Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
•added 2025/06/12 12:0 a.m.•9 views

Important: python2-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Amazon
Amazon
•added 2025/06/10 12:0 a.m.•9 views

Important: glibc

Issue Overview: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to...

7.8CVSS7.1AI score0.0039EPSS
Exploits1
Amazon
Amazon
•added 2025/06/10 12:0 a.m.•9 views

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

7.5CVSS9.5AI score0.00868EPSS
Exploits0
Amazon
Amazon
•added 2025/06/02 12:0 a.m.•9 views

Medium: golang

Issue Overview: A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". When exploited, this vulnerability...

6.6AI score0.00238EPSS
Exploits0
Amazon
Amazon
•added 2025/05/29 12:0 a.m.•9 views

Medium: python-requests

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS6.9AI score0.0034EPSS
Exploits0
Amazon
Amazon
•added 2025/05/29 12:0 a.m.•9 views

Important: soci-snapshotter

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
•added 2025/05/29 12:0 a.m.•9 views

Important: pcs

Issue Overview: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to se...

7.5CVSS6.7AI score0.00911EPSS
Exploits0
Amazon
Amazon
•added 2025/05/29 12:0 a.m.•9 views

Important: thunderbird

Issue Overview: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This...

7.5CVSS7.1AI score0.00363EPSS
Exploits0
Amazon
Amazon
•added 2025/05/13 12:0 a.m.•9 views

Important: tomcat

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

7.5CVSS6.9AI score0.66933EPSS
Exploits5
Amazon
Amazon
•added 2025/05/12 12:0 a.m.•9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio CVE-2022-49413 In the Linux...

7.8CVSS6.8AI score0.00274EPSS
Exploits0
Amazon
Amazon
•added 2025/04/29 12:0 a.m.•9 views

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6...

7.4CVSS7.1AI score0.00688EPSS
Exploits0
Amazon
Amazon
•added 2025/04/29 12:0 a.m.•9 views

Important: docker

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.8AI score0.00724EPSS
Exploits0
Amazon
Amazon
•added 2025/04/16 12:0 a.m.•9 views

Low: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2025-2295 Affected Packages: edk2 Note: This advisory is applicable to Amazon Linux 2...

3.5CVSS6.8AI score0.00226EPSS
Exploits0
Amazon
Amazon
•added 2025/04/16 12:0 a.m.•9 views

Important: libxslt

Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...

7.8CVSS6.9AI score0.00324EPSS
Exploits4
Amazon
Amazon
•added 2025/04/16 12:0 a.m.•9 views

Important: git

Issue Overview: A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwri...

9.8CVSS9.3AI score0.34007EPSS
Exploits1
Amazon
Amazon
•added 2025/04/16 12:0 a.m.•9 views

Low: cuda-tools-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

3.3CVSS6.5AI score0.00241EPSS
Exploits0
Amazon
Amazon
•added 2025/04/14 12:0 a.m.•9 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS9.4AI score0.00724EPSS
Exploits0
Amazon
Amazon
•added 2025/04/14 12:0 a.m.•9 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

7.5CVSS6.5AI score0.00406EPSS
Exploits0
Amazon
Amazon
•added 2025/04/14 12:0 a.m.•9 views

Important: freetype

Issue Overview: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wra...

8.1CVSS8AI score0.23357EPSS
Exploits1
Amazon
Amazon
•added 2025/04/01 12:0 a.m.•9 views

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.1AI score0.27095EPSS
Exploits4
Amazon
Amazon
•added 2025/04/01 12:0 a.m.•9 views

Important: dotnet8.0

Issue Overview: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. CVE-2025-24070 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250331 to update your system. New Packages: aarch6...

7CVSS6.9AI score0.00911EPSS
Exploits1
Amazon
Amazon
•added 2025/04/01 12:0 a.m.•9 views

Medium: php8.1

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

6.3CVSS6.5AI score0.0079EPSS
Exploits2
Amazon
Amazon
•added 2025/04/01 12:0 a.m.•9 views

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

9.8CVSS10AI score0.99945EPSS
Exploits46
Amazon
Amazon
•added 2025/04/01 12:0 a.m.•9 views

Medium: containerd

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

4.6CVSS5.2AI score0.00275EPSS
Exploits1
Amazon
Amazon
•added 2025/03/26 12:0 a.m.•9 views

Important: kernel-livepatch-5.10.234-225.910

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum updat...

7.1CVSS6.7AI score0.00271EPSS
Exploits0
Amazon
Amazon
•added 2025/03/25 12:0 a.m.•9 views

Medium: batik

Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...

7.1CVSS5.7AI score0.00786EPSS
Exploits0
Amazon
Amazon
•added 2025/03/25 12:0 a.m.•9 views

Medium: perl-App-cpanminus

Issue Overview: The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

7.8CVSS7.6AI score0.00713EPSS
Exploits1
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Important: kernel

Issue Overview: Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. CVE-2021-33061 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix...

7.8CVSS6.1AI score0.00279EPSS
Exploits0
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Important: libtirpc

Issue Overview: In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections. CVE-2021-46828 Affected Packages:...

7.5CVSS6.9AI score0.02088EPSS
Exploits0
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...

8.8CVSS7.8AI score0.02679EPSS
Exploits0
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

5.4CVSS7AI score0.00465EPSS
Exploits0
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

6.8CVSS6.9AI score0.06997EPSS
Exploits4
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Amazon
Amazon
•added 2025/03/06 12:0 a.m.•9 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250303 to update your system. New Packages: aarch64: openjpeg2-tools-debuginfo-2.4.0-11.amzn2023.0.6.aarch64 ...

5.6CVSS7.3AI score0.0023EPSS
Exploits0
Amazon
Amazon
•added 2025/02/25 12:0 a.m.•9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method CVE-2024-49860 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister CVE-2024-50055 Affecte...

7.8CVSS6.7AI score0.00253EPSS
Exploits0
Amazon
Amazon
•added 2025/02/21 12:0 a.m.•9 views

Important: emacs

Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...

7.8CVSS7.9AI score0.00526EPSS
Exploits0
Amazon
Amazon
•added 2025/02/05 12:0 a.m.•9 views

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

4.8CVSS4.8AI score0.00971EPSS
Exploits0
Amazon
Amazon
•added 2025/02/05 12:0 a.m.•9 views

Important: runfinch-finch

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS5.9AI score0.03092EPSS
Exploits2
Amazon
Amazon
•added 2025/02/04 12:0 a.m.•9 views

Important: kernel-livepatch-5.10.228-219.884

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2qddealloc CVE-2023-52760 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the...

7.8CVSS7.3AI score0.00333EPSS
Exploits0
Amazon
Amazon
•added 2025/02/04 12:0 a.m.•9 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS6.8AI score0.03092EPSS
Exploits2
Amazon
Amazon
•added 2025/02/04 12:0 a.m.•9 views

Important: kernel

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additiona...

7.8CVSS6.8AI score0.00233EPSS
Exploits0
Amazon
Amazon
•added 2025/01/24 12:0 a.m.•9 views

Important: tomcat9

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS7.1AI score0.43663EPSS
Exploits14
Amazon
Amazon
•added 2025/01/24 12:0 a.m.•9 views

Important: tomcat

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS6.9AI score0.43663EPSS
Exploits14
Amazon
Amazon
•added 2025/01/24 12:0 a.m.•9 views

Important: tomcat9

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS10AI score0.43663EPSS
Exploits14
Amazon
Amazon
•added 2025/01/09 12:0 a.m.•9 views

Medium: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

7.5CVSS6.8AI score0.01051EPSS
Exploits0
Amazon
Amazon
•added 2025/01/09 12:0 a.m.•9 views

Important: jackson-databind

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS7.7AI score0.02656EPSS
Exploits1
Amazon
Amazon
•added 2024/12/19 12:0 a.m.•9 views

Important: flatpak

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

10CVSS8.8AI score0.01283EPSS
Exploits1
Amazon
Amazon
•added 2024/11/01 12:0 a.m.•9 views

Important: qt5-qtimageformats

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Amazon
Amazon
•added 2024/10/14 12:0 a.m.•9 views

Medium: python-dns

Issue Overview: eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred...

7CVSS7.3AI score0.01857EPSS
Exploits1
Amazon
Amazon
•added 2024/10/02 12:0 a.m.•9 views

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

9.8CVSS6.8AI score0.91969EPSS
Exploits1
Total number of security vulnerabilities5000