8850 matches found
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows CVE-2022-50070 In the Linux...
Medium: ruby
Issue Overview: An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null CVE-2022-50073 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: virtio: break and reset virtio devices on deviceshutdown CVE-2025-38064 In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator...
Important: java-11-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...
Medium: python3.11-pip
Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...
Medium: python-pip
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An...
Important: java-1.8.0-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null CVE-2022-50073 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak CVE-2023-53131 ...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback CVE-2022-50092 In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed...
Important: java-17-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work CVE-2022-50000 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: fix sk refcount leaks CVE-2024-46855 In...
Important: kernel-livepatch-6.12.25-32.101
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-6.12.25-32.101 Issue Correction: Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.12.25-32.101...
Important: gimp
Issue Overview: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
Important: gimp
Issue Overview: A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...
Medium: gimp
Issue Overview: GIMP FLI file parsing out-of-bounds heap overflow. CVE-2025-2761 Affected Packages: gimp Note: This advisory is applicable to Amazon Linux 2 - Gimp Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content...
Medium: tigervnc
Issue Overview: A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. CVE-2025-49175 A flaw was found in the Big Requests extension. The reque...
Important: icu
Issue Overview: A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. CVE-2025-5222 Affected...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow CVE-2022-48828 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: fix sk refcount leaks CVE-2024-46855 In the Linux kernel, the following...
Medium: python-pip
Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...
Important: apache-commons-beanutils
Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...
Important: libxml2
Issue Overview: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. CVE-2025-6021 Affected Packages:...
Important: runc
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: perl-CryptX
Issue Overview: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328. CVE-2025-40914 Affected Packages: perl-CryptX Issue...
Medium: tomcat10
Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...
Medium: golang
Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...
Important: perl
Issue Overview: Thread creation while a directory handle is open does a fchdir, affecting other threads race condition CVE-2025-40909 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Medium: gnutls
Issue Overview: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send...
Medium: ecs-init
Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: track changespktdata property for global functions CVE-2024-58098 In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs CVE-2024-58100 I...
Important: apache-commons-beanutils
Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...
Medium: cuda-command-line-tools-12-9
Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...
Medium: cuda-nsight-compute-12-9
Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...
Medium: libnpp-12-9
Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...
Important: amazon-ssm-agent
Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...
Medium: postgresql17
Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...
Medium: docker
Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...
Important: firefox
Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-lev...
Important: ppp
Issue Overview: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Important: thunderbird
Issue Overview: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This...
Important: pcs
Issue Overview: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to se...
Important: postgresql
Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...
Low: ImageMagick
Issue Overview: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 Affected Packages: ImageMagick Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference betwe...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length CVE-2021-47352 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output CVE-2023-53188 In the Linux kernel, the...
Medium: microcode_ctl
Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...
Important: runfinch-finch
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: tomcat9
Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...
Important: amazon-cloudwatch-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifsdumpfullkey CVE-2024-35866 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option CVE-2025-219...