Lucene search
K

9378 matches found

Amazon
Amazon
added 2025/04/29 12:0 a.m.1 views

Medium: kernel-livepatch-5.10.75-79.358

Issue Overview: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access t...

4.4CVSS6.4AI score0.0052EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.50 views

Amazon Linux 2023 : java-24-amazon-corretto, java-24-amazon-corretto-devel, java-24-amazon-corretto-headless (ALAS2023-2025-951)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-951 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...

7.4CVSS6.5AI score0.00688EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.22 views

Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-940)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-940 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes CVE-2025-21991 Tenable has extracted the preceding descriptio...

7.8CVSS6.2AI score0.00181EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.10 views

Amazon Linux 2 : runc (ALASDOCKER-2025-059)

The version of runc installed on the remote host is prior to 1.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-059 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...

7.5CVSS7AI score0.01544EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.11 views

Amazon Linux 2023 : binutils, binutils-devel, binutils-gprofng (ALAS2023-2025-956)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-956 advisory. A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function bfdelfgcmarkrsec of the file elflink.c of the component ld. The manipulation leads to...

5.1CVSS5AI score0.00619EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.9 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-942)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-942 advisory. c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the...

8.3CVSS7.2AI score0.00555EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.44 views

Amazon Linux 2023 : docker (ALAS2023-2025-945)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-945 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

9.1CVSS7.3AI score0.00724EPSS
Exploits0References6
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Important: kernel-livepatch-5.10.234-225.895

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-5.10.234-225.895 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.3 views

Medium: containerd

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.6 views

Medium: containerd

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

7.8CVSS7.1AI score0.00275EPSS
Exploits1
Amazon
Amazon
added 2025/04/29 12:0 a.m.4 views

Medium: docker

Issue Overview: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the...

6CVSS7.1AI score0.02839EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: docker

Issue Overview: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the...

6CVSS7.1AI score0.02839EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: libreoffice

Issue Overview: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that support...

6.7CVSS7.2AI score0.01008EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.32 views

Amazon Linux 2023 : firefox (ALAS2023-2025-943)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-943 advisory. JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after- free. This vulnerability affects Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9,...

8.1CVSS7.3AI score0.00767EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.8 views

Amazon Linux 2 : runc (ALASECS-2025-062)

The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...

8.5CVSS7.5AI score0.06604EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.8 views

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-058)

The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-058 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...

7.5CVSS7AI score0.01544EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.15 views

Amazon Linux 2 : docker (ALASECS-2025-055)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-055 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by ...

9.1CVSS7.2AI score0.00724EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.30 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-957)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-957 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the...

5.6CVSS6.3AI score0.0034EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.29 views

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2025-954)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-954 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...

7.4CVSS6.5AI score0.00688EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.17 views

Amazon Linux 2 : docker (ALASECS-2025-063)

The version of docker installed on the remote host is prior to 19.03.6ce-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-063 advisory. A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows...

6CVSS7.1AI score0.02839EPSS
Exploits0References4
Rows per page
Query Builder