Lucene search
K

375 matches found

Amazon
Amazon
added 2025/02/05 12:0 a.m.5 views

Important: nodejs20

Issue Overview: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values...

7.7CVSS5.4AI score0.01327EPSS
Exploits0
Amazon
Amazon
added 2025/02/05 12:0 a.m.2 views

Important: kernel-livepatch-6.1.94-99.176

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-6.1.94-99.176 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS6.9AI score0.00244EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.7 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS8AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.3 views

Important: ansible-core

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker...

7.8CVSS7.9AI score0.005EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/01/15 12:0 a.m.17 views

Google Chrome Security Update (stable-channel-update-for-desktop_14-2025-01) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS7.1AI score0.05945EPSS
Exploits11References1
Amazon
Amazon
added 2025/01/09 12:0 a.m.10 views

Medium: nodejs

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

8.7CVSS7.6AI score0.00873EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.4 views

Important: dotnet6.0

Issue Overview: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43484 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-43485 Affected Packages: dotnet6.0 Issue...

7.5CVSS6.8AI score0.03009EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.6 views

Important: dotnet8.0

Issue Overview: .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-38229 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43484 .NET and Visual Studio Denial of...

8.1CVSS8AI score0.03009EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.12 views

Medium: python-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS5.6AI score0.0034EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/02 10:37 p.m.24 views

Security Bulletin: A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks (CVE-2023-50314)

Summary A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin...

7.5CVSS6.4AI score0.00254EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2024/11/14 12:0 a.m.6 views

Low: unbound

Issue Overview: unbound: NULL Pointer Dereference in Unbound CVE-2024-43167 unbound: Heap-Buffer-Overflow in Unbound CVE-2024-43168 Affected Packages: unbound Issue Correction: Run dnf update unbound --releasever 2023.6.20241111 or dnf update --advisory ALAS2023-2024-760 --releasever...

4.8CVSS6.9AI score0.00363EPSS
Exploits0
Amazon
Amazon
added 2024/11/14 12:0 a.m.6 views

Important: expat

Issue Overview: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Considering the tradeoff between the stability of Amazon Linux and the impact of CVE-2023-52425...

9.8CVSS7.4AI score0.01815EPSS
Exploits1
Amazon
Amazon
added 2024/10/31 12:0 a.m.6 views

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected...

6.1CVSS6.4AI score0.01176EPSS
Exploits0
Amazon
Amazon
added 2024/10/14 12:0 a.m.3 views

Medium: openssl

Issue Overview: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause...

7.5CVSS7.3AI score0.01083EPSS
Exploits0
Amazon
Amazon
added 2024/10/14 12:0 a.m.6 views

Medium: orc

Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...

7CVSS8AI score0.00379EPSS
Exploits0
Amazon
Amazon
added 2024/10/14 12:0 a.m.4 views

Low: gdb

Issue Overview: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. CVE-2023-39128 GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

5.5CVSS8.5AI score0.00289EPSS
Exploits1
Amazon
Amazon
added 2024/10/14 12:0 a.m.4 views

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

3.6CVSS4.5AI score0.00317EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2024/10/08 7:0 a.m.24 views

KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024

KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024 IMPORTANT This update will not be offered if your Windows Recovery Environment WinRE meets any of the following conditions: If the WinRE recovery partition does not have sufficient free space, se...

6.4CVSS5.8AI score0.00631EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2024/10/08 7:0 a.m.53 views

KB5046399: Windows Recovery Environment update for Windows Server 2022: October 8, 2024

KB5046399: Windows Recovery Environment update for Windows Server 2022: October 8, 2024 IMPORTANT This update will not be offered if your Windows Recovery Environment WinRE meets any of the following conditions: If the WinRE recovery partition does not have sufficient free space, see the NOTE in...

6.4CVSS5.8AI score0.00631EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/09/06 10:0 a.m.62 views

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code. While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component wa...

8.8CVSS8.9AI score0.56192EPSS
Exploits0
Rows per page
Query Builder