Lucene search
K

9382 matches found

Amazon
Amazon
added 2025/02/21 12:0 a.m.5 views

Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it...

8.5CVSS7AI score0.0104EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.3 views

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

7.5CVSS6.7AI score0.13292EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.4 views

Medium: ansible-core

Issue Overview: This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. CVE-2024-11079...

5.5CVSS8.1AI score0.00502EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.3 views

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

3.1CVSS8.4AI score0.00521EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.17 views

Amazon Linux AMI : kernel (ALAS-2025-1960)

The version of kernel installed on the remote host is prior to 4.14.355-195.591. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1960 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method...

7.8CVSS6.6AI score0.00253EPSS
Exploits0References6
Amazon
Amazon
added 2025/02/05 12:0 a.m.1 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250203 or dnf update --advisory ALAS2023-2025-830 --releasever 2023.6.20250203 to update your system. More information ...

5.6CVSS7.9AI score0.00309EPSS
Exploits0
Amazon
Amazon
added 2025/02/05 12:0 a.m.2 views

Important: kernel-livepatch-6.1.94-99.176

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-6.1.94-99.176 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS6.9AI score0.00244EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.18 views

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-837)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-837 advisory. ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wiresha...

7.8CVSS6.6AI score0.01309EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.13 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-822 advisory. Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is...

7.7CVSS6.5AI score0.01282EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.12 views

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-838)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-838 advisory. It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause...

7.5CVSS7AI score0.16182EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.12 views

Amazon Linux 2023 : nerdctl (ALAS2023-2025-833)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-833 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that...

9.1CVSS7.3AI score0.03092EPSS
Exploits2References6
Amazon
Amazon
added 2025/02/05 12:0 a.m.3 views

Important: amazon-ssm-agent

Issue Overview: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags...

9.8CVSS9.4AI score0.0124EPSS
Exploits0
Amazon
Amazon
added 2025/02/05 12:0 a.m.5 views

Important: python-virtualenv

Issue Overview: virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. CVE-2024-53899 Affected Packages: python-virtualenv Issue...

8.4CVSS8AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.13 views

Amazon Linux 2023 : python3-virtualenv (ALAS2023-2025-831)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-831 advisory. virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as...

8.4CVSS7.3AI score0.01557EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.9 views

Amazon Linux 2023 : openjpeg2, openjpeg2-devel, openjpeg2-tools (ALAS2023-2025-830)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-830 advisory. openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...

5.6CVSS7AI score0.00309EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.69 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-823)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-823 advisory. In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability ha...

7.8CVSS6.2AI score0.0028EPSS
Exploits2References72
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.20 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-836)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-836 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability h...

7.8CVSS6.3AI score0.00302EPSS
Exploits0References78
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.14 views

Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-826)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-826 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE:...

4.8CVSS6.5AI score0.00971EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.11 views

Amazon Linux AMI : less (ALAS-2025-1958)

The version of less installed on the remote host is prior to 436-13.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1958 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in...

8.6CVSS7.3AI score0.00628EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.14 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-834)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-834 advisory. 2025-02-11: CVE-2024-45338 was added to this advisory. 2025-02-11: CVE-2024-51744 was added to this advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback...

9.1CVSS7.1AI score0.03092EPSS
Exploits2References8
Rows per page
Query Builder