Lucene search
K

345 matches found

Amazon
Amazon
added 2024/02/06 12:0 a.m.3 views

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

6.1CVSS6.5AI score0.00892EPSS
Exploits0
Amazon
Amazon
added 2024/01/31 12:0 a.m.4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/22 12:0 a.m.10 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Important: bluez

Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL...

6.3CVSS7.7AI score0.07879EPSS
Exploits8
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Medium: ruby

Issue Overview: An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. CVE-2021-31799 Affected Packages: ruby Note:...

7CVSS7.9AI score0.0148EPSS
Exploits0
Amazon
Amazon
added 2023/09/07 12:0 a.m.3 views

Important: python3.9

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

5.3CVSS7.9AI score0.0079EPSS
Exploits0
Amazon
Amazon
added 2023/08/25 12:0 a.m.4 views

Medium: libtiff

Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available...

6.5CVSS6.9AI score0.01016EPSS
Exploits2
OSV
OSV
added 2023/07/27 12:18 p.m.9 views

SUSE-SU-2023:3006-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information bsc1213286. - CVE-2023-2985:...

7.8CVSS7.8AI score0.05794EPSS
Exploits3References67
Redos
Redos
added 2023/07/06 12:0 a.m.7 views

ROS-2-2146

2.2146 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

8.8CVSS9.2AI score0.01428EPSS
Exploits1
Redos
Redos
added 2023/07/06 12:0 a.m.6 views

ROS-2-2216

2.2216 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.1AI score0.05984EPSS
Exploits0
Amazon
Amazon
added 2023/06/27 12:0 a.m.7 views

Important: perl-Pod-Perldoc

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-Pod-Perldoc Issue Correction: Run dnf update perl-Pod-Perldoc...

8.1CVSS7.5AI score0.01742EPSS
Exploits0
NCSC
NCSC
added 2023/01/25 12:0 a.m.4 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code in the context of the browser. As usual, Google released little further substantive information released. Google has released...

8.8CVSS7.8AI score0.00736EPSS
Exploits0
NCSC
NCSC
added 2022/12/05 12:0 a.m.2 views

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

8.8CVSS7.3AI score0.16109EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.1 views

PT-2022-33638 · Linux · Kvm

Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.19.2 Description: The issue concerns the KVM's nVMX snapshot pre-VM-Enter DEBUGCTL for the !nested run pending case. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions...

7.3AI score
Exploits0References1
OSV
OSV
added 2022/04/04 3:48 p.m.8 views

SUSE-SU-2022:1105-1 Security update for util-linux

This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. bsc1194642 - Prevent root owning of /var/lib/libuuid/clock.txt. bsc1194642 - Warn if uuidd lock state is not usable. bsc1194642...

5.5CVSS6.1AI score0.00661EPSS
Exploits1References24
Amazon
Amazon
added 2022/01/28 12:0 a.m.3 views

Important: kernel

Issue Overview: A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...

5.5CVSS6.3AI score0.00519EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2016-0359)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.7AI score0.05437EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2013-0204)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.9CVSS6.7AI score0.07313EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2020/11/04 2:15 a.m.2 views

Moderate: Red Hat Enhancement Advisory: python-rtslib bug fix and enhancement update

An update for python-rtslib is now available for Red Hat Enterprise Linux 8. For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section...

7.8CVSS7.2AI score0.00339EPSS
Exploits0References4
NCSC
NCSC
added 2020/08/10 12:0 a.m.2 views

Vulnerability fixed in PostgreSQL jdbc driver

A vulnerability has been fixed in the PostgreSQL jdbc driver for Java. The so-called XML external-entity vulnerability XXE allows a locally authenticated malicious person to execute arbitrary code execute arbitrary code under database privileges. -= Red Hat =- Red Hat has made updates available f...

7.7CVSS7.5AI score0.04094EPSS
Exploits0
Rows per page
Query Builder