Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Medium: gstreamer1-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and...

5.1CVSS7.2AI score0.00225EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

8.1CVSS6.5AI score0.00353EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read...

9.8CVSS6.5AI score0.00656EPSS
Exploits12
Amazon
Amazon
added 2026/04/01 12:0 a.m.14 views

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read...

9.8CVSS6.3AI score0.00656EPSS
Exploits10
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Medium: python-pyasn1

Issue Overview: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands o...

7.5CVSS6.8AI score0.00679EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.13 views

Medium: thunderbird

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

5.5CVSS5.9AI score0.00216EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Low: python3.12-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fi...

7.5CVSS5.9AI score0.00475EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead o...

8.2CVSS5.9AI score0.00388EPSS
Exploits4
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Medium: ImageMagick

Issue Overview: A flaw was found in ImageMagick. An integer overflow vulnerability exists in the SIXEL decoder, which allows a remote attacker to perform an out-of-bounds write via a specially crafted image. This can lead to a Denial of Service DoS and potentially information disclosure...

7.5CVSS6.1AI score0.00475EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead o...

8.2CVSS5.9AI score0.00388EPSS
Exploits4
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Medium: firefox

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

5.5CVSS5.9AI score0.00216EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Medium: firefox

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

5.5CVSS5.9AI score0.00216EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates...

8.7CVSS5.9AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.12 views

Important: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates...

8.7CVSS5.9AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Low: python3.11-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

2CVSS5.8AI score0.0039EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: python3.13-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

8.7CVSS6.5AI score0.00396EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Medium: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In...

9.8CVSS6AI score0.00323EPSS
Exploits6
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Medium: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata...

9.8CVSS5.7AI score0.0049EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Low: libheif

Issue Overview: A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs...

4.8CVSS5.3AI score0.00117EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates...

8.7CVSS5.9AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs. CVE-2025-148...

5.3CVSS5.8AI score0.00638EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.3 views

Important: amazon-ssm-agent

Issue Overview: cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Affected Packages: amazon-ssm-agent Issue Correction: Run dnf update amazon-ssm-agent --releasever 2023.10.20260330 or d...

7.8CVSS6.4AI score0.00532EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs22

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs24

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7AI score0.0115EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs20

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.12 views

Important: mount-s3

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

8.7CVSS7.2AI score0.01079EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Medium: rust-cargo-c

Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...

7.1CVSS5.8AI score0.00291EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Low: rust-below

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.8AI score0.00291EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Medium: python-jwt

Issue Overview: A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 SS4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of...

7.5CVSS7AI score0.00269EPSS
Exploits1
Amazon
Amazon
added 2026/04/01 12:0 a.m.3 views

Important: gstreamer1-plugins-bad-free

Issue Overview: Various out-of-bounds reads and writes in the DVB subtitle decoder that can cause crashes for certain input files. CVE-2026-2923 GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...

7.8CVSS7.5AI score0.00787EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

7.8CVSS7.6AI score0.00787EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Important: dotnet9.0

Issue Overview: Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Affected Packages: dotnet9....

7.5CVSS6.8AI score0.02818EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: dotnet8.0

Issue Overview: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.10.20260330 or dnf update --advisory...

7.5CVSS5.9AI score0.02818EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Important: perl-YAML-Syck

Issue Overview: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the...

9.1CVSS6.1AI score0.00429EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.11 views

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Note: This advisory i...

5.1CVSS5.9AI score0.00144EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PS...

9.8CVSS7.2AI score0.00671EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Issue Correction: Run...

5.1CVSS5.8AI score0.00144EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.14 views

Medium: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43213 The iss...

7.5CVSS6.8AI score0.00961EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Low: openssl

Issue Overview: Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more...

7.5CVSS5.8AI score0.00435EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: perl-YAML-Syck

Issue Overview: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the...

9.1CVSS6.1AI score0.00429EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.9 views

Medium: python

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

6CVSS5.9AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.8 views

Medium: python3

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

6CVSS5.9AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Medium: runfinch-finch

Issue Overview: Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services...

7.5CVSS6.9AI score0.00728EPSS
Exploits2
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Medium: golist

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7.1AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.34 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values CVE-2025-71304 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue CVE-2026-23066 In the Linux kernel, the...

8.8CVSS5.3AI score0.00686EPSS
Exploits0
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Medium: credentials-fetcher

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.8AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/03/27 12:0 a.m.5 views

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PS...

9.8CVSS7.1AI score0.00671EPSS
Exploits0
Amazon
Amazon
added 2026/03/27 12:0 a.m.8 views

Important: ocaml

Issue Overview: In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded...

7.9CVSS6.6AI score0.0021EPSS
Exploits0
Amazon
Amazon
added 2026/03/27 12:0 a.m.6 views

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across...

8.4CVSS5.9AI score0.00201EPSS
Exploits2
Total number of security vulnerabilities8850