Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Medium: clamav1.5

Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...

8.1CVSS5.9AI score0.00688EPSS
Exploits3
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

7.8CVSS8AI score0.01069EPSS
Exploits2
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Medium: vim

Issue Overview: Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.007...

7.8CVSS5.9AI score0.00177EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS6.3AI score0.21621EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: perl-XML-Parser

Issue Overview: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters...

9.8CVSS6.1AI score0.00604EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.4 views

Medium: tigervnc

Issue Overview: In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352 Affected Packages: tigervnc Issue Correction: Run dnf update tigervnc --releasever...

9.8CVSS5.8AI score0.00247EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable a...

9.2CVSS5.8AI score0.08942EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.9 views

Important: dovecot

Issue Overview: Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm ht...

7.5CVSS5.9AI score0.0079EPSS
Exploits2
Amazon
Amazon
added 2026/04/13 12:0 a.m.11 views

Important: plexus-utils

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: plexus-utils Issue Correction: Run dn...

8.8CVSS6.1AI score0.00663EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: javapackages-bootstrap

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: javapackages-bootstrap Issue...

8.8CVSS6.1AI score0.00663EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: freerdp

Issue Overview: DoS via WINPRASSERT in rtsreadauthverifiernochecks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 CVE-2026-33952 DoS via WINPRASSERT in IMA ADPCM audio decoder dsp.c:331 NOTE:...

8.1CVSS5.8AI score0.00426EPSS
Exploits2
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: libtiff

Issue Overview: A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer...

7.8CVSS6.1AI score0.00553EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: nodejs20

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.26356EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: nodejs22

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.26356EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: python3.12

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: python3.14

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: openssl

Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...

7.5CVSS5.9AI score0.00981EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: nodejs24

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.2AI score0.26356EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: python3.11

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: python3.13

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00308EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: sudo

Issue Overview: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. CVE-2026-35535 Affected Packages: sudo Issue Correction: Run dnf update sudo...

7.4CVSS5.8AI score0.00173EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Low: tracker-miners

Issue Overview: A flaw was found in GNOME localsearch MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial ...

6.2AI score0.00246EPSS
Exploits4
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: libpng

Issue Overview: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single...

7.6CVSS5.9AI score0.01052EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.9 views

Important: vim

Issue Overview: When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctl...

9.2CVSS6.1AI score0.01162EPSS
Exploits3
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: firefox

Issue Overview: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single...

10CVSS6.2AI score0.01052EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.3 views

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application...

7.5CVSS5.8AI score0.00775EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.20 views

Medium: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7.3AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.10 views

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Medium: yq

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

7.5CVSS7.2AI score0.00728EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: python3.9

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

7CVSS5.8AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.10 views

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: runfinch-finch

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.11 views

Important: nerdctl

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.10 views

Important: soci-snapshotter

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: amazon-cloudwatch-agent

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.11 views

Important: ecs-init

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: credentials-fetcher

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
Amazon
Amazon
added 2026/04/08 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue CVE-2026-23066 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extr...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
Amazon
Amazon
added 2026/04/07 12:0 a.m.9 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path CVE-2024-14027 In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux...

9.8CVSS5.8AI score0.00812EPSS
Exploits2
Amazon
Amazon
added 2026/04/07 12:0 a.m.7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata CVE-2025-71265 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid...

9.8CVSS5.7AI score0.00812EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.13 views

Important: gstreamer1-plugins-good

Issue Overview: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux ...

8.8CVSS7.3AI score0.00828EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: gstreamer1-plugins-good

Issue Overview: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085 Affected Packages: gstreamer1-plugins-good Issue Correction: Run dnf update...

8.8CVSS7.3AI score0.00828EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: bind

Issue Overview: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS7.3AI score0.01545EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: bind

Issue Overview: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS7.3AI score0.01545EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Medium: rust

Issue Overview: Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. CVE-2026-32829 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

8.2CVSS5.9AI score0.00608EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.11 views

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and A...

7.8CVSS7.1AI score0.00867EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: gstreamer1-plugins-base

Issue Overview: An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Affected Packages: gstreamer1-plugins-base Issue Correction: Run dnf update gstreamer1-plugins-base --releasever 2023.10.20260330 or dnf update --advisory ALAS2023-2026-1504...

7.8CVSS7.1AI score0.00867EPSS
Exploits0
Total number of security vulnerabilities8850