Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2024/07/22 12:0 a.m.8 views

Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain...

7.5CVSS7.4AI score0.03397EPSS
Exploits0
Amazon
Amazon
added 2024/07/10 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch CVE-2022-49409 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper CVE-2023-52585 Affect...

5.5CVSS6.6AI score0.00282EPSS
Exploits0
Amazon
Amazon
added 2024/06/14 12:0 a.m.8 views

Medium: bouncycastle

Issue Overview: An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latestreleases.html DEBIANBUG: 1070655 CVE-2024-29857 An issue was discovered in Bouncy Castle Java Cryptography APIs...

7.5CVSS7.2AI score0.011EPSS
Exploits0
Amazon
Amazon
added 2024/06/14 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep CVE-2024-26605 In the...

7CVSS7.2AI score0.00239EPSS
Exploits0
Amazon
Amazon
added 2024/06/12 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4mbclearbb CVE-2022-50021 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' CVE-2022-50488 In the...

7.8CVSS6.3AI score0.0047EPSS
Exploits0
Amazon
Amazon
added 2024/05/30 12:0 a.m.8 views

Medium: amazon-ecr-credential-helper

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/15 12:0 a.m.8 views

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

7.3AI score
Exploits0
Amazon
Amazon
added 2024/05/13 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect CVE-2024-26923 In the...

8.8CVSS6.4AI score0.01167EPSS
Exploits1
Amazon
Amazon
added 2024/05/13 12:0 a.m.8 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect CVE-2024-26923 In the...

8.8CVSS7.6AI score0.01167EPSS
Exploits1
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVE-2024-2955 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.4.20240429 to update your system. New...

7.8CVSS7.6AI score0.01414EPSS
Exploits1
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Important: glibc

Issue Overview: The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961...

7.3CVSS7.3AI score0.8833EPSS
Exploits16
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

8.6CVSS7.4AI score0.36081EPSS
Exploits2
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Low: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

3.7CVSS5AI score0.01361EPSS
Exploits0
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage ...

5.3CVSS6.8AI score0.8496EPSS
Exploits1
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Important: nodejs

Issue Overview: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the...

8.2CVSS6.9AI score0.87211EPSS
Exploits2
Amazon
Amazon
added 2024/05/03 12:0 a.m.8 views

Low: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

3.7CVSS5.3AI score0.01361EPSS
Exploits0
Amazon
Amazon
added 2024/04/18 12:0 a.m.8 views

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

6.2CVSS6.8AI score0.00333EPSS
Exploits0
Amazon
Amazon
added 2024/04/17 12:0 a.m.8 views

Important: xorg-x11-server

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

7.8CVSS7AI score0.01843EPSS
Exploits0
Amazon
Amazon
added 2024/04/17 12:0 a.m.8 views

Medium: kernel

Issue Overview: Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allows Forced Integer Overflow. CVE-2024-23307 A malicious hypervisor can potentially break confidentiality and integrity of Linux SEV-SNP guests by injecting interrupts...

9.8CVSS9.8AI score0.00747EPSS
Exploits0
Amazon
Amazon
added 2024/04/02 12:0 a.m.8 views

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

5.3CVSS6.7AI score0.01102EPSS
Exploits1
Amazon
Amazon
added 2024/04/02 12:0 a.m.8 views

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

7.5CVSS7.3AI score0.23072EPSS
Exploits1
Amazon
Amazon
added 2024/03/21 12:0 a.m.8 views

Medium: c-ares

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

5.5CVSS6.6AI score0.00349EPSS
Exploits0
Amazon
Amazon
added 2024/03/05 12:0 a.m.8 views

Important: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 A flaw was found in the smb client in the Linux kernel. A...

8CVSS8.3AI score0.02224EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.8 views

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

7.8CVSS6.5AI score0.00563EPSS
Exploits2
Amazon
Amazon
added 2024/02/05 12:0 a.m.8 views

Important: kernel-livepatch-4.14.334-252.552

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.3AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.8 views

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 In...

7.8CVSS5AI score0.0788EPSS
Exploits15
Amazon
Amazon
added 2024/02/05 12:0 a.m.8 views

Important: kernel

Issue Overview: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if unbind the driver. CVE-2020-27820 A flaw use-after-free in...

7.8CVSS5.4AI score0.01215EPSS
Exploits3
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Important: dotnet6.0

Issue Overview: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability CVE-2024-0057 Microsoft Identity Denial of service vulnerability CVE-2024-21319...

9.8CVSS7.6AI score0.02868EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.8 views

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.5CVSS8.3AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.8 views

Important: kernel

Issue Overview: A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. CVE-2023-39198 An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an iouring/fdinfo.c iouringshowfdinfo NULL pointer dereference can occur...

7.8CVSS6.6AI score0.01657EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS6.2AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Medium: p7zip

Issue Overview: p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. CVE-2022-47069 Affected Packages: p7zip Issue Correction: Run dnf update p7zip --releasever 2023.3.20240108 to upda...

7.8CVSS7.3AI score0.00296EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Important: grpc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: grpc Issue Correction: Run dnf update grpc --releaseve...

7.5CVSS8.7AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/12/04 12:0 a.m.8 views

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state...

9.8CVSS8.2AI score0.06261EPSS
Exploits3
Amazon
Amazon
added 2023/11/16 12:0 a.m.8 views

Important: kernel

Issue Overview: An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kern...

7.8CVSS6.5AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2023/11/15 12:0 a.m.8 views

Important: qt5-qtimageformats

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: qt5-qtimageformats Note: This advisory is...

8.8CVSS7.4AI score0.99739EPSS
Exploits9
Amazon
Amazon
added 2023/11/03 12:0 a.m.8 views

Medium: wireshark

Issue Overview: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVE-2023-5371 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.2.20231030 or dnf update...

6.5CVSS6.3AI score0.00485EPSS
Exploits1
Amazon
Amazon
added 2023/11/03 12:0 a.m.8 views

Important: plexus-archiver

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

9.8CVSS9.4AI score0.0207EPSS
Exploits1
Amazon
Amazon
added 2023/11/03 12:0 a.m.8 views

Important: tomcat9

Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...

5.3CVSS7AI score0.05848EPSS
Exploits2
Amazon
Amazon
added 2023/11/03 12:0 a.m.8 views

Low: vim

Issue Overview: The severity level was changed from Medium to Low. NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVE-2023-5535 Affected Packages: vim Issue...

7.8CVSS6.8AI score0.00539EPSS
Exploits2
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: libX11

Issue Overview: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

7.8CVSS6.9AI score0.00633EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVE-2023-5344 Affected Packages: vim Issue Correction: Run dnf update vim --releasever 2023.2.20231018 or dnf update --advisory ALAS2023-2023-378 --releasever 2023.2.20231018 to update your system. More...

7.5CVSS6.8AI score0.0119EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

5.3CVSS5.1AI score0.014EPSS
Exploits0
Amazon
Amazon
added 2023/10/03 12:0 a.m.8 views

Medium: golang

Issue Overview: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to...

6.1CVSS6.7AI score0.00815EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Medium: nginx

Issue Overview: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. CVE-2019-20372 Affected Packages: nginx Note: Th...

5.3CVSS6.8AI score0.14961EPSS
Exploits3
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: golang

Issue Overview: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. CVE-2023-24532 HTTP and MIME header...

9.8CVSS8.3AI score0.02281EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...

8.1CVSS7.1AI score0.29726EPSS
Exploits8
Amazon
Amazon
added 2023/09/20 12:0 a.m.8 views

Important: ecs-service-connect-agent

Issue Overview: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issu...

8.8CVSS7.3AI score0.01577EPSS
Exploits0
Total number of security vulnerabilities5000