9382 matches found
Important: aws-kinesis-agent
Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...
Amazon Linux 2 : ecs-init (ALASECS-2025-049)
The version of ecs-init installed on the remote host is prior to 1.89.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-049 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resultin...
Medium: ecs-init
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...
Medium: ecs-init
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init...
Important: kernel
Issue Overview: An out-of-bounds write flaw was found in the Linux kernels framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUTVSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system...
Medium: openssl11
Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...
Low: ecs-init
Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...
Important: kernel
Issue Overview: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix...
Important: kernel
Issue Overview: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquir...
Medium: gcc10-binutils
Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...
Medium: binutils
Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done CVE-2021-47163 Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string...
Important: libxml2
Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...
Medium: expat
Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Low: docker
Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...
Amazon Linux 2 : docker (ALASECS-2025-048)
The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-048 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset CVE-2024-39487 In the...
Medium: gcc10-binutils
Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-802)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-802 advisory. In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' CVE-2024-36478 In the Linux kernel, the...
Amazon Linux 2 : python3 (ALAS-2025-2754)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2754 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 ...