Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: perl-Unicode-LineBreak

Issue Overview: Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire...

6.2CVSS5.8AI score0.002EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: lcms2

Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Affected Packages: lcms2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section f...

7.5CVSS5.9AI score0.00365EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Medium: libusbx

Issue Overview: libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor...

6.9CVSS6AI score0.00184EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails CVE-2026-45899 In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown CVE-2026-45920 In the...

7.8CVSS5.8AI score0.00172EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: perl-Cpanel-JSON-XS

Issue Overview: BOM-shift PV-corruption SIGABRT CVE-2026-9516 Affected Packages: perl-Cpanel-JSON-XS Issue Correction: Run dnf update perl-Cpanel-JSON-XS --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1829 --releasever 2023.12.20260622 to update your system. More information...

7.5CVSS5.8AI score0.00375EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: perl-GD

Issue Overview: command injection via 2-arg open in makefilehandle CVE-2026-11526 Affected Packages: perl-GD Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...

9.8CVSS5.8AI score0.01353EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: perl-GD

Issue Overview: command injection via 2-arg open in makefilehandle CVE-2026-11526 Affected Packages: perl-GD Issue Correction: Run dnf update perl-GD --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1890 --releasever 2023.12.20260622 to update your system. More information on...

9.8CVSS5.8AI score0.01353EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: rust

Issue Overview: gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlin...

7.8CVSS7AI score0.00248EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: rust

Issue Overview: gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlin...

7.8CVSS7AI score0.00248EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: poppler

Issue Overview: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation,...

7.8CVSS6.1AI score0.00252EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: compat-poppler22

Issue Overview: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation,...

7.8CVSS6.1AI score0.00252EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: libinput

Issue Overview: A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device ...

9.8CVSS6.4AI score0.00498EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: libinput

Issue Overview: A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device ...

9.8CVSS6.4AI score0.00498EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: graphite2

Issue Overview: Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. CVE-2026-50593 Affected Packages: graphite2 Issue Correction: Run dnf update graphite2...

7.3CVSS5.8AI score0.00112EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Medium: amazon-ssm-agent

Issue Overview: go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0...

7.4CVSS5.7AI score0.00259EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: graphite2

Issue Overview: Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. CVE-2026-50593 Affected Packages: graphite2 Note: This advisory is applicable to Amazon Linux...

7.3CVSS5.8AI score0.00112EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: libnfs

Issue Overview: libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c. CVE-2026-53689 Affected Packages: libnfs Note: This advisory is applicable to Amazon...

7.1CVSS5.9AI score0.00192EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Low: perl-HTML-Parser

Issue Overview: HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in...

7.5CVSS6AI score0.0031EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Medium: amazon-ssm-agent

Issue Overview: go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0...

7.4CVSS5.7AI score0.00259EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: libnfs

Issue Overview: libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c. CVE-2026-53689 Affected Packages: libnfs Issue Correction: Run dnf update libnfs...

7.1CVSS5.8AI score0.00192EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Low: perl-HTML-Parser

Issue Overview: HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in...

7.5CVSS6AI score0.0031EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: jpegxl

Issue Overview: Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. CVE-2025-70103 Affected Packages: jpegxl Issue Correction: Run dnf update jpegxl --releasever 2023.12.20260622 or dnf update...

7.3CVSS6.1AI score0.00367EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: poppler

Issue Overview: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation,...

7.8CVSS6.1AI score0.00252EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: libusbx

Issue Overview: libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor...

6.9CVSS6AI score0.00184EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: squid

Issue Overview: Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-based Buffer Overflow when sending maliciously crafted replies to cachedigest request messages. This...

5.8AI score
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Low: libssh

Issue Overview: libssh Possible Denial of Service when parsing unexpected configuration files CVE-2026-0965 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1824 --releasever 2023.12.20260622 to update your...

3.3CVSS6.4AI score0.00158EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Medium: python

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

6.1CVSS5.8AI score0.00229EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Medium: python3.11

Issue Overview: The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire. CVE-2026-2297...

6.1CVSS5.8AI score0.00229EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: jq

Issue Overview: jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow CVE-2026-49839 Affected Packages: jq Issue Correction: Run dnf update jq --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1860 --releasever 2023.12.20260622 to update your system...

5.8AI score0.00165EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.8 views

Important: squid

Issue Overview: Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-based Buffer Overflow when sending maliciously crafted replies to cachedigest request messages. This...

5.7AI score
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache CVE-2026-46174 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to...

8.8CVSS5.7AI score0.00129EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: rclone

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: rclone Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

6.5CVSS6AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: git-lfs

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: git-lfs Issue Correction: Run dnf update git-lfs --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1889 --releasever 2023.12.20260622 ...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: yq

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: yq Issue Correction: Run dnf update yq --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1887 --releasever 2023.12.20260622 to update...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-31709 Affected Packages: kernel6.18 Issue Correction: Run dnf update kernel6.18 --releasever 2023.12.20260622 or dnf update --advisory...

8.8CVSS6.8AI score0.00259EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-...

7.5CVSS6AI score0.00346EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: python-click

Issue Overview: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account. CVE-2026-7246 Affected Packages: python-click Issue Correction: Run dnf update python-click...

7.2CVSS6AI score0.0081EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: cri-tools

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: cri-tools Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

6.5CVSS6AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: cni-plugins

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: cni-plugins Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

6.5CVSS6AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: cni-plugins

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: cni-plugins Issue Correction: Run dnf update cni-plugins --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1888 --releasever...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Medium: python3-urllib3

Issue Overview: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

8.2CVSS5.8AI score0.00527EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Medium: python-urllib3

Issue Overview: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

8.2CVSS5.8AI score0.00527EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: python-urllib3

Issue Overview: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

8.2CVSS5.8AI score0.00527EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context CVE-2022-50472 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out...

9.8CVSS6.5AI score0.00554EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Important: samba

Issue Overview: unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a...

9.8CVSS6.5AI score0.12797EPSS
Exploits7
Amazon
Amazon
added 2026/06/22 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check CVE-2023-53989 In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level CVE-2025-39961 In the Linu...

9.8CVSS6.6AI score0.00554EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues CVE-2022-50552 In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol CVE-2025-38192 In th...

9.8CVSS6.1AI score0.00554EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Medium: httpd

Issue Overview: Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. CVE-2026-29167 A cross-site scripting...

9.8CVSS6AI score0.00687EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Medium: ImageMagick

Issue Overview: When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm CVE-2026-42326 Due to a missing check in the PSD decoder it would be possible to...

7.5CVSS6.1AI score0.01849EPSS
Exploits2
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: python-pip

Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...

5.5CVSS6.1AI score0.00275EPSS
Exploits0
Total number of security vulnerabilities8850