Lucene search
+L

75 matches found

Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Important: squid

Issue Overview: A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack...

9.8CVSS8.5AI score0.27246EPSS
Exploits0
Amazon
Amazon
added 2023/09/05 12:0 a.m.27 views

Medium: OpenEXR

Issue Overview: There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. CVE-2021-3479 Affected...

5.5CVSS5.9AI score0.01EPSS
Exploits0
Amazon
Amazon
added 2023/08/07 12:0 a.m.69 views

Important: cni-plugins

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: cni-plugins Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction:...

7.5CVSS7.2AI score0.04561EPSS
Exploits0
Amazon
Amazon
added 2023/07/19 12:0 a.m.58 views

Low: libcap

Issue Overview: libcap is vulnerable to a denial of service caused by the error handling in wrappthreadcreate function, which will cause memory to be leaked in the case of an error. CVE-2023-2602 Affected Packages: libcap Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

3.3CVSS6.6AI score0.0035EPSS
Exploits1
Amazon
Amazon
added 2023/06/12 12:0 a.m.37 views

Medium: python-pillow

Issue Overview: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVE-2021-25290 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the differen...

7.5CVSS7.3AI score0.02372EPSS
Exploits0
Amazon
Amazon
added 2023/03/21 12:0 a.m.39 views

Low: vim

Issue Overview: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 Affected Packages: vim Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run...

7.8CVSS7.9AI score0.00455EPSS
Exploits1
Amazon
Amazon
added 2023/03/21 12:0 a.m.30 views

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

5.5CVSS6.9AI score0.04524EPSS
Exploits1
Amazon
Amazon
added 2023/03/06 12:0 a.m.36 views

Important: xorg-x11-server

Issue Overview: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems...

8.8CVSS8.2AI score0.02685EPSS
Exploits0
Amazon
Amazon
added 2022/05/24 12:0 a.m.111 views

Critical: xmlrpc-c

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS8.7AI score0.04955EPSS
Exploits0
Amazon
Amazon
added 2022/04/27 12:0 a.m.40 views

Important: gzip, xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

8.8CVSS7.2AI score0.04271EPSS
Exploits0
Amazon
Amazon
added 2022/02/10 12:0 a.m.58 views

Critical: samba

Issue Overview: Out-of-bounds heap read/write vulnerability in VFS module vfsfruit allows code execution CVE-2021-44142 Affected Packages: samba Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

9CVSS7.9AI score0.7372EPSS
Exploits1
Amazon
Amazon
added 2021/06/23 12:0 a.m.84 views

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 A flaw was found in glibc. If an attacker provides the iconv function with invalid...

9.8CVSS7AI score0.04731EPSS
Exploits2
Amazon
Amazon
added 2021/03/20 12:0 a.m.35 views

Medium: cloud-init

Issue Overview: A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. CVE-2021-3429 Affected Packages:...

5.5CVSS5.6AI score0.00219EPSS
Exploits0
Amazon
Amazon
added 2020/10/27 12:0 a.m.37 views

Low: libpng

Issue Overview: libpng before 1.6.32 does not properly check the length of chunks against the user limit. CVE-2017-12652 Affected Packages: libpng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

9.8CVSS7.1AI score0.04113EPSS
Exploits0
Amazon
Amazon
added 2020/09/02 12:0 a.m.42 views

Important: postgresql-jdbc

Issue Overview: PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system...

7.7CVSS7.8AI score0.04094EPSS
Exploits0
Amazon
Amazon
added 2020/08/24 12:0 a.m.74 views

Medium: gnome-shell

Issue Overview: It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. CVE-2019-3820 Affected...

4.8CVSS5.4AI score0.00498EPSS
Exploits1
Amazon
Amazon
added 2020/08/24 12:0 a.m.40 views

Medium: golang

Issue Overview: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CVE-2020-15586 Affected Packages: golang Note: This advisory is...

5.9CVSS7.2AI score0.02906EPSS
Exploits0
Amazon
Amazon
added 2020/06/30 12:0 a.m.45 views

Important: nghttp2

Issue Overview: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The...

7.5CVSS7.1AI score0.05316EPSS
Exploits0
Amazon
Amazon
added 2019/12/13 12:0 a.m.49 views

Low: libsolv

Issue Overview: There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any...

6.5CVSS7AI score0.0233EPSS
Exploits3
Amazon
Amazon
added 2019/11/04 12:0 a.m.42 views

Low: unzip

Issue Overview: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.CVE-2018-18384 Affected Packages: unzip Note: This advisory is...

5.5CVSS6.4AI score0.02565EPSS
Exploits1
Rows per page
Query Builder