Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2023/11/03 12:0 a.m.59 views

Important: httpd24

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

7.5CVSS6.8AI score0.70595EPSS
Exploits1
Amazon
Amazon
added 2023/11/03 12:0 a.m.4 views

Medium: zlib

Issue Overview: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. CVE-2023-45853 Affected Packages: zlib Issue Correction:...

9.8CVSS8.1AI score0.02918EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.34 views

Important: open-vm-tools

Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...

7.5CVSS6.7AI score0.00667EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.21 views

Medium: nautilus

Issue Overview: GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. CVE-2022-37290 Affected Packages: nautilus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between A...

5.5CVSS5.5AI score0.00326EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.3 views

Important: kernel-livepatch-5.10.192-182.736

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve i.e. with the HFSCFSC flag set has a parent without a link-sharing curve, then...

7.8CVSS6.8AI score0.00396EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.3 views

Important: kernel-livepatch-5.10.192-183.736

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve i.e. with the HFSCFSC flag set has a parent without a link-sharing curve, then...

7.8CVSS6.8AI score0.00396EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.39 views

Important: xerces-c

Issue Overview: An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. CVE-2023-37536 Affected Packages: xerces-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

8.8CVSS7.7AI score0.01381EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.40 views

Important: libxml2

Issue Overview: libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can...

6.5CVSS7.1AI score0.00826EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.38 views

Medium: libguestfs-winsupport

Issue Overview: An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. CVE-2022-30783 A crafted NTFS image can cause heap exhaustion in ntfsgetattributevalue in NTFS-3G...

7.8CVSS7.8AI score0.00431EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.36 views

Medium: opensc

Issue Overview: Potential PIN bypass. When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its...

6.6CVSS6.7AI score0.01174EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.12 views

Important: kernel-livepatch-5.10.186-179.751

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the...

7.8CVSS6.7AI score0.00958EPSS
Exploits3
Amazon
Amazon
added 2023/11/01 12:0 a.m.2 views

Medium: kernel

Issue Overview: A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. CVE-2023-34324 In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors CVE-2023-52477 In...

7.1CVSS6AI score0.00888EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.81 views

Important: python

Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

9.8CVSS8.6AI score0.04268EPSS
Exploits3
Amazon
Amazon
added 2023/11/01 12:0 a.m.44 views

Low: vim

Issue Overview: The severity level was changed from Medium to Low. NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Use After Free in GitHub repository vim/vim prior to v9.0.2010. CVE-2023-5535 Affected Packages: vim Note: This...

7.8CVSS6.9AI score0.00539EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.30 views

Low: nmap

Issue Overview: Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service stack consumption and application crash via a crafted TCP-based service. CVE-2018-15173 Affected Packages: nmap Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

7.5CVSS7.5AI score0.06081EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.7 views

Medium: kernel

Issue Overview: An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in dodivsz,mtd-erasesize, used indirectly by ctrlcdevioctl, when mtd-erasesize is 0. CVE-2023-31085 A flaw in the kernel Xen event handler can cause a deadlock with Xen conso...

7CVSS6.1AI score0.00888EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.2 views

Important: amazon-ecr-credential-helper

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.2 views

Important: kernel-livepatch-4.14.320-243.544

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsroute component can be exploited to achieve local privilege escalation. When route4change is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This cause...

7.8CVSS6.6AI score0.00565EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.3 views

Important: amazon-ecr-credential-helper

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.55 views

Important: cni-plugins

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Note: This advisory is applicable to Amazo...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.49 views

Important: golist

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: golist Note: This advisory is applicable to Amazon Lin...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unregister flowtable hooks on netns exit CVE-2022-48935 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: double hook unregistration in netns path...

7.8CVSS6.2AI score0.00888EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.5 views

Important: kernel-livepatch-4.14.322-244.539

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. When fwchange is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a...

7.8CVSS6.6AI score0.00549EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.3 views

Important: kernel-livepatch-4.14.322-244.536

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. When fwchange is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a...

7.8CVSS6.6AI score0.00549EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.2 views

Important: kernel-livepatch-4.14.322-246.539

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. When fwchange is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a...

7.8CVSS6.6AI score0.00549EPSS
Exploits2
Amazon
Amazon
added 2023/11/01 12:0 a.m.54 views

Important: cri-tools

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cri-tools Note: This advisory is applicable to Amazon...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2023/11/01 12:0 a.m.39 views

Medium: kernel

Issue Overview: A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. CVE-2023-34324 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before callin...

5.5CVSS6.6AI score0.00888EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.144 views

Important: httpd

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

7.5CVSS6.7AI score0.70595EPSS
Exploits1
Amazon
Amazon
added 2023/11/01 12:0 a.m.38 views

Medium: zlib

Issue Overview: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. CVE-2023-45853 Affected Packages: zlib Note: This advisor...

9.8CVSS8.2AI score0.02918EPSS
Exploits0
Amazon
Amazon
added 2023/10/28 12:0 a.m.29 views

Critical: squid

Issue Overview: Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest Authentication CVE-2023-46847 Affected Packages: squid Issue Correction: Run yum update squid or yum update --advisory ALAS-2023-1872 to update your system. New Packages: i686: ...

8.6CVSS8.8AI score0.85944EPSS
Exploits0
Amazon
Amazon
added 2023/10/26 12:0 a.m.44 views

Critical: squid

Issue Overview: An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer...

9.8CVSS7.4AI score0.85944EPSS
Exploits0
Amazon
Amazon
added 2023/10/26 12:0 a.m.73 views

Important: python3

Issue Overview: A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The...

9.8CVSS8.2AI score0.08235EPSS
Exploits6
Amazon
Amazon
added 2023/10/24 12:0 a.m.30 views

Medium: cups

Issue Overview: A vulnerability was found in OpenPrinting CUPS. The security flaw occurs due to failure in validating the length provided by an attacker-crafted CUPS document, possibly leading to a heap-based buffer overflow and code execution. CVE-2023-4504 Affected Packages: cups Issue...

7CVSS7.7AI score0.00663EPSS
Exploits2
Amazon
Amazon
added 2023/10/24 12:0 a.m.2 views

Medium: giflib

Issue Overview: giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. CVE-2023-39742 Affected Packages: giflib Issue Correction: Run dnf update giflib --releasever 2023.2.20231018 or dnf update --advisory ALAS2023-2023-386 --releasever 2023.2.20231018 to update...

5.5CVSS5.9AI score0.00328EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.47 views

Medium: nss-softokn

Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Issue Correction: Run yum update nss-softokn or yum update --advisory ALAS-2023-1858 to update your system. New Packages: i686: nss-softokn-3.53.1-6.48.amzn1.i686 ...

6.5CVSS7.3AI score0.00628EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.39 views

Important: exim

Issue Overview: Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/ CVE-2023-42116 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability NOTE:...

9.8CVSS8.8AI score0.05673EPSS
Exploits2
Amazon
Amazon
added 2023/10/24 12:0 a.m.5 views

Medium: composer

Issue Overview: Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions...

8.8CVSS8.1AI score0.01378EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.40 views

Important: cacti

Issue Overview: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution ...

7.2CVSS8.6AI score0.82186EPSS
Exploits7
Amazon
Amazon
added 2023/10/24 12:0 a.m.27 views

Important: java-1.8.0-openjdk

Issue Overview: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service. CVE-2022-40433 Affected Packages: java-1.8.0-openjdk Issue Correction: Run yum update java-1.8.0-openjdk...

5.1AI score
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.3 views

Medium: ImageMagick

Issue Overview: 2024-06-06: CVE-2021-20309 was added to this advisory. A flaw was found in ImageMagick, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat fr...

7.8CVSS6.6AI score0.02315EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.32 views

Medium: ghostscript

Issue Overview: A buffer overflow vulnerability in epscprintpage in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. CVE-2020-16294 Affected Packages: ghostscript Issue Correction: Run yu...

5.5CVSS6.5AI score0.01886EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.25 views

Medium: ImageMagick

Issue Overview: A vulnerability was found in ImageMagick where heap use-after-free was found in coders/bmp.c. CVE-2023-5341 Affected Packages: ImageMagick Issue Correction: Run yum update ImageMagick or yum update --advisory ALAS-2023-1856 to update your system. New Packages: i686: ...

6.2CVSS6.4AI score0.00437EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: libX11

Issue Overview: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

7.8CVSS6.9AI score0.00633EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.32 views

Important: apache-ivy

Issue Overview: Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own...

8.2CVSS8.4AI score0.01855EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.8 views

Medium: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. CVE-2023-5344 Affected Packages: vim Issue Correction: Run dnf update vim --releasever 2023.2.20231018 or dnf update --advisory ALAS2023-2023-378 --releasever 2023.2.20231018 to update your system. More...

7.5CVSS6.8AI score0.0119EPSS
Exploits1
Amazon
Amazon
added 2023/10/24 12:0 a.m.3 views

Medium: libXpm

Issue Overview: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0 CVE-2023-43788 Affected Packages: libXpm Issue...

5.5CVSS6.2AI score0.00365EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.31 views

Medium: mutt

Issue Overview: A flaw was found in mutt. When reading unencoded messages, mutt uses the line length from the untrusted input without any validation. This flaw allows an attacker to craft a malicious message, which leads to an out-of-bounds read, causing data leaks that include fragments of other...

5.3CVSS5.2AI score0.01616EPSS
Exploits2
Amazon
Amazon
added 2023/10/24 12:0 a.m.4 views

Medium: postgresql15

Issue Overview: In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

7.5CVSS6.9AI score0.01807EPSS
Exploits0
Amazon
Amazon
added 2023/10/24 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting CVE-2022-48628 A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Due to a race...

7.8CVSS6.4AI score0.0047EPSS
Exploits2
Amazon
Amazon
added 2023/10/24 12:0 a.m.5 views

Medium: libXpm

Issue Overview: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVE-2023-43786 libX11: integer overflow in XCreateImage leading to a heap...

7.8CVSS7AI score0.00461EPSS
Exploits1
Total number of security vulnerabilities8850