Lucene search
K

9382 matches found

Amazon
Amazon
added 2025/01/09 12:0 a.m.11 views

Medium: haproxy

Issue Overview: Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain...

5.3CVSS6.8AI score0.01043EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.5 views

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

6.5CVSS6.9AI score0.0197EPSS
Exploits1
Amazon
Amazon
added 2025/01/09 12:0 a.m.5 views

Important: jackson-databind

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/01/09 12:0 a.m.10 views

Medium: orc

Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...

7CVSS7.4AI score0.00379EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.3 views

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

7.5CVSS7AI score0.01051EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.6 views

Medium: python-webob

Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...

6.1CVSS6.9AI score0.00497EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.13 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-796)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-796 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...

8.7CVSS6.4AI score0.00873EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.12 views

Amazon Linux 2023 : python3-tornado (ALAS2023-2025-792)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-792 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to...

7.5CVSS7.2AI score0.01051EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.23 views

Amazon Linux 2 : python-webob (ALAS-2025-2726)

The version of python-webob installed on the remote host is prior to 1.2.3-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2726 advisory. WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request...

6.1CVSS6.2AI score0.00497EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.17 views

Amazon Linux 2 : orc (ALAS-2025-2727)

The version of orc installed on the remote host is prior to 0.4.26-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2727 advisory. Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a...

7CVSS7.5AI score0.00379EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.15 views

Amazon Linux 2023 : jackson-databind (ALAS2023-2025-798)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-798 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is...

7.5CVSS6.3AI score0.02656EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.21 views

Amazon Linux 2023 : perl-Module-ScanDeps, perl-Module-ScanDeps-tests (ALAS2023-2025-797)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-797 advisory. Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a pesky pipe such...

7.8CVSS7.5AI score0.08598EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.12 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-795 advisory. Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the...

8.7CVSS6.4AI score0.00873EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.26 views

Amazon Linux AMI : expat (ALAS-2025-1953)

The version of expat installed on the remote host is prior to 2.1.0-15.35. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1953 advisory. An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490...

9.8CVSS6.9AI score0.01686EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.3 views

Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2025-793)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-793 advisory. An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Tenable has extracted th...

5.9CVSS7AI score0.0104EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/09 12:0 a.m.45 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-794)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-794 advisory. ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem e.g., if a Linux distribution is configured to allow unprivileged...

9.1CVSS6.7AI score0.01367EPSS
Exploits0References224
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.22 views

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-059)

The version of kernel installed on the remote host is prior to 5.15.173-118.169. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-059 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs...

7.8CVSS6.9AI score0.00333EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.12 views

Amazon Linux 2 : libxml2 (ALAS-2024-2717)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2717 advisory. An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint...

7.5CVSS7.1AI score0.02298EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.12 views

Amazon Linux 2 : gnome-shell (ALAS-2024-2714)

The version of gnome-shell installed on the remote host is prior to 3.28.3-34. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2714 advisory. In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network respons...

6.5CVSS6.7AI score0.00299EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.33 views

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-074)

The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...

7.8CVSS6.7AI score0.00333EPSS
Exploits0References8
Rows per page
Query Builder