Lucene search
K

9382 matches found

Amazon
Amazon
added 2025/02/25 12:0 a.m.21 views

Medium: python-pillow

Issue Overview: PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. CVE-2014-3589 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2...

5CVSS6.8AI score0.03587EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Low: python3

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

7.5CVSS6.9AI score0.01034EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.20 views

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

5.5CVSS6.7AI score0.00296EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.18 views

Medium: python3

Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...

7.4CVSS6.5AI score0.00804EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Important: postgresql

Issue Overview: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system...

8.8CVSS7.4AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.27 views

Important: postgresql

Issue Overview: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system...

8.8CVSS8.9AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Important: emacs

Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...

7.8CVSS7.7AI score0.00526EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.20 views

Low: python-ipaddress

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

7.5CVSS7.1AI score0.01034EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Low: python-ipaddress

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

7.5CVSS6.9AI score0.01034EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.18 views

Low: python3

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

7.5CVSS7.1AI score0.01034EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.48 views

Medium: vim

Issue Overview: Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the...

4.2CVSS4.3AI score0.00261EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

5.5CVSS7AI score0.00296EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.29 views

Medium: grub2

Issue Overview: GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Affected Packages: grub2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

8.8CVSS8.4AI score0.00721EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.5 views

Medium: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...

6.8CVSS6.9AI score0.0098EPSS
Exploits1
Amazon
Amazon
added 2025/02/21 12:0 a.m.4 views

Important: libxml2

Issue Overview: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Affected Packages: libxml2 Issue Correction: Run dnf update libxml2 --releasever 2023.6.20250218 or dnf update --advisory ALAS2023-2025-862 --releasever 2023.6.20250218 to update your...

8.1CVSS8AI score0.00257EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.3 views

Medium: soci-snapshotter

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: soci-snapshotter Issue Correction: Run dnf update...

5.3CVSS8.4AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.4 views

Medium: squid

Issue Overview: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks...

7.5CVSS6.8AI score0.45289EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.7 views

Medium: harfbuzz

Issue Overview: HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function. CVE-2024-56732 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.6.20250218 or dnf update...

9.3CVSS7.3AI score0.00643EPSS
Exploits1
Amazon
Amazon
added 2025/02/21 12:0 a.m.5 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called...

7.5CVSS6.7AI score0.00687EPSS
Exploits1
Amazon
Amazon
added 2025/02/21 12:0 a.m.3 views

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

5.5CVSS6.9AI score0.00296EPSS
Exploits0
Rows per page
Query Builder