Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: radvd

Issue Overview: Stack Buffer Overflow in radvdump Route Information Option Parser NOTE: https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379 CVE-2026-48715 Affected Packages: radvd Issue Correction: Run dnf update radvd --releasever 2023.12.20260608 or dnf update...

5.4AI score0.00203EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: python3.9

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

6.1CVSS5.4AI score0.00229EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread CVE-2022-50350 In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache...

8.8CVSS4.8AI score0.00129EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

9.1CVSS5.4AI score0.00437EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: gnutls

Issue Overview: A remotely triggerable underflow in the DTLS reassembly code led to a heap overrun. The issue was reported in the issue tracker as 1811 by Joshua Rogers of AISLE Research Team. CVE-2026-33845 Affected Packages: gnutls Issue Correction: Run dnf update gnutls --releasever...

9.1CVSS5.5AI score0.00805EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: python3.13

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

6.1CVSS5.4AI score0.00229EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: ruby3.4

Issue Overview: zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously...

9.8CVSS7.5AI score0.00685EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: 389-ds-base

Issue Overview: A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of...

7.5CVSS5.4AI score0.00815EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: rsync

Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...

8.1CVSS5.7AI score0.0078EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1819 --releasever 2023.12.20260608 to update your system. More information on how to update your syste...

9.8CVSS5.4AI score0.00398EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl-Template-Toolkit

Issue Overview: emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly...

6.1CVSS5.7AI score0.00282EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: libnvsdm

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: nvlink5-580

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: libsolv

Issue Overview: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI...

7.8CVSS5.9AI score0.00399EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: libssh2

Issue Overview: A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name ...

7.5CVSS7AI score0.00466EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: postgresql16

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: postgresql18

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.7AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: postgresql15

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: postgresql17

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: jq

Issue Overview: jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow i...

8.2CVSS5.8AI score0.00559EPSS
Exploits7
Amazon
Amazon
added 2026/05/26 12:0 a.m.9 views

Important: kernel-livepatch-6.1.168-202.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.168-202.320 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
Amazon
Amazon
added 2026/05/26 12:0 a.m.9 views

Important: kernel-livepatch-5.10.253-251.1014

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.253-251.1014 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS5.8AI score0.03663EPSS
Exploits11
Amazon
Amazon
added 2026/05/26 12:0 a.m.9 views

Important: kernel-livepatch-6.18.25-52.107

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.18.25-52.107 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
Amazon
Amazon
added 2026/05/26 12:0 a.m.9 views

Important: kernel-livepatch-6.12.79-101.147

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.12.79-101.147 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS5.2AI score0.00269EPSS
Exploits3
Amazon
Amazon
added 2026/05/15 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

8.8CVSS5.4AI score0.03663EPSS
Exploits18
Amazon
Amazon
added 2026/05/14 12:0 a.m.9 views

Medium: oci-add-hooks

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/09 12:0 a.m.9 views

Important: kernel-livepatch-6.18.16-18.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: composer

Issue Overview: Command injection via malicious Perforce repository definition CVE-2026-40176 Command injection via malicious Perforce source reference/url CVE-2026-40261 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.11.20260427 or dnf update --advisory...

8.8CVSS5.8AI score0.01688EPSS
Exploits4
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: dotnet9.0

Issue Overview: Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. CVE-2026-32178 Stack-based buffer overfl...

7.5CVSS6.2AI score0.02279EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: gimp

Issue Overview: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS7.9AI score0.00755EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS6.9AI score0.16212EPSS
Exploits2
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: jetty

Issue Overview: In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A...

7.4CVSS5.4AI score0.00529EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: flatpak

Issue Overview: A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to...

10CVSS8.2AI score0.0168EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.2AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: flatpak

Issue Overview: A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to...

10CVSS8.2AI score0.0168EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

5.3CVSS5.4AI score0.00414EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

5.3CVSS5.5AI score0.00414EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: nerdctl

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS6AI score0.00651EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: OpenEXR

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that...

8.6CVSS5.5AI score0.00482EPSS
Exploits2
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.8AI score0.08123EPSS
Exploits1
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Important: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS7AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Important: amazon-cloudwatch-agent

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS7.3AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Important: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS7AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.9 views

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

7.8CVSS8AI score0.01069EPSS
Exploits2
Amazon
Amazon
added 2026/04/13 12:0 a.m.9 views

Important: python3.13

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Total number of security vulnerabilities5000