Lucene search
K

9380 matches found

Amazon
Amazon
added 2025/04/16 12:0 a.m.25 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.1AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.16 views

Low: tomcat

Issue Overview: Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are...

5.3CVSS6.8AI score0.01914EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Important: kernel-livepatch-5.10.233-223.887

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.233-223.887 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00222EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.4 views

Important: kernel-livepatch-5.10.234-225.917

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.917 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00222EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Medium: libxslt

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. CVE-2023-40403...

6.5CVSS6.2AI score0.01092EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.10 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Important: kernel-livepatch-4.14.355-275.603

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer CVE-2024-53103 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted...

7.8CVSS6.7AI score0.00237EPSS
Exploits1
Amazon
Amazon
added 2025/04/16 12:0 a.m.10 views

Important: kernel-livepatch-5.10.234-225.921

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.921 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00222EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.13 views

Medium: libxslt

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. CVE-2023-40403...

6.5CVSS6AI score0.01092EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Low: libcublas-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

3.3CVSS6.5AI score0.00241EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.9 views

Important: libxslt

Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...

7.8CVSS6.9AI score0.00324EPSS
Exploits4
Amazon
Amazon
added 2025/04/16 12:0 a.m.12 views

Important: apache-commons-vfs

Issue Overview: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the...

5CVSS7AI score0.00776EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.12 views

Important: ghostscript

Issue Overview: Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multiple of bytes, leading to both a read probably benign, given the memory manager and write buffer overflow. Info: https://bugs.ghostscript.com/showbug.cgi?id=708131...

9.8CVSS6.9AI score0.00586EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.10 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

6.9CVSS7AI score0.00699EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.13 views

Medium: evolution

Issue Overview: An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to th...

6.5CVSS7.1AI score0.02682EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

7.5CVSS6.7AI score0.00406EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.12 views

Medium: thunderbird

Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...

9.8CVSS7.4AI score0.01817EPSS
Exploits1
Amazon
Amazon
added 2025/04/16 12:0 a.m.9 views

Low: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2025-2295 Affected Packages: edk2 Note: This advisory is applicable to Amazon Linux 2...

3.5CVSS6.8AI score0.00226EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.10 views

Medium: nerdctl

Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...

8.7CVSS7.1AI score0.00369EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.3 views

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

7.5CVSS6.9AI score0.00868EPSS
Exploits0
Rows per page
Query Builder