Lucene search
K

1812 matches found

Amazon
Amazon
added 6 days ago5 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...

9.2CVSS6.3AI score0.03459EPSS
Exploits1
Amazon
Amazon
added 6 days ago11 views

Important: util-linux

Issue Overview: Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Affected Packages: util-linux Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

6AI score
Exploits0
Amazon
Amazon
added 6 days ago4 views

Medium: qt5-qt3d

Issue Overview: A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possib...

5.3CVSS5.2AI score0.00115EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Important: ruby

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in...

7.6CVSS5.9AI score0.00324EPSS
Exploits0
Amazon
Amazon
added 6 days ago4 views

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: No CVE associated with this advisory Affected Packages: log4j-cve-2021-44228-hotpatch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

10CVSS7.2AI score0.99999EPSS
Exploits352
Amazon
Amazon
added 2026/06/29 12:0 a.m.9 views

Medium: ecs-init

Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL...

5.8AI score
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: libsolv

Issue Overview: A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable...

7.8CVSS5.9AI score0.00399EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: bind

Issue Overview: Limit resolver server list size CVE-2026-3592 Avoid unbounded recursion loop CVE-2026-5950 Affected Packages: bind Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

5.3CVSS5.5AI score0.00551EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream's index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Comm...

9.8CVSS7.7AI score0.00163EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.16 views

Medium: nss

Issue Overview: Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150,...

7.5CVSS5.8AI score0.00269EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.13 views

Important: php

Issue Overview: In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains...

9.8CVSS6.1AI score0.00739EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.24 views

Important: thunderbird

Issue Overview: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. CVE-2026-45186 Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR...

9.8CVSS5.9AI score0.00446EPSS
Exploits1
Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: cri-tools

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.12 views

Important: PackageKit

Issue Overview: PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transacti...

8.8CVSS6AI score0.0046EPSS
Exploits10
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Medium: libXpm

Issue Overview: As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Affected Packages: libXpm Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

5.8AI score0.00129EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.10 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Important: rust

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

5.1CVSS5.8AI score0.00168EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Important: thunderbird

Issue Overview: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. CVE-2026-7321 Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and...

9.6CVSS6.2AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.18 views

Important: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in versio...

9.8CVSS5.9AI score0.34734EPSS
Exploits3
Amazon
Amazon
added 2026/05/14 12:0 a.m.19 views

Important: python-lxml

Issue Overview: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.8AI score0.00324EPSS
Exploits1
Rows per page
Query Builder