Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2025/02/05 12:0 a.m.8 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS6.6AI score0.03092EPSS
Exploits2
Amazon
Amazon
added 2025/02/05 12:0 a.m.8 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS7.9AI score0.03092EPSS
Exploits2
Amazon
Amazon
added 2025/02/05 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning CVE-2024-50164 In the Linux...

7.8CVSS7.2AI score0.0028EPSS
Exploits2
Amazon
Amazon
added 2025/02/04 12:0 a.m.8 views

Important: kernel

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args CVE-2024-50067 In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-val...

7.8CVSS6.6AI score0.00268EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.8 views

Important: kernel-livepatch-5.10.233-223.887

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2qddealloc CVE-2023-52760 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify CVE-2024-36899 In the...

7.8CVSS6.9AI score0.00271EPSS
Exploits0
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: tomcat10

Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...

9.8CVSS7.1AI score0.43663EPSS
Exploits15
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on exfatgetdentryset CVE-2024-42315 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock...

7.8CVSS6.7AI score0.00612EPSS
Exploits2
Amazon
Amazon
added 2025/01/24 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mienumattr CVE-2024-27407 I...

8.4CVSS7.7AI score0.00612EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: ghostscript

Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...

8.4CVSS7.4AI score0.00388EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid CVE-2023-53728 In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log...

7.8CVSS6.5AI score0.00879EPSS
Exploits2
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

8.8CVSS7.1AI score0.04422EPSS
Exploits1
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Medium: avahi

Issue Overview: avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs CVE-2024-52616 Affected Packages: avahi Issue Correction: Run dnf update avahi --releasever 2023.6.20241212 to update your system. New Packages: aarch64: ...

5.3CVSS7.3AI score0.00681EPSS
Exploits0
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

9.8CVSS8.6AI score0.27095EPSS
Exploits8
Amazon
Amazon
added 2024/12/12 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers CVE-2024-41080 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points CVE-2024-4999...

7.8CVSS7.9AI score0.00333EPSS
Exploits0
Amazon
Amazon
added 2024/11/01 12:0 a.m.8 views

Important: qt5-qtsensors

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Amazon
Amazon
added 2024/11/01 12:0 a.m.8 views

Important: qt5-qtsvg

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

8.6CVSS7.8AI score0.00494EPSS
Exploits0
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: libarchive

Issue Overview: executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds...

7.8CVSS7.1AI score0.00551EPSS
Exploits2
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

7.2AI score0.00393EPSS
Exploits0
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: firefox

Issue Overview: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131. CVE-2024-9392 An attacker could, via a specially crafted...

9.8CVSS10AI score0.32568EPSS
Exploits1
Amazon
Amazon
added 2024/10/14 12:0 a.m.8 views

Important: oath-toolkit

Issue Overview: oath-toolkit: Local root exploit in a PAM module CVE-2024-47191 Affected Packages: oath-toolkit Issue Correction: Run dnf update oath-toolkit --releasever 2023.6.20241010 to update your system. New Packages: aarch64: libpskc-debuginfo-2.6.12-1.amzn2023.0.1.aarch64 ...

7.1CVSS7.2AI score0.00341EPSS
Exploits0
Amazon
Amazon
added 2024/10/14 12:0 a.m.8 views

Medium: cups-filters

Issue Overview: CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function ...

8.6CVSS8.6AI score0.8344EPSS
Exploits15
Amazon
Amazon
added 2024/10/01 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize CVE-2024-35807 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.5.20240916 or dnf update --advisory ALAS2023-2024-715 --releasever...

5.5CVSS6.4AI score0.00269EPSS
Exploits0
Amazon
Amazon
added 2024/09/18 12:0 a.m.8 views

Important: kernel-livepatch-5.10.220-209.869

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-5.10.220-209.869 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS6.7AI score0.00244EPSS
Exploits0
Amazon
Amazon
added 2024/09/04 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate CVE-2024-41042 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise numphys CVE-2024-42159 In the Linux kernel, the following...

7.8CVSS7.3AI score0.0032EPSS
Exploits3
Amazon
Amazon
added 2024/09/04 12:0 a.m.8 views

Important: kernel-livepatch-4.14.348-265.565

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-4.14.348-265.565 Issue Correction: Please ensure you have live patching enabled. Run yum update...

7.8CVSS7.1AI score0.00256EPSS
Exploits0
Amazon
Amazon
added 2024/09/04 12:0 a.m.8 views

Medium: microcode_ctl

Issue Overview: Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-22374 Affected Packages: microcodectl Issue Correction: Run dnf update microcodectl --releasever 2023.5.20240903 ...

6.8CVSS7AI score0.00161EPSS
Exploits0
Amazon
Amazon
added 2024/09/04 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate CVE-2024-41042 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise numphys CVE-2024-42159 In the Linux kernel, the following...

7.8CVSS7.7AI score0.0032EPSS
Exploits3
Amazon
Amazon
added 2024/08/15 12:0 a.m.8 views

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...

9.1CVSS7.9AI score0.05582EPSS
Exploits1
Amazon
Amazon
added 2024/08/15 12:0 a.m.8 views

Important: dotnet8.0

Issue Overview: .NET Core and Visual Studio Denial of Service Vulnerability CVE-2024-30105 .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-35264 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-38095 Affected Packages: dotnet8.0 Issue Correction: Run dnf update...

8.1CVSS7.9AI score0.02915EPSS
Exploits0
Amazon
Amazon
added 2024/08/15 12:0 a.m.8 views

Important: python-setuptools

Issue Overview: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptibl...

8.8CVSS8.8AI score0.01939EPSS
Exploits0
Amazon
Amazon
added 2024/08/15 12:0 a.m.8 views

Medium: mariadb105

Issue Overview: MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

4.9CVSS6.5AI score0.00424EPSS
Exploits0
Amazon
Amazon
added 2024/08/13 12:0 a.m.8 views

Important: kernel

Issue Overview: A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. CVE-2023-52434 In the Linux kernel, the following vulnerabili...

9.1CVSS5.6AI score0.01401EPSS
Exploits0
Amazon
Amazon
added 2024/08/13 12:0 a.m.8 views

Medium: containerd

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

9.8CVSS6.9AI score0.01956EPSS
Exploits0
Amazon
Amazon
added 2024/08/01 12:0 a.m.8 views

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

9.9CVSS7.2AI score0.16496EPSS
Exploits0
Amazon
Amazon
added 2024/07/30 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl CVE-2021-47634 In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges""...

8.7CVSS6.5AI score0.0066EPSS
Exploits2
Amazon
Amazon
added 2024/07/22 12:0 a.m.8 views

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

7.8CVSS6.3AI score0.00344EPSS
Exploits0
Amazon
Amazon
added 2024/07/22 12:0 a.m.8 views

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

7.4CVSS6.4AI score0.01257EPSS
Exploits0
Amazon
Amazon
added 2024/07/22 12:0 a.m.8 views

Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain...

7.5CVSS7.4AI score0.03397EPSS
Exploits0
Amazon
Amazon
added 2024/07/10 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch CVE-2022-49409 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper CVE-2023-52585 Affect...

5.5CVSS6.6AI score0.00282EPSS
Exploits0
Amazon
Amazon
added 2024/06/14 12:0 a.m.8 views

Medium: bouncycastle

Issue Overview: An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latestreleases.html DEBIANBUG: 1070655 CVE-2024-29857 An issue was discovered in Bouncy Castle Java Cryptography APIs...

7.5CVSS7.2AI score0.011EPSS
Exploits0
Amazon
Amazon
added 2024/06/14 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep CVE-2024-26605 In the...

7CVSS7.2AI score0.00239EPSS
Exploits0
Amazon
Amazon
added 2024/06/12 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4mbclearbb CVE-2022-50021 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' CVE-2022-50488 In the...

7.8CVSS6.3AI score0.0047EPSS
Exploits0
Amazon
Amazon
added 2024/05/30 12:0 a.m.8 views

Medium: uriparser

Issue Overview: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an...

8.6CVSS7.6AI score0.01316EPSS
Exploits0
Amazon
Amazon
added 2024/05/30 12:0 a.m.8 views

Medium: amazon-ecr-credential-helper

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/15 12:0 a.m.8 views

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

7.3AI score
Exploits0
Amazon
Amazon
added 2024/05/13 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect CVE-2024-26923 In the...

8.8CVSS6.4AI score0.01167EPSS
Exploits1
Amazon
Amazon
added 2024/05/13 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect CVE-2024-26923 In the...

8.8CVSS7.6AI score0.01167EPSS
Exploits1
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVE-2024-2955 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.4.20240429 to update your system. New...

7.8CVSS7.6AI score0.01414EPSS
Exploits1
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

7.3CVSS7.3AI score0.8833EPSS
Exploits16
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

8.6CVSS7.4AI score0.36081EPSS
Exploits2
Total number of security vulnerabilities5000