Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2024/08/15 12:0 a.m.9 views

Important: dotnet8.0

Issue Overview: .NET Core and Visual Studio Denial of Service Vulnerability CVE-2024-30105 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-35264 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-38095 Affected Packages: dotnet8.0 Issue Correction: Run dnf update...

8.1CVSS7.9AI score0.02915EPSS
Exploits0
Amazon
Amazon
added 2024/07/30 12:0 a.m.9 views

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

9.9CVSS6.7AI score0.16496EPSS
Exploits0
Amazon
Amazon
added 2024/07/22 12:0 a.m.9 views

Important: ecs-service-connect-agent

Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...

7.5CVSS7.2AI score0.00431EPSS
Exploits0
Amazon
Amazon
added 2024/07/22 12:0 a.m.9 views

Medium: ecs-init

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.7AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/07/22 12:0 a.m.9 views

Important: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

7.4CVSS6.4AI score0.01257EPSS
Exploits0
Amazon
Amazon
added 2024/07/01 12:0 a.m.9 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 wh...

8.2CVSS6.8AI score0.8781EPSS
Exploits7
Amazon
Amazon
added 2024/06/24 12:0 a.m.9 views

Important: kernel-livepatch-4.14.343-259.562

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstlen / 4 can write past the destination array which leads to stack corruption. This construct is necessary to clean th...

7.1CVSS6.7AI score0.00675EPSS
Exploits0
Amazon
Amazon
added 2024/05/30 12:0 a.m.9 views

Medium: uriparser

Issue Overview: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an...

8.6CVSS7.6AI score0.01316EPSS
Exploits0
Amazon
Amazon
added 2024/05/30 12:0 a.m.9 views

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

9CVSS7.4AI score0.25334EPSS
Exploits35
Amazon
Amazon
added 2024/05/28 12:0 a.m.9 views

Medium: oci-add-hooks

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS5.7AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/28 12:0 a.m.9 views

Important: php8.2

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

6.5CVSS7.9AI score0.49336EPSS
Exploits3
Amazon
Amazon
added 2024/05/28 12:0 a.m.9 views

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

9CVSS6.3AI score0.25334EPSS
Exploits35
Amazon
Amazon
added 2024/05/28 12:0 a.m.9 views

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

9CVSS7.4AI score0.25334EPSS
Exploits35
Amazon
Amazon
added 2024/05/13 12:0 a.m.9 views

Medium: python-pymongo

Issue Overview: Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with...

8.1CVSS7.4AI score0.00663EPSS
Exploits0
Amazon
Amazon
added 2024/05/13 12:0 a.m.9 views

Important: unbound

Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. CVE-2024-33655 Affected Packages: unbound Issue Correction: Run dnf update unbound --releasever...

7.5CVSS7.3AI score0.01729EPSS
Exploits0
Amazon
Amazon
added 2024/05/03 12:0 a.m.9 views

Low: java-22-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

3.7CVSS6AI score0.01361EPSS
Exploits0
Amazon
Amazon
added 2024/05/03 12:0 a.m.9 views

Important: dotnet6.0

Issue Overview: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2024-21409 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0 --releasever 2023.4.20240429 to update your system. New Packages: aarch64: ...

7.3CVSS7.9AI score0.02513EPSS
Exploits0
Amazon
Amazon
added 2024/05/03 12:0 a.m.9 views

Low: java-21-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

3.7CVSS6AI score0.01361EPSS
Exploits0
Amazon
Amazon
added 2024/05/03 12:0 a.m.9 views

Important: nodejs20

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...

8.2CVSS6.7AI score0.87211EPSS
Exploits3
Amazon
Amazon
added 2024/04/30 12:0 a.m.9 views

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

7.3CVSS7.4AI score0.8833EPSS
Exploits16
Amazon
Amazon
added 2024/04/17 12:0 a.m.9 views

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

7.5CVSS7AI score0.23072EPSS
Exploits1
Amazon
Amazon
added 2024/04/01 12:0 a.m.9 views

Important: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...

7.8CVSS6.7AI score0.02224EPSS
Exploits2
Amazon
Amazon
added 2024/04/01 12:0 a.m.10 views

Important: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...

7.8CVSS7.5AI score0.02224EPSS
Exploits3
Amazon
Amazon
added 2024/03/06 12:0 a.m.9 views

Medium: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 In the Linux kernel, the following vulnerability has been...

7.8CVSS6.6AI score0.02224EPSS
Exploits2
Amazon
Amazon
added 2024/03/05 12:0 a.m.9 views

Important: perl-Cpanel-JSON-XS

Issue Overview: The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. CVE-2022-48623 Affected Packages: perl-Cpanel-JSON-XS Issue Correction: Run dnf update perl-Cpanel-JSON-XS...

9.1CVSS6.7AI score0.00788EPSS
Exploits0
Amazon
Amazon
added 2024/03/05 12:0 a.m.9 views

Important: nodejs20

Issue Overview: The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. This misleading documentation affects all users using the experimental permission model in active release lines: 20.x and 21.x. Please note...

9.8CVSS6.9AI score0.03168EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.9 views

Important: amazon-ssm-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

9.8CVSS8AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.9 views

Important: cifs-utils

Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be...

7.8CVSS7.1AI score0.01804EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.9 views

Important: kernel-livepatch-4.14.328-248.540

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.4AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.9 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.4AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.9 views

Important: kernel

Issue Overview: When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too Big" PTB message to the sender. The sender caches this updated Maximum Transmission Unit MTU so it knows not to exceed this value when subsequently routing to the same host...

7.5CVSS7AI score0.0094EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.9 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.1AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.9 views

Medium: ansible-core

Issue Overview: The upstream bug report describes this issue as follows: A flaw was found in Ansible, where a user's controller is vulnerable to template injection when internal templating operations may errantly remove the unsafe designation from template data. CVE-2023-5764 Affected Packages:...

7.8CVSS7AI score0.00539EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.9 views

Medium: libssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

5.9CVSS6.9AI score0.93305EPSS
Exploits4
Amazon
Amazon
added 2023/12/04 12:0 a.m.9 views

Important: kernel-livepatch-5.10.192-182.736

Issue Overview: An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 A use-after-free vulnerability in the Linux kernel's netfilter: nftables compone...

7.8CVSS6.8AI score0.00544EPSS
Exploits0
Amazon
Amazon
added 2023/11/03 12:0 a.m.9 views

Important: openssl

Issue Overview: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of...

7.5CVSS6.9AI score0.03332EPSS
Exploits0
Amazon
Amazon
added 2023/10/04 12:0 a.m.9 views

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, leading to a possible kernel crash and denial of service...

7.8CVSS6.3AI score0.00549EPSS
Exploits4
Amazon
Amazon
added 2023/10/04 12:0 a.m.9 views

Important: kernel

Issue Overview: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in readdescriptors in drivers/usb/core/sysfs.c. CVE-2023-37453 nftables out-of-bounds read in nfosfmatchone CVE-2023-39189 A flaw was found in the Netfilter subsyste...

7.8CVSS6.3AI score0.00675EPSS
Exploits4
Amazon
Amazon
added 2023/10/03 12:0 a.m.9 views

Medium: cups

Issue Overview: A vulnerability was found in OpenPrinting CUPS. The security flaw occurs due to failure in validating the length provided by an attacker-crafted CUPS document, possibly leading to a heap-based buffer overflow and code execution. CVE-2023-4504 Affected Packages: cups Issue...

7CVSS7.7AI score0.00663EPSS
Exploits2
Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: tomcat

Issue Overview: A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the...

7CVSS7.5AI score0.56636EPSS
Exploits15
Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: tomcat

Issue Overview: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat...

9.8CVSS7AI score0.9927EPSS
Exploits45
Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: firefox

Issue Overview: Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough...

9.8CVSS10AI score0.23941EPSS
Exploits2
Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: tomcat

Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...

9.8CVSS7AI score0.99677EPSS
Exploits100
Amazon
Amazon
added 2023/09/07 12:0 a.m.9 views

Important: kernel

Issue Overview: A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the...

7.8CVSS6.2AI score0.12405EPSS
Exploits3
Amazon
Amazon
added 2023/09/06 12:0 a.m.9 views

Medium: kernel

Issue Overview: A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails CVE-2023-53174 I...

7.8CVSS6.6AI score0.12405EPSS
Exploits0
Amazon
Amazon
added 2023/08/21 12:0 a.m.9 views

Important: kernel-livepatch-5.10.179-166.674

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

7.8CVSS7AI score0.06127EPSS
Exploits2
Amazon
Amazon
added 2023/08/09 12:0 a.m.9 views

Important: golang

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7AI score0.0125EPSS
Exploits0
Amazon
Amazon
added 2023/08/09 12:0 a.m.9 views

Medium: poppler

Issue Overview: Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the...

7.8CVSS8.3AI score0.00574EPSS
Exploits1
Amazon
Amazon
added 2023/08/09 12:0 a.m.9 views

Medium: kernel

Issue Overview: An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in fs/ntfs3/xattr.c. CVE-2022-48502 A side channel vulnerability on some of the AMD CPUs may allow a...

7.8CVSS7.1AI score0.0616EPSS
Exploits3
Amazon
Amazon
added 2023/06/27 12:0 a.m.9 views

Important: perl-HTTP-Tiny

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-HTTP-Tiny Issue Correction: Run dnf update perl-HTTP-Tiny --releasev...

8.1CVSS7.5AI score0.01742EPSS
Exploits0
Total number of security vulnerabilities5000