Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2026/05/14 12:0 a.m.6 views

Medium: dnsmasq

Issue Overview: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-2291 Affected Packages: dnsmasq Issu...

7.3CVSS5.6AI score0.00754EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Low: microcode_ctl

Issue Overview: Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

3.9CVSS5.8AI score0.00133EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.17 views

Medium: python3-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python3-tornado Note: This advisory is applicable to Amazon Linu...

7.2CVSS5.8AI score0.00237EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.14 views

Medium: python-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python-tornado Note: This advisory is applicable to Amazon Linux...

7.2CVSS5.8AI score0.00237EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.10 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output CVE-2023-53188 In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322 In the Linux kernel, the...

7.1CVSS5.9AI score0.00226EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.9 views

Medium: amazon-ecr-credential-helper

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.14 views

Medium: libXpm

Issue Overview: As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Affected Packages: libXpm Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

5.8AI score0.00129EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Important: python-lxml

Issue Overview: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.8AI score0.00324EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.13 views

Medium: qemu

Issue Overview: hcd-ohci: infinite loop NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d402 v11.0.0-rc1 CVE-2026-3890 virtio-scsi request size mismatch NOTE: Fixed by:...

7.1AI score
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.10 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: PackageKit

Issue Overview: PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transacti...

8.8CVSS6AI score0.0046EPSS
Exploits10
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: python

Issue Overview: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. CVE-2026-4786 Use-after-free UAF wa...

9.1CVSS7.5AI score0.00579EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.15 views

Important: python3

Issue Overview: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. CVE-2026-4786 Use-after-free UAF wa...

9.1CVSS7.5AI score0.00579EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.15 views

Medium: xdg-desktop-portal

Issue Overview: Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash. CVE-2026-40354 Affected Packages: xdg-desktop-portal Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

6.3CVSS5.8AI score0.00128EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.15 views

Important: containerd

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.1AI score0.00651EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.15 views

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.3AI score0.08123EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.22 views

Medium: runfinch-finch

Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a...

9.8CVSS7AI score0.00621EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.18 views

Medium: oci-add-hooks

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.21 views

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue ha...

7.5CVSS5.9AI score0.00566EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.12 views

Important: rust

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

5.1CVSS5.8AI score0.00168EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.19 views

Medium: oci-add-hooks

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.17 views

Medium: ecs-init

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.17 views

Medium: runc

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Medium: amazon-ecr-credential-helper

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.13 views

Medium: runc

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.9 views

Medium: oci-add-hooks

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.12 views

Medium: amazon-ecr-credential-helper

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.17 views

Medium: opencryptoki

Issue Overview: openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in...

6.8CVSS6AI score0.00162EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: firefox

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150,...

9.8CVSS6.2AI score0.04938EPSS
Exploits2
Amazon
Amazon
added 2026/05/14 12:0 a.m.14 views

Important: thunderbird

Issue Overview: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. CVE-2026-7321 Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and...

9.6CVSS6.2AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.16 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata...

9.8CVSS6AI score0.00642EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.15 views

Important: ruby

Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...

8.1CVSS6.2AI score0.01131EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.14 views

Important: vim

Issue Overview: Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcard...

6.6CVSS5.8AI score0.00501EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.18 views

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

7.5CVSS7.3AI score0.00702EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.13 views

Medium: gimp

Issue Overview: A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when...

7.8CVSS6.2AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/05/09 12:0 a.m.13 views

Low: PackageKit

Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...

3.3CVSS5.8AI score0.00228EPSS
Exploits0
Amazon
Amazon
added 2026/05/09 12:0 a.m.13 views

Low: atop

Issue Overview: atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160 Affected Packages: atop...

2.9CVSS5.8AI score0.0019EPSS
Exploits0
Amazon
Amazon
added 2026/05/09 12:0 a.m.16 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections CVE-2025-68206 In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels...

9.8CVSS6AI score0.00514EPSS
Exploits2
Amazon
Amazon
added 2026/05/09 12:0 a.m.15 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS7.2AI score0.16212EPSS
Exploits2
Amazon
Amazon
added 2026/05/09 12:0 a.m.18 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released CVE-2025-40323 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections...

9.1CVSS6AI score0.00514EPSS
Exploits2
Amazon
Amazon
added 2026/05/09 12:0 a.m.22 views

Medium: runc

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/09 12:0 a.m.22 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol CVE-2025-38192 In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's-nocbcbkthread pointer access CVE-2025-38704 In...

7.8CVSS6.2AI score0.00178EPSS
Exploits0
Amazon
Amazon
added 2026/05/09 12:0 a.m.17 views

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.17 views

Important: kernel-livepatch-5.10.253-251.1014

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.14 views

Important: kernel-livepatch-5.10.252-250.1016

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.16 views

Important: kernel-livepatch-5.10.252-250.992

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.12 views

Important: kernel-livepatch-6.1.170-208.319

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.15 views

Important: kernel-livepatch-6.1.168-202.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Amazon
Amazon
added 2026/05/09 12:0 a.m.16 views

Important: kernel-livepatch-6.12.73-95.123

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

7.8CVSS6AI score0.93235EPSS
Exploits31
Total number of security vulnerabilities8850