155-138.670

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function followpagepte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended ...

7.8CVSS7.3AI score0.00748EPSS
Exploits0
Rows per page
Query Builder