Lucene search
K

14928 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.15 views

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1649)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1649 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of t...

7.8CVSS7.4AI score0.96775EPSS
Exploits228References16
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.12 views

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1650)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1650 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of t...

7.8CVSS7.3AI score0.96775EPSS
Exploits228References12
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-101 (ALASKERNEL-5.15-2026-101)

The version of kernel installed on the remote host is prior to 5.15.202-142.235. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-101 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operati...

7.8CVSS7.4AI score0.96775EPSS
Exploits228References12
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-113 (ALASECS-2026-113)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-113 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/05 12:0 a.m.10 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Amazon
Amazon
added 2026/05/05 12:0 a.m.8 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS7.3AI score0.16212EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/05/04 8:12 p.m.9 views

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

8.5CVSS7.3AI score0.00357EPSS
Exploits1References7Affected Software1
Securelist
Securelist
added 2026/05/04 10:0 a.m.9 views

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

Amazon WorkSpaces 安全漏洞

Amazon WorkSpaces is a fully managed, persistent desktop virtualization service provided by Amazon, Inc. It allows your users to access the data, applications, and resources they need from any supported device, at any time. Versions of Amazon WorkSpaces prior to 2.6.2034.0 contained a security...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-37137

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing error handling in the TransferManager.UploadAllFiles function allows an authenticated user to cause a daemon crash. The issue occurs during the import of a truncated or corrupted storage bucket...

6.5CVSS5.9AI score0.00394EPSS
Exploits1References16
OSV
OSV
added 2026/05/02 1:10 a.m.5 views

CLSA-2026-1777544655 rsync: Fix of 2 CVEs

CVE-2024-12086: prevent server from reading arbitrary client files via path traversal - CVE-2025-10158: fix invalid access to files array in sender - Add upstream stability fix RsyncProject/rsync PR 706: use-after-free in generator - Enable Amazon Linux 2 ELS...

6.8CVSS5.9AI score0.01761EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/30 6:35 p.m.6 views

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 6:35 p.m.20 views

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-014 (ALASGIMP-2026-014)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-014 advisory. GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to...

7.8CVSS7.7AI score0.00755EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2 : LibRaw, --advisory ALAS2-2026-3258 (ALAS-2026-3258)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3258 advisory. An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw. A specially crafted malicious...

9.8CVSS6.2AI score0.00564EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.10 views

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1629)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1629 advisory. Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an...

7.5CVSS6.5AI score0.02279EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1627)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1627 advisory. Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an...

7.5CVSS6.5AI score0.02279EPSS
Exploits0References10
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: dotnet8.0

Issue Overview: Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. CVE-2026-32178 Stack-based buffer overfl...

7.5CVSS6.2AI score0.02279EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: firefox

Issue Overview: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

9.8CVSS6AI score0.0035EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.7 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3271 (ALAS-2026-3271)

The version of thunderbird installed on the remote host is prior to 140.9.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3271 advisory. Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 an...

9.8CVSS6.2AI score0.0035EPSS
Exploits0References8
Rows per page
Query Builder