Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2025/11/10 12:0 a.m.9 views

Important: tomcat10

Issue Overview: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could...

7.5CVSS7.7AI score0.66535EPSS
Exploits4
Amazon
Amazon
added 2025/11/10 12:0 a.m.9 views

Medium: nerdctl

Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: nerdctl Issue Correction: Run dnf update nerdctl --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1259 --releasever 2023.9.20251110 to...

5.3CVSS6.8AI score0.00357EPSS
Exploits0
Amazon
Amazon
added 2025/10/27 12:0 a.m.9 views

Important: perl-YAML-Syck

Issue Overview: YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML...

6.5CVSS6.4AI score0.00243EPSS
Exploits0
Amazon
Amazon
added 2025/10/27 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimdrvprobe when nsimdevresourcesregister failed CVE-2022-50500 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of...

7.8CVSS6.9AI score0.00236EPSS
Exploits2
Amazon
Amazon
added 2025/10/27 12:0 a.m.9 views

Medium: libxslt

Issue Overview: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. CVE-2025-10911 Affected Packages: libxslt Issue Correction: Run dnf update libxslt --releasever 2023.9.20251027 or dnf update...

5.5CVSS6.5AI score0.00161EPSS
Exploits0
Amazon
Amazon
added 2025/10/27 12:0 a.m.9 views

Important: 7zip

Issue Overview: This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handlin...

7.8CVSS7.5AI score0.27017EPSS
Exploits11
Amazon
Amazon
added 2025/10/23 12:0 a.m.9 views

Critical: dotnet9.0

Issue Overview: Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a...

9.9CVSS6.7AI score0.66258EPSS
Exploits5
Amazon
Amazon
added 2025/10/14 12:0 a.m.9 views

Low: docker

Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...

5.2CVSS6.8AI score0.00152EPSS
Exploits0
Amazon
Amazon
added 2025/09/29 12:0 a.m.9 views

Important: kernel-livepatch-5.10.238-231.953

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

7.8CVSS6.7AI score0.00181EPSS
Exploits0
Amazon
Amazon
added 2025/09/29 12:0 a.m.9 views

Important: kernel-livepatch-5.10.240-238.959

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

7.8CVSS6.7AI score0.00181EPSS
Exploits0
Amazon
Amazon
added 2025/09/29 12:0 a.m.9 views

Important: microcode_ctl

Issue Overview: Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2025-22839 Sequence of processor instructions leads to unexpected behavior for...

7.9CVSS7.1AI score0.00169EPSS
Exploits0
Amazon
Amazon
added 2025/09/29 12:0 a.m.9 views

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.1AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/09/16 12:0 a.m.9 views

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...

7.8CVSS7.3AI score0.00371EPSS
Exploits0
Amazon
Amazon
added 2025/09/04 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input CVE-2022-50030 In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling CVE-2022-50055 In...

7.8CVSS6.9AI score0.01345EPSS
Exploits8
Amazon
Amazon
added 2025/08/19 12:0 a.m.9 views

Medium: perl-Authen-SASL

Issue Overview: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time m...

6.5CVSS7AI score0.00394EPSS
Exploits0
Amazon
Amazon
added 2025/08/08 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if setmemoryencrypted fails CVE-2024-36913 In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block CVE-2024-41013 In...

8.1CVSS7.5AI score0.01345EPSS
Exploits8
Amazon
Amazon
added 2025/07/30 12:0 a.m.9 views

Important: kernel-livepatch-5.10.237-230.949

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-5.10.237-230.949 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.237-230.949 o...

5.5CVSS6.7AI score0.00178EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: don't override retval if we already lost the skb CVE-2024-26739 In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeupkswapd with a wrong zone...

9.8CVSS8.2AI score0.01483EPSS
Exploits1
Amazon
Amazon
added 2025/06/24 12:0 a.m.9 views

Medium: python-requests

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

5.3CVSS6.6AI score0.00846EPSS
Exploits1
Amazon
Amazon
added 2025/06/23 12:0 a.m.9 views

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/06/23 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio CVE-2024-56758 In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHPAPHRTIMERSDYIN...

7.8CVSS6.4AI score0.00369EPSS
Exploits3
Amazon
Amazon
added 2025/06/23 12:0 a.m.9 views

Medium: tomcat9

Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...

7.3CVSS9.8AI score0.02608EPSS
Exploits1
Amazon
Amazon
added 2025/06/23 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree...

7.8CVSS6.8AI score0.00369EPSS
Exploits3
Amazon
Amazon
added 2025/06/23 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like...

9.8CVSS7.2AI score0.01483EPSS
Exploits3
Amazon
Amazon
added 2025/06/12 12:0 a.m.9 views

Important: python2-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Amazon
Amazon
added 2025/06/10 12:0 a.m.9 views

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

7.5CVSS9.5AI score0.00868EPSS
Exploits0
Amazon
Amazon
added 2025/06/10 12:0 a.m.9 views

Important: glibc

Issue Overview: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to...

7.8CVSS7.1AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2025/06/02 12:0 a.m.9 views

Medium: golang

Issue Overview: A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". When exploited, this vulnerability...

6.6AI score0.00238EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.9 views

Medium: python-requests

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS6.9AI score0.0034EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.9 views

Important: soci-snapshotter

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.9AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.9 views

Important: pcs

Issue Overview: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to se...

7.5CVSS6.7AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.9 views

Important: thunderbird

Issue Overview: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This...

7.5CVSS7.1AI score0.00363EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length CVE-2021-47352 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output CVE-2023-53188 In the Linux kernel, the...

7.8CVSS6.7AI score0.00263EPSS
Exploits0
Amazon
Amazon
added 2025/05/13 12:0 a.m.9 views

Important: tomcat

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

7.5CVSS6.9AI score0.66933EPSS
Exploits5
Amazon
Amazon
added 2025/05/12 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio CVE-2022-49413 In the Linux...

7.8CVSS6.8AI score0.00274EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.9 views

Important: docker

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS6.8AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.9 views

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6...

7.4CVSS7.6AI score0.00688EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.9 views

Low: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2025-2295 Affected Packages: edk2 Note: This advisory is applicable to Amazon Linux 2...

3.5CVSS6.8AI score0.00226EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.9 views

Low: cuda-tools-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

3.3CVSS6.5AI score0.00241EPSS
Exploits0
Amazon
Amazon
added 2025/04/16 12:0 a.m.9 views

Important: libxslt

Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...

7.8CVSS6.9AI score0.00324EPSS
Exploits4
Amazon
Amazon
added 2025/04/16 12:0 a.m.9 views

Important: git

Issue Overview: A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwri...

9.8CVSS9.3AI score0.34007EPSS
Exploits1
Amazon
Amazon
added 2025/04/14 12:0 a.m.9 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS9.4AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.9 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

7.5CVSS6.5AI score0.00406EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.1AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: dotnet8.0

Issue Overview: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. CVE-2025-24070 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250331 to update your system. New Packages: aarch6...

7CVSS6.9AI score0.00911EPSS
Exploits1
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

9.8CVSS10AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Medium: php8.1

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

6.3CVSS6.5AI score0.00821EPSS
Exploits2
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Medium: containerd

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

4.6CVSS5.2AI score0.00275EPSS
Exploits1
Amazon
Amazon
added 2025/03/26 12:0 a.m.9 views

Important: kernel-livepatch-5.10.234-225.910

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum updat...

7.1CVSS6.7AI score0.00271EPSS
Exploits0
Amazon
Amazon
added 2025/03/25 12:0 a.m.9 views

Medium: batik

Issue Overview: Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some...

7.1CVSS5.7AI score0.00786EPSS
Exploits0
Total number of security vulnerabilities5000