Lucene search
K

3307 matches found

Amazon
Amazon
added 2024/03/18 12:0 a.m.24 views

Medium: fontforge

Issue Overview: Splinefont in FontForge through 20230101 allows command injection via crafted filenames. CVE-2024-25081 Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. CVE-2024-25082 Affected Packages: fontforge Note: This advisory is...

6.5CVSS6.3AI score0.0187EPSS
Exploits2
Amazon
Amazon
added 2024/03/18 12:0 a.m.5 views

Low: thunderbird

Issue Overview: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a...

7.5CVSS9AI score0.00682EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.42 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-012)

The version of tomcat installed on the remote host is prior to 9.0.83-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2024-012 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through...

7.5CVSS6.9AI score0.02651EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.28 views

Amazon Linux 2 : ipa (ALAS-2024-2498)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2498 advisory. A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a...

5.3CVSS6.2AI score0.0111EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.31 views

Amazon Linux 2 : edk2, --advisory ALAS2-2024-2502 (ALAS-2024-2502)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2502 advisory. A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash...

10CVSS7.7AI score0.95764EPSS
Exploits15References42
Amazon
Amazon
added 2024/03/18 12:0 a.m.24 views

Medium: pcs

Issue Overview: A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. CVE-2024-25126 A Denia...

7.5CVSS6.8AI score0.35376EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.36 views

Amazon Linux 2 : grub2 (ALAS-2024-2499)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2499 advisory. A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...

5.9CVSS6AI score0.00327EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.39 views

Amazon Linux 2 : rust (ALAS-2024-2496)

The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2496 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to...

9.8CVSS8.1AI score0.01546EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.31 views

Amazon Linux 2 : c-ares (ALAS-2024-2494)

The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2494 advisory. c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as...

5.5CVSS7.3AI score0.00349EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.23 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-010)

The version of libpq installed on the remote host is prior to 14.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-010 advisory. In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos...

3.7CVSS6.4AI score0.00616EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.31 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2024-010)

The version of libpq installed on the remote host is prior to 12.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-010 advisory. In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos...

3.7CVSS6.4AI score0.00616EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.14 views

Amazon Linux 2 : rust (ALAS-2024-2504)

The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2504 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE:...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.37 views

Amazon Linux 2 : squid (ALAS-2024-2500)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2500 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a...

8.6CVSS7.7AI score0.88818EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.45 views

Amazon Linux 2 : pcs (ALAS-2024-2492)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2492 advisory. A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content typ...

7.5CVSS6.5AI score0.35376EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.28 views

Amazon Linux 2 : ruby (ALAS-2024-2503)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2503 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant ...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.30 views

Amazon Linux 2 : thunderbird (ALAS-2024-2497)

The version of thunderbird installed on the remote host is prior to 115.8.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2497 advisory. The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message i...

7.5CVSS8AI score0.00682EPSS
Exploits1References4
Amazon
Amazon
added 2024/03/12 12:0 a.m.35 views

Medium: microcode_ctl

Issue Overview: Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2023-38575 Protection mechanism failure of bus lock regulator for some Intel® Processors m...

6.5CVSS6.4AI score0.0075EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.40 views

Amazon Linux 2 : microcode_ctl (ALAS-2024-2491)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2491 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized...

6.5CVSS6.8AI score0.0075EPSS
Exploits0References6
Amazon
Amazon
added 2024/03/06 12:0 a.m.4 views

Important: engrampa

Issue Overview: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlin...

9.6CVSS7.1AI score0.01652EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.25 views

Amazon Linux 2 : engrampa (ALASMATE-DESKTOP1.X-2024-008)

The version of engrampa installed on the remote host is prior to 1.24.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-008 advisory. Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal...

9.6CVSS8.4AI score0.01652EPSS
Exploits1References4
Rows per page
Query Builder