Lucene search
K

9382 matches found

Amazon
Amazon
added 2024/12/12 12:0 a.m.2 views

Medium: python-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS7.6AI score0.0034EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.4 views

Medium: python-requests

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS7.6AI score0.0034EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.9 views

Amazon Linux 2022 : qt, qt-assistant, qt-common (ALAS2022-2021-006)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-006 advisory. Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution...

7.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.16 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2022-011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-011 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the...

8.5CVSS8.8AI score0.97906EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.21 views

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2024-783)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-783 advisory. An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in...

7.5CVSS7AI score0.02298EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.19 views

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-023)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-023 advisory. A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to ...

8.4CVSS7.2AI score0.01566EPSS
Exploits6References13
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.18 views

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-025)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-025 advisory. A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially craft...

8.4CVSS7.8AI score0.01541EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.26 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-784)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-784 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has...

7.8CVSS6.9AI score0.00992EPSS
Exploits2References118
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.16 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-778)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-778 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers CVE-2024-41080 In the Linux kernel, the following vulnerability ha...

7.8CVSS6.7AI score0.00333EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.10 views

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2022-009)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-009 advisory. A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196...

7.5CVSS6.9AI score0.03958EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.7 views

Amazon Linux 2022 : blas, blas64, blas64_ (ALAS2022-2022-029)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-029 advisory. An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapa...

9.1CVSS7.9AI score0.0262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.15 views

Amazon Linux 2022 : golang, golang-bin, golang-misc (ALAS2022-2021-007)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2021-007 advisory. A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten...

9.8CVSS6.8AI score0.10299EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.10 views

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2024-772)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-772 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a Transfer-Encoding\0: chunked header is...

8.4CVSS7.3AI score0.00933EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.10 views

Amazon Linux 2023 : avahi, avahi-autoipd, avahi-compat-howl (ALAS2023-2024-771)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-771 advisory. avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs CVE-2024-52616 Tenable has extracted the preceding description block...

5.3CVSS6.7AI score0.00681EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.9 views

Amazon Linux 2022 : freetype, freetype-demos, freetype-devel (ALAS2022-2022-033)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-033 advisory. A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application...

9.6CVSS8.3AI score0.5063EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.23 views

Amazon Linux 2022 : webkit2gtk3, webkit2gtk3-devel, webkit2gtk3-jsc (ALAS2022-2022-015)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-015 advisory. A use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. CVE-2021-30809 A confusion type flaw was...

8.8CVSS8.4AI score0.13486EPSS
Exploits4References35
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.33 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-003)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-003 advisory. A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system log...

10CVSS7.8AI score0.99999EPSS
Exploits347References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.35 views

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-004)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-004 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with control over Thread Context Map MDC inp...

10CVSS7.4AI score0.99999EPSS
Exploits349References3
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.16 views

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-020)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-020 advisory. A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a...

9.8CVSS7.3AI score0.02086EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.14 views

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2024-777)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-777 advisory. .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-38229 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual...

8.1CVSS8.3AI score0.03009EPSS
Exploits0References10
Rows per page
Query Builder