Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: LibRaw

Issue Overview: An integer overflow vulnerability exists in the deflatedngloadraw functionality of LibRaw. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. CVE-2026-20884 A heap-based buffer overflow...

9.8CVSS5.9AI score0.00564EPSS
Exploits2
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Low: aws-nitro-tpm-tools

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.3AI score0.00291EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue ha...

7.5CVSS5.6AI score0.00566EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions...

7.8CVSS5.8AI score0.0051EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: flatpak

Issue Overview: A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to...

10CVSS8.2AI score0.0168EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: libarchive

Issue Overview: A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could...

9.8CVSS6.7AI score0.01073EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Medium: gstreamer-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and A...

5.1CVSS7.9AI score0.00225EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Medium: clamav1.5

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

5.3CVSS5.4AI score0.00414EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: xorg-x11-server-Xwayland

Issue Overview: XKB Integer Underflow in XkbSetCompatMap CVE-2026-33999 XKB Out-of-bounds Read in CheckSetGeom CVE-2026-34000 XSYNC Use-after-free in miSyncTriggerFence CVE-2026-34001 XKB Out-of-bounds read in CheckModifierMap CVE-2026-34002 XKB Buffer overflow in CheckKeyTypes CVE-2026-34003...

7.8CVSS5.3AI score0.00489EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Medium: libssh

Issue Overview: libssh OOB Read in sftpparselongname CVE-2026-0968 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1632 --releasever 2023.11.20260427 to update your system. More information on how to update you...

3.1CVSS5.2AI score0.00442EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Medium: python3.13-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python3.13-tornado Issue Correction: Run dnf update...

7.2CVSS5.2AI score0.00237EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Medium: tomcat-native

Issue Overview: CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115;...

9.1CVSS4.5AI score0.00715EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: composer

Issue Overview: Command injection via malicious Perforce repository definition CVE-2026-40176 Command injection via malicious Perforce source reference/url CVE-2026-40261 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.11.20260427 or dnf update --advisory...

8.8CVSS5.8AI score0.01688EPSS
Exploits4
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: dotnet10.0

Issue Overview: Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. CVE-2026-40372 Affected Packages: dotnet10.0 Issue Correction: Run dnf update dotnet10.0 --releasever 2023.11.20260427 or dnf update --advisory...

9.1CVSS5.2AI score0.11205EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: ngtcp2

Issue Overview: ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently...

7.5CVSS5.8AI score0.00776EPSS
Exploits1
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: firefox

Issue Overview: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

9.8CVSS6AI score0.0035EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.8 views

Important: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside...

7.8CVSS6.6AI score0.00502EPSS
Exploits4
Amazon
Amazon
added 2026/04/14 12:0 a.m.8 views

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application...

7.5CVSS6.1AI score0.00775EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.8 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.8 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: python3.9

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

7CVSS5.8AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Medium: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that...

8.4CVSS5.7AI score0.00244EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Medium: rust-cargo-c

Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...

8.1CVSS5.9AI score0.00688EPSS
Exploits3
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS6.3AI score0.21621EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: amazon-cloudwatch-agent

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: runfinch-finch

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Medium: gstreamer1-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and...

5.1CVSS7.2AI score0.00225EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read...

9.8CVSS6.5AI score0.00656EPSS
Exploits12
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Important: dotnet9.0

Issue Overview: Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Affected Packages: dotnet9....

7.5CVSS6.8AI score0.02818EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Low: python3.12-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

7.8CVSS7.6AI score0.00787EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Medium: firefox

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

5.5CVSS5.9AI score0.00216EPSS
Exploits1
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Important: ocaml

Issue Overview: In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded...

7.9CVSS6.6AI score0.0021EPSS
Exploits0
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: gvfs

Issue Overview: A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint,...

4.3CVSS6.4AI score0.0036EPSS
Exploits2
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: lcms2

Issue Overview: A heap buffer overflow vulnerability has been identified in thesmooth2 in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color...

7.5CVSS6AI score0.00844EPSS
Exploits0
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Low: python3.13-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Important: tomcat9

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS6.9AI score0.00498EPSS
Exploits0
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS7.1AI score0.01945EPSS
Exploits2
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Medium: freetype

Issue Overview: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. CVE-2026-23865...

5.3CVSS5.9AI score0.00141EPSS
Exploits0
Amazon
Amazon
added 2026/03/19 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata CVE-2025-71265 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid...

6.1AI score0.00118EPSS
Exploits0
Amazon
Amazon
added 2026/03/19 12:0 a.m.8 views

Important: firefox

Issue Overview: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8. CVE-2026-2757 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and...

10CVSS6AI score0.00604EPSS
Exploits0
Amazon
Amazon
added 2026/03/19 12:0 a.m.8 views

Important: thunderbird

Issue Overview: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8. CVE-2026-2757 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and...

10CVSS6AI score0.00604EPSS
Exploits0
Amazon
Amazon
added 2026/03/06 12:0 a.m.8 views

Medium: qemu

Issue Overview: A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition DoS. CVE-2026-2243 Affected Packages: qemu Note: This advisory is applicable ...

5.1CVSS5.9AI score0.00114EPSS
Exploits1
Amazon
Amazon
added 2026/03/06 12:0 a.m.8 views

Medium: qt5-qt3d

Issue Overview: A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp...

8.8CVSS5.9AI score0.00482EPSS
Exploits2
Amazon
Amazon
added 2026/03/05 12:0 a.m.8 views

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00541EPSS
Exploits4
Amazon
Amazon
added 2026/02/19 12:0 a.m.8 views

Important: openssl

Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TY...

7.5CVSS5.7AI score0.00844EPSS
Exploits1
Amazon
Amazon
added 2026/02/19 12:0 a.m.8 views

Medium: curl

Issue Overview: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. CVE-2025-10966 broken TLS options for threaded LDAPS NOTE:...

6.3CVSS5.6AI score0.00679EPSS
Exploits4
Amazon
Amazon
added 2026/02/19 12:0 a.m.8 views

Important: openssl11

Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths,...

7.5CVSS5.7AI score0.00844EPSS
Exploits1
Total number of security vulnerabilities5000