Lucene search
K

9382 matches found

Amazon
Amazon
added 2025/03/06 12:0 a.m.16 views

Medium: microcode_ctl

Issue Overview: Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of processor instructions leads to unexpected behavior in the IntelR DSA V1.0 for some Intel...

6.8CVSS5.6AI score0.00223EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: microcode_ctl

Issue Overview: Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of processor instructions leads to unexpected behavior in the IntelR DSA V1.0 for some Intel...

6.8CVSS6.3AI score0.00223EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.9 views

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Note: Th...

8.8CVSS9.3AI score0.02679EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.7 views

Important: libnvidia-container

Issue Overview: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A...

9CVSS7.4AI score0.36458EPSS
Exploits2
Amazon
Amazon
added 2025/03/06 12:0 a.m.2 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS7AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Important: kernel-livepatch-4.14.355-275.570

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun CVE-2024-49995 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing CVE-2024-50279...

7.1CVSS6.9AI score0.00262EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.2 views

Important: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a lar...

9.8CVSS8.1AI score0.01344EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.28 views

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

6.8CVSS7AI score0.06997EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Amazon Linux 2 : ecs-init (ALASECS-2025-051)

The version of ecs-init installed on the remote host is prior to 1.75.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-051 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures...

5.3CVSS7AI score0.01328EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250303 or dnf update --advisory ALAS2023-2025-875 --releasever 2023.6.20250303 to update your system. More information o...

5.6CVSS7.9AI score0.0023EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.3 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount CVE-2024-49960 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 A...

7.8CVSS6.7AI score0.00271EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.3 views

Low: cups

Issue Overview: No CVE associated with this advisory Affected Packages: cups Issue Correction: Run dnf update cups --releasever 2023.6.20250303 or dnf update --advisory ALAS2023-2025-883 --releasever 2023.6.20250303 to update your system. More information on how to update your system can be found...

7.5CVSS8.6AI score0.01473EPSS
Exploits4
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Important: postgresql16

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.6AI score0.89472EPSS
Exploits10
Amazon
Amazon
added 2025/03/06 12:0 a.m.9 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

5.4CVSS7AI score0.00465EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.31 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs...

8.4CVSS7.2AI score0.00269EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.6 views

Amazon Linux 2 : python-crypto (ALASANSIBLE2-2025-012)

It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2025-012 advisory. lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not...

7.5CVSS7.4AI score0.0211EPSS
Exploits1References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Important: postgresql

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.1AI score0.89472EPSS
Exploits10
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Important: postgresql15

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.6AI score0.89472EPSS
Exploits10
Amazon
Amazon
added 2025/03/06 12:0 a.m.24 views

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

6.5CVSS6.5AI score0.0236EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.15 views

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

5.4CVSS7AI score0.00465EPSS
Exploits0
Rows per page
Query Builder