Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2025/04/16 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev CVE-2022-49390 In the Linux kernel, the following vulnerability has...

7.8CVSS6.8AI score0.08906EPSS
Exploits1
Amazon
Amazon
added 2025/04/14 12:0 a.m.8 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS9.4AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.8 views

Important: ghostscript

Issue Overview: PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info: https://bugs.ghostscript.com/showbug.cgi?id=708253 Patch:...

9.8CVSS7.2AI score0.00586EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.8 views

Medium: php8.2

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

6.3CVSS6.5AI score0.0079EPSS
Exploits2
Amazon
Amazon
added 2025/04/14 12:0 a.m.8 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization CVE-2024-58092 In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput CVE-2025-21893 In the Linux kernel, the following...

7.8CVSS6.7AI score0.00186EPSS
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Important: jq

Issue Overview: decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has...

8.1CVSS7.3AI score0.00352EPSS
Exploits1
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.2AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS7.1AI score0.27095EPSS
Exploits4
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Important: tomcat10

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS8.3AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Important: tomcat

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS7.9AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/03/25 12:0 a.m.8 views

Medium: perl-App-cpanminus

Issue Overview: The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

7.8CVSS7AI score0.00713EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

9.1CVSS7.3AI score0.03092EPSS
Exploits2
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash CVE-2023-53037 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo CVE-2023-53320 In the Lin...

8.4CVSS6.4AI score0.00398EPSS
Exploits4
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

7.5CVSS7.7AI score0.06873EPSS
Exploits0
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: nvidia-container-toolkit

Issue Overview: NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A...

9CVSS7.4AI score0.36458EPSS
Exploits2
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS8AI score0.02656EPSS
Exploits1
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash CVE-2023-53037 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix issues in mpi3mrgetalltgtinfo CVE-2023-53320 In the Lin...

8.4CVSS6.3AI score0.00398EPSS
Exploits4
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: libpq

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.8AI score0.89472EPSS
Exploits10
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy hsize fixup CVE-2024-39472 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate CVE-2024-41042 In...

8.4CVSS7AI score0.0032EPSS
Exploits4
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

6.8CVSS6.9AI score0.06997EPSS
Exploits4
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.6.20250303 to update your system. New Packages: aarch64: openjpeg2-tools-debuginfo-2.4.0-11.amzn2023.0.6.aarch64 ...

5.6CVSS7.3AI score0.0023EPSS
Exploits0
Amazon
Amazon
added 2025/02/25 12:0 a.m.8 views

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

3.6CVSS7AI score0.00282EPSS
Exploits1
Amazon
Amazon
added 2025/02/25 12:0 a.m.8 views

Medium: php

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/02/25 12:0 a.m.8 views

Medium: virtuoso-opensource

Issue Overview: An issue in the chasharray component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements. CVE-2024-57635 An issue in the itcsamplerowcheck component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a...

7.5CVSS7.5AI score0.0088EPSS
Exploits30
Amazon
Amazon
added 2025/02/21 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD CVE-2024-49994 In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path CVE-2024-50014 In the Linux...

7.8CVSS7.3AI score0.00571EPSS
Exploits1
Amazon
Amazon
added 2025/02/05 12:0 a.m.8 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS7.9AI score0.03092EPSS
Exploits2
Amazon
Amazon
added 2025/02/05 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning CVE-2024-50164 In the Linux...

7.8CVSS7.2AI score0.0028EPSS
Exploits2
Amazon
Amazon
added 2025/02/05 12:0 a.m.8 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS6.6AI score0.03092EPSS
Exploits2
Amazon
Amazon
added 2025/02/04 12:0 a.m.8 views

Important: kernel

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-val...

7.8CVSS6.6AI score0.00268EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.8 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS6.8AI score0.03092EPSS
Exploits2
Amazon
Amazon
added 2025/02/04 12:0 a.m.8 views

Important: kernel-livepatch-5.10.233-223.887

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2qddealloc CVE-2023-52760 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the...

7.8CVSS6.9AI score0.00271EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: tomcat9

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS7.1AI score0.43663EPSS
Exploits14
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: tomcat

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS6.9AI score0.43663EPSS
Exploits14
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: tomcat10

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS7.1AI score0.43663EPSS
Exploits15
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on exfatgetdentryset CVE-2024-42315 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock...

7.8CVSS6.7AI score0.00612EPSS
Exploits2
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mienumattr CVE-2024-27407 I...

8.4CVSS7.7AI score0.00612EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: ghostscript

Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...

8.4CVSS7.4AI score0.00388EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid CVE-2023-53728 In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log...

7.8CVSS6.5AI score0.00879EPSS
Exploits2
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.1AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Medium: avahi

Issue Overview: avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs CVE-2024-52616 Affected Packages: avahi Issue Correction: Run dnf update avahi --releasever 2023.6.20241212 to update your system. New Packages: aarch64: ...

5.3CVSS7.3AI score0.00681EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS8.6AI score0.27095EPSS
Exploits8
Amazon
Amazon
added 2024/11/01 12:0 a.m.8 views

Important: qt5-qtsensors

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Amazon
Amazon
added 2024/11/01 12:0 a.m.8 views

Important: qt5-qtsvg

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: libarchive

Issue Overview: executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds...

7.8CVSS7.1AI score0.00551EPSS
Exploits2
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

7.2AI score0.00393EPSS
Exploits0
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: firefox

Issue Overview: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131. CVE-2024-9392 An attacker could, via a specially crafted...

9.8CVSS10AI score0.32568EPSS
Exploits1
Amazon
Amazon
added 2024/10/14 12:0 a.m.8 views

Important: oath-toolkit

Issue Overview: oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Affected Packages: oath-toolkit Issue Correction: Run dnf update oath-toolkit --releasever 2023.6.20241010 to update your system. New Packages: aarch64: libpskc-debuginfo-2.6.12-1.amzn2023.0.1.aarch64 ...

7.1CVSS7.2AI score0.00341EPSS
Exploits0
Amazon
Amazon
added 2024/10/14 12:0 a.m.8 views

Medium: cups-filters

Issue Overview: CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function ...

8.6CVSS8.6AI score0.8344EPSS
Exploits15
Amazon
Amazon
added 2024/10/01 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize CVE-2024-35807 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.5.20240916 or dnf update --advisory ALAS2023-2024-715 --releasever...

5.5CVSS6.4AI score0.00269EPSS
Exploits0
Amazon
Amazon
added 2024/09/18 12:0 a.m.8 views

Important: kernel-livepatch-5.10.220-209.869

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-5.10.220-209.869 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00244EPSS
Exploits0
Total number of security vulnerabilities5000