Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2023/03/20 12:0 a.m.82 views

Important: kernel

Issue Overview: Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy functions against spectre-v1. CVE-2023-0458 Use After Free vulnerability in Linux kernel traffic control index filter tcindex allow...

7.8CVSS6.5AI score0.01377EPSS
Exploits4
Amazon
Amazon
added 2023/01/20 12:0 a.m.82 views

Medium: pcs

Issue Overview: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data...

6.1CVSS6.6AI score0.87218EPSS
Exploits4
Amazon
Amazon
added 2021/12/23 12:0 a.m.82 views

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-13 will now explicitly mimic the permissions of the JVM attempting to be updated. Affected Packages: log4j-cve-2021-44228-hotpatch Issue Correction: Run yum update log4j-cve-2021-44228-hotpatch or yu...

10CVSS8.9AI score0.99999EPSS
Exploits348
Amazon
Amazon
added 2021/06/23 12:0 a.m.82 views

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 A flaw was found in glibc. If an attacker provides the iconv function with invalid...

9.8CVSS7AI score0.04731EPSS
Exploits2
Amazon
Amazon
added 2020/09/02 12:0 a.m.82 views

Medium: python3

Issue Overview: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or...

7.5CVSS7.8AI score0.12826EPSS
Exploits0
Amazon
Amazon
added 2020/07/29 12:0 a.m.82 views

Medium: curl

Issue Overview: This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' with the '-O' option and '-i' command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely...

7.8CVSS7.3AI score0.01236EPSS
Exploits1
Amazon
Amazon
added 2020/01/06 12:0 a.m.82 views

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network...

6.8CVSS7.4AI score0.03749EPSS
Exploits0
Amazon
Amazon
added 2019/07/17 12:0 a.m.82 views

Important: tomcat8

Issue Overview: The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O,...

7.5CVSS7.5AI score0.72855EPSS
Exploits3
Amazon
Amazon
added 2019/06/11 12:0 a.m.82 views

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

8.1CVSS7.4AI score0.37618EPSS
Exploits2
Amazon
Amazon
added 2019/05/16 9:48 p.m.82 views

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rdstcp kernel module loaded either through autoload via local process running listen, or manual loading could possibly cause a use after free UAF in which an attacker who is able to...

8.1CVSS8.3AI score0.04458EPSS
Exploits1
Amazon
Amazon
added 2018/02/07 12:0 a.m.82 views

Important: qemu-kvm

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

5.6CVSS7.3AI score0.74041EPSS
Exploits8
Amazon
Amazon
added 2017/01/26 12:0 a.m.82 views

Medium: php56

Issue Overview: A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or,...

9.8CVSS9.7AI score0.07031EPSS
Exploits1
Amazon
Amazon
added 2015/07/22 12:0 a.m.82 views

Important: java-1.8.0-openjdk

Issue Overview: Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-473...

10CVSS7.4AI score0.9986EPSS
Exploits1References1
Amazon
Amazon
added 2012/01/19 12:0 a.m.82 views

Medium: php

Issue Overview: It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been...

6.4CVSS9.7AI score0.83911EPSS
Exploits17References1
Amazon
Amazon
added 2024/03/04 12:0 a.m.81 views

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

7.5CVSS7.5AI score0.99995EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.81 views

Important: python

Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

9.8CVSS8.6AI score0.04268EPSS
Exploits3
Amazon
Amazon
added 2023/10/19 12:0 a.m.81 views

Important: oniguruma

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly i...

9.8CVSS8.2AI score0.07511EPSS
Exploits4
Amazon
Amazon
added 2023/10/05 12:0 a.m.81 views

Important: vim

Issue Overview: vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service DoS via the exbufferall method. CVE-2021-3236 Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVE-2023-4733 Integer Overflow or Wraparound in GitHub repository...

7.8CVSS6.8AI score0.00624EPSS
Exploits9
Amazon
Amazon
added 2023/05/16 12:0 a.m.81 views

Medium: openssl11

Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...

7.5CVSS6.8AI score0.03658EPSS
Exploits0
Amazon
Amazon
added 2023/03/06 12:0 a.m.81 views

Important: sudo

Issue Overview: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege...

7.8CVSS8.8AI score0.55367EPSS
Exploits20
Amazon
Amazon
added 2023/01/20 12:0 a.m.81 views

Important: krb5

Issue Overview: Integer overflow vulnerabilities in PAC parsing CVE-2022-42898 Affected Packages: krb5 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update kr...

8.8CVSS7.3AI score0.06419EPSS
Exploits1
Amazon
Amazon
added 2022/07/07 12:0 a.m.81 views

Medium: microcode_ctl

Issue Overview: Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 A flaw was found in hw. Processor optimization removal or modification...

5.5CVSS5.7AI score0.05899EPSS
Exploits0
Amazon
Amazon
added 2021/02/20 12:0 a.m.81 views

Important: kernel

Issue Overview: A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...

8.1CVSS6.3AI score0.06563EPSS
Exploits1
Amazon
Amazon
added 2021/01/15 12:0 a.m.81 views

Medium: mysql56

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

6.8CVSS6.6AI score0.03012EPSS
Exploits0
Amazon
Amazon
added 2020/12/16 8:31 p.m.81 views

Medium: expat

Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...

7.8CVSS2.4AI score0.07107EPSS
Exploits2
Amazon
Amazon
added 2020/12/09 12:0 a.m.81 views

Important: openssl

Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...

5.9CVSS6.9AI score0.06968EPSS
Exploits3
Amazon
Amazon
added 2020/10/28 12:0 a.m.81 views

Medium: libxml2

Issue Overview: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956 A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being...

7.5CVSS7.7AI score0.07836EPSS
Exploits0
Amazon
Amazon
added 2020/07/29 12:0 a.m.81 views

Important: tomcat8

Issue Overview: The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead...

7.5CVSS7.7AI score0.87553EPSS
Exploits1
Amazon
Amazon
added 2020/07/29 12:0 a.m.81 views

Important: qemu-kvm

Issue Overview: tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. CVE-2019-9824 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in...

6.8CVSS7.9AI score0.03566EPSS
Exploits0
Amazon
Amazon
added 2020/06/30 12:0 a.m.81 views

Low: python-urllib3

Issue Overview: No CVE associated with this advisory Affected Packages: python-urllib3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-urllib3 or...

9.8CVSS8.3AI score0.04488EPSS
Exploits0
Amazon
Amazon
added 2020/01/14 12:0 a.m.81 views

Medium: tomcat8

Issue Overview: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack ...

7.5CVSS7.1AI score0.10687EPSS
Exploits0
Amazon
Amazon
added 2019/10/18 12:0 a.m.81 views

Critical: exim

Issue Overview: Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command.CVE-2019-16928 Affected Packages: exim Issue Correction: Run yum update exim or yu...

10CVSS10AI score0.42482EPSS
Exploits4
Amazon
Amazon
added 2019/08/07 12:0 a.m.81 views

Medium: 389-ds-base

Issue Overview: 1693612: 389-ds-base: DoS via hanging secured connections It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to...

7.5CVSS6.5AI score0.08426EPSS
Exploits0
Amazon
Amazon
added 2018/01/03 12:0 a.m.81 views

Medium: curl

Issue Overview: The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and...

9.8CVSS9.8AI score0.11175EPSS
Exploits0
Amazon
Amazon
added 2016/12/15 12:0 a.m.81 views

Important: tomcat7

Issue Overview: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener Affected Packages: tomcat7 Issue Correction: Run yum update tomcat7 or yum update...

9.8CVSS8.1AI score0.90338EPSS
Exploits7
Amazon
Amazon
added 2012/10/08 12:0 a.m.81 views

Medium: kernel

Issue Overview: An integer overflow flaw was found in the i915gemdoexecbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. CVE-2012-2384, Moderate A memory leak flaw was...

7.1CVSS6.9AI score0.0285EPSS
Exploits4References1
Amazon
Amazon
added 2023/10/16 12:0 a.m.80 views

Important: golang

Issue Overview: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to...

8.1CVSS7.9AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/03/06 12:0 a.m.80 views

Medium: curl

Issue Overview: A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. CVE-2023-23914 A flaw was fou...

9.1CVSS6.8AI score0.01703EPSS
Exploits2
Amazon
Amazon
added 2022/09/20 12:0 a.m.80 views

Medium: zlib

Issue Overview: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader. CVE-2022-37434 Affected Packages: zlib Note: This advisory is...

9.8CVSS7.2AI score0.1593EPSS
Exploits1
Amazon
Amazon
added 2022/06/09 12:0 a.m.80 views

Important: kernel

Issue Overview: A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space. CVE-2022-0854 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user...

7.8CVSS7AI score0.01179EPSS
Exploits8
Amazon
Amazon
added 2021/01/26 12:0 a.m.80 views

Important: kernel

Issue Overview: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c,...

9.3CVSS7AI score0.03293EPSS
Exploits6
Amazon
Amazon
added 2020/09/04 12:0 a.m.80 views

Medium: python34, python35, python36

Issue Overview: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or...

7.5CVSS7.9AI score0.12826EPSS
Exploits0
Amazon
Amazon
added 2020/05/12 12:0 a.m.80 views

Important: kernel

Issue Overview: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIP...

5.9CVSS6.7AI score0.03097EPSS
Exploits0
Amazon
Amazon
added 2020/02/20 12:0 a.m.80 views

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.1CVSS7.4AI score0.04903EPSS
Exploits0
Amazon
Amazon
added 2016/10/12 12:0 a.m.80 views

Medium: php70

Issue Overview: ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted...

9.8CVSS9.5AI score0.11402EPSS
Exploits6
Amazon
Amazon
added 2016/09/22 12:0 a.m.80 views

Important: openssl

Issue Overview: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available...

7.8CVSS8.3AI score0.63029EPSS
Exploits3
Amazon
Amazon
added 2015/12/14 12:0 a.m.80 views

Medium: python26

Issue Overview: An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. It was discovered that multiple Python...

9.8CVSS8.5AI score0.24148EPSS
Exploits7
Amazon
Amazon
added 2015/10/20 12:0 a.m.80 views

Medium: php55

Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...

9.8CVSS9.1AI score0.46801EPSS
Exploits7
Amazon
Amazon
added 2013/04/25 12:0 a.m.80 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check...

10CVSS8.7AI score0.86963EPSS
Exploits15References1
Amazon
Amazon
added 2013/02/17 12:0 a.m.80 views

Important: java-1.7.0-openjdk

Issue Overview: Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,...

10CVSS8.8AI score0.89987EPSS
Exploits10References1
Total number of security vulnerabilities5000