Lucene search
K

9382 matches found

Amazon
Amazon
added 2025/03/06 12:0 a.m.9 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Amazon Linux 2 : ecs-init (ALASECS-2025-049)

The version of ecs-init installed on the remote host is prior to 1.89.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-049 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resultin...

5.3CVSS7.3AI score0.00856EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.7 views

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...

5.3CVSS6.9AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init...

5.3CVSS8.4AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.16 views

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernels framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUTVSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS7AI score0.00846EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.20 views

Medium: openssl11

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

4.1CVSS4.6AI score0.00601EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Low: ecs-init

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

3.6CVSS6.7AI score0.00317EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.9 views

Important: kernel

Issue Overview: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix...

7.8CVSS6.1AI score0.00279EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.3 views

Important: kernel

Issue Overview: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquir...

7.8CVSS6.1AI score0.00279EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.6 views

Medium: gcc10-binutils

Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...

7.5CVSS6.8AI score0.00732EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.13 views

Medium: binutils

Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...

7.5CVSS6.6AI score0.00732EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.26 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done CVE-2021-47163 Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string...

7.8CVSS7.3AI score0.0028EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.21 views

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

8.1CVSS8.1AI score0.00257EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.12 views

Medium: expat

Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

5.9CVSS6.5AI score0.0104EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.5 views

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

3.1CVSS6.9AI score0.00521EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Amazon Linux 2 : docker (ALASECS-2025-048)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-048 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...

3.1CVSS7AI score0.00521EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.16 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset CVE-2024-39487 In the...

7.8CVSS7AI score0.00302EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.20 views

Medium: gcc10-binutils

Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...

7.5CVSS6.6AI score0.00732EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/01 12:0 a.m.68 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-802)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-802 advisory. In the Linux kernel, the following vulnerability has been resolved: nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' CVE-2024-36478 In the Linux kernel, the...

7.8CVSS7.1AI score0.00809EPSS
Exploits4References114
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.13 views

Amazon Linux 2 : python3 (ALAS-2025-2754)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2754 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 ...

7.5CVSS6.9AI score0.02303EPSS
Exploits1References8
Rows per page
Query Builder