Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Medium: p7zip

Issue Overview: p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. CVE-2022-47069 Affected Packages: p7zip Issue Correction: Run dnf update p7zip --releasever 2023.3.20240108 to upda...

7.8CVSS7.3AI score0.00296EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Important: grpc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: grpc Issue Correction: Run dnf update grpc --releaseve...

7.5CVSS8.7AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/12/04 12:0 a.m.8 views

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state...

9.8CVSS8.2AI score0.06261EPSS
Exploits3
Amazon
Amazon
added 2023/11/16 12:0 a.m.8 views

Important: kernel

Issue Overview: An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kern...

7.8CVSS6.5AI score0.00856EPSS
Exploits0
Amazon
Amazon
added 2023/11/15 12:0 a.m.8 views

Important: qt5-qtimageformats

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: qt5-qtimageformats Note: This advisory is...

8.8CVSS7.4AI score0.99739EPSS
Exploits9
Amazon
Amazon
added 2023/11/03 12:0 a.m.8 views

Important: plexus-archiver

Issue Overview: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remot...

9.8CVSS9.4AI score0.0207EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: libX11

Issue Overview: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

7.8CVSS6.9AI score0.00633EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVE-2023-5344 Affected Packages: vim Issue Correction: Run dnf update vim --releasever 2023.2.20231018 or dnf update --advisory ALAS2023-2023-378 --releasever 2023.2.20231018 to update your system. More...

7.5CVSS6.8AI score0.0119EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

5.3CVSS5.1AI score0.014EPSS
Exploits0
Amazon
Amazon
added 2023/10/03 12:0 a.m.8 views

Medium: golang

Issue Overview: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to...

6.1CVSS6.7AI score0.00815EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: tomcat

Issue Overview: A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the...

7CVSS7.5AI score0.56636EPSS
Exploits15
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Medium: nginx

Issue Overview: NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. CVE-2019-20372 Affected Packages: nginx Note: Th...

5.3CVSS6.8AI score0.14961EPSS
Exploits3
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: golang

Issue Overview: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. CVE-2023-24532 HTTP and MIME header...

9.8CVSS8.3AI score0.02281EPSS
Exploits0
Amazon
Amazon
added 2023/09/20 12:0 a.m.8 views

Important: ecs-service-connect-agent

Issue Overview: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issu...

8.8CVSS7.3AI score0.01577EPSS
Exploits0
Amazon
Amazon
added 2023/09/20 12:0 a.m.8 views

Important: oci-add-hooks

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7AI score0.0125EPSS
Exploits0
Amazon
Amazon
added 2023/09/07 12:0 a.m.8 views

Important: dotnet6.0

Issue Overview: .NET and Visual Studio Remote Code Execution Vulnerability CVE-2023-35390 .NET Core and Visual Studio Denial of Service Vulnerability CVE-2023-38178 .NET and Visual Studio Denial of Service Vulnerability CVE-2023-38180 Affected Packages: dotnet6.0 Issue Correction: Run dnf update...

7.8CVSS7.3AI score0.15519EPSS
Exploits0
Amazon
Amazon
added 2023/09/07 12:0 a.m.8 views

Medium: binutils

Issue Overview: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function displaydebugsection in file readelf.c. CVE-2022-45703 An issue was discovered in Binutils addr2line before 2.39.3, function parsemodule contains multiple out of bound reads which may cause a denial of...

7.8CVSS7.6AI score0.00654EPSS
Exploits7
Amazon
Amazon
added 2023/09/06 12:0 a.m.8 views

Medium: kernel

Issue Overview: A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if deviceadd fails CVE-2023-53174 I...

7.8CVSS6.6AI score0.12405EPSS
Exploits0
Amazon
Amazon
added 2023/08/25 12:0 a.m.8 views

Medium: containerd

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

5.3CVSS7.1AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2023/08/25 12:0 a.m.8 views

Medium: nerdctl

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

5.3CVSS7.1AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2023/08/25 12:0 a.m.8 views

Medium: amazon-cloudwatch-agent

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

5.3CVSS7.1AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2023/08/25 12:0 a.m.8 views

Important: kernel

Issue Overview: An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in fs/ntfs3/xattr.c. CVE-2022-48502 An out-of-bounds write vulnerability in the Linux kernel's...

8.8CVSS7.1AI score0.54577EPSS
Exploits2
Amazon
Amazon
added 2023/08/09 12:0 a.m.8 views

Medium: python-mako

Issue Overview: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. CVE-2022-40023 Affected Packages: python-mako Issue Correction: Run dnf update python-mako --releasever...

7.5CVSS7.9AI score0.01656EPSS
Exploits1
Amazon
Amazon
added 2023/08/09 12:0 a.m.8 views

Important: nghttp2

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to...

7.5CVSS7.9AI score0.01106EPSS
Exploits0
Amazon
Amazon
added 2023/07/26 12:0 a.m.8 views

Low: sqlite

Issue Overview: No CVE associated with this advisory Affected Packages: sqlite Issue Correction: Run dnf update sqlite --releasever 2023.1.20230725 or dnf update --advisory ALAS2023-2023-264 --releasever 2023.1.20230725 to update your system. More information on how to update your system can be...

6.2AI score
Exploits0
Amazon
Amazon
added 2023/07/19 12:0 a.m.8 views

Low: python3.11

Issue Overview: No CVE associated with this advisory Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-252 --releasever 2023.1.20230719 to update your system. More information on how to update your system...

5.3CVSS7.4AI score0.02507EPSS
Exploits1
Amazon
Amazon
added 2023/06/27 12:0 a.m.8 views

Important: libeconf

Issue Overview: A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. CVE-2023-22652 A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow'...

6.5CVSS6.5AI score0.00636EPSS
Exploits0
Amazon
Amazon
added 2023/06/27 12:0 a.m.8 views

Important: perl

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.1.20230628 o...

8.1CVSS7.5AI score0.01742EPSS
Exploits0
Amazon
Amazon
added 2023/06/27 12:0 a.m.8 views

Important: cups-filters

Issue Overview: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution. CVE-2023-24805 Affected Packages: cups-filters Issue Correction: Run dnf update cups-filters --releasever...

8.8CVSS8.8AI score0.03697EPSS
Exploits1
Amazon
Amazon
added 2023/06/27 12:0 a.m.8 views

Important: perl-Pod-Perldoc

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-Pod-Perldoc Issue Correction: Run dnf update perl-Pod-Perldoc...

8.1CVSS7.5AI score0.01742EPSS
Exploits0
Amazon
Amazon
added 2023/06/27 12:0 a.m.8 views

Medium: libtiff

Issue Overview: LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. CVE-2022-4645 LibTIFF 4.4.0 has an out-of-bound...

6.8CVSS6.7AI score0.0051EPSS
Exploits6
Amazon
Amazon
added 2023/06/12 12:0 a.m.8 views

Medium: nodejs

Issue Overview: An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. CVE-2023-23920 Affected Packages: nodejs Issue Correction: Run dnf update...

4.2CVSS6.6AI score0.00471EPSS
Exploits0
Amazon
Amazon
added 2023/06/07 12:0 a.m.8 views

Important: vim

Issue Overview: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVE-2023-2609 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVE-2023-2610 Affected Packages: vim Issue Correction: Run dnf update vim --releasever 2023.0.20230607 or dnf updat...

7.8CVSS7.1AI score0.00485EPSS
Exploits2
Amazon
Amazon
added 2023/06/07 12:0 a.m.8 views

Medium: wayland

Issue Overview: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer...

6.6CVSS7.3AI score0.00294EPSS
Exploits1
Amazon
Amazon
added 2023/06/07 12:0 a.m.8 views

Important: python-flask

Issue Overview: Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one...

7.5CVSS8.2AI score0.01261EPSS
Exploits1
Amazon
Amazon
added 2023/06/07 12:0 a.m.8 views

Important: c-ares

Issue Overview: A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVE-2022-49...

8.6CVSS7.4AI score0.01577EPSS
Exploits1
Amazon
Amazon
added 2023/05/31 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4mbclearbb CVE-2022-50021 A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. T...

7.8CVSS6.3AI score0.0047EPSS
Exploits0
Amazon
Amazon
added 2023/05/03 12:0 a.m.8 views

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficul...

7.4CVSS6.4AI score0.02474EPSS
Exploits1
Amazon
Amazon
added 2023/05/03 12:0 a.m.8 views

Medium: future

Issue Overview: An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. CVE-2022-40899 Affected Packages: future Issue Correction: Run dnf update future --releasever...

7.5CVSS7AI score0.01804EPSS
Exploits1
Amazon
Amazon
added 2023/04/10 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace CVE-2022-49932 A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege...

7.8CVSS6.4AI score0.0047EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory ...

7.5CVSS7.3AI score0.0142EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Medium: libsepol

Issue Overview: The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

3.3CVSS5.3AI score0.00592EPSS
Exploits4
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Medium: tomcat9

Issue Overview: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...

7CVSS6.6AI score0.75353EPSS
Exploits16
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Medium: xmlsec1

Issue Overview: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a...

7.8CVSS7.2AI score0.22791EPSS
Exploits2
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Important: gzip

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

8.8CVSS7.1AI score0.04062EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

8.8CVSS7.1AI score0.04062EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Critical: apr

Issue Overview: An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same...

9.8CVSS6.9AI score0.01749EPSS
Exploits0
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Medium: libsndfile

Issue Overview: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read...

7.1CVSS7AI score0.01754EPSS
Exploits1
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmmmodeconfiginit CVE-2022-50556 A double-free vulnerability was found in the handling of IORINGOPSOCKET operation with iouring on the Linux kernel. CVE-2023-1032 Due to a...

7.8CVSS6.5AI score0.01377EPSS
Exploits4
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Medium: cpio

Issue Overview: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the ...

7.8CVSS7.7AI score0.0415EPSS
Exploits1
Total number of security vulnerabilities5000