Lucene search
K

9382 matches found

Amazon
Amazon
added 2025/04/16 12:0 a.m.16 views

Low: tomcat

Issue Overview: Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are...

5.3CVSS6.8AI score0.01914EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.12 views

Medium: thunderbird

Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...

9.8CVSS7.4AI score0.01817EPSS
Exploits1
Amazon
Amazon
added 2025/04/16 12:0 a.m.6 views

Medium: thunderbird

Issue Overview: There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression i.e. if using JxlEncoderAddJPEGFrame on untrusted input does not properly check bounds i...

9.8CVSS7.2AI score0.01817EPSS
Exploits1
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Important: kernel-livepatch-4.14.355-275.603

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer CVE-2024-53103 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted...

7.8CVSS6.7AI score0.00237EPSS
Exploits1
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Important: kernel-livepatch-5.10.233-223.887

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.233-223.887 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00222EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.4 views

Important: kernel-livepatch-5.10.234-225.917

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.917 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00222EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.10 views

Important: kernel-livepatch-5.10.234-225.921

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.921 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00222EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.3 views

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

7.5CVSS6.9AI score0.00868EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.4 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

7.5CVSS6.5AI score0.00406EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.7 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.8AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.2 views

Medium: ruby3.2

Issue Overview: In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. CVE-2025-27221 Affected Packages: ruby3.2 Issue Correction: Run dnf update...

5.3CVSS7.1AI score0.00472EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.21 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-938)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-938 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 Tenable has extracted the preceding description block directly from t...

7.8CVSS6.1AI score0.00237EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.22 views

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-936)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-936 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...

9.8CVSS6.2AI score0.0079EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.25 views

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-932)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-932 advisory. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory...

7.8CVSS4AI score0.00492EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.11 views

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-927)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-927 advisory. PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info:...

9.8CVSS7.2AI score0.00586EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.15 views

Amazon Linux 2023 : docker (ALAS2023-2025-934)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-934 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable ...

7.5CVSS7.2AI score0.00868EPSS
Exploits0References6
Amazon
Amazon
added 2025/04/14 12:0 a.m.3 views

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

7.5CVSS8.7AI score0.00868EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.16 views

Amazon Linux 2023 : nerdctl (ALAS2023-2025-931)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-931 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.18 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-930)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-930 advisory. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.13 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-933)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-933 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

9.1CVSS6.9AI score0.00724EPSS
Exploits0References4
Rows per page
Query Builder