Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: python3.11-pip

Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...

5.5CVSS6.1AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: python3.13-pip

Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...

5.5CVSS6.1AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: python3.14-pip

Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...

5.5CVSS6.1AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: rust-cargo-c

Issue Overview: gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlin...

7.8CVSS7AI score0.00466EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: python3.12-pip

Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...

5.5CVSS6.1AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: python-pip

Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...

5.5CVSS6.1AI score0.00275EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.10 views

Important: vim

Issue Overview: Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file...

8.8CVSS6.3AI score0.00224EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.8 views

Important: vim

Issue Overview: Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in...

8.8CVSS7.7AI score0.00917EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.8 views

Important: openssl

Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...

9.1CVSS6.8AI score0.00684EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: dotnet8.0

Issue Overview: Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Uncontrolled resource...

7.8CVSS5.8AI score0.0243EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: dotnet10.0

Issue Overview: Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Uncontrolled resource...

7.8CVSS5.8AI score0.0243EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: dotnet9.0

Issue Overview: Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Uncontrolled resource...

7.8CVSS5.8AI score0.0243EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: tigervnc

Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but...

7.8CVSS6.3AI score0.00165EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: perl-IO-Compress

Issue Overview: IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes...

7.5CVSS6.2AI score0.00373EPSS
Exploits2
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: perl-IO-Compress

Issue Overview: IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes...

7.5CVSS6.1AI score0.00373EPSS
Exploits2
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: edk2

Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...

8.8CVSS6.7AI score0.02719EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: openssl-snapsafe

Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...

8.8CVSS6.8AI score0.02719EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.9 views

Medium: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process...

8.8CVSS6.6AI score0.00693EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Medium: perl-Crypt-PBKDF2

Issue Overview: Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key. CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl generate...

7.5CVSS5.8AI score0.00319EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: ansible-core

Issue Overview: A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags throu...

7.8CVSS6.4AI score0.00156EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.8 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec...

8.2CVSS6.5AI score0.00278EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: rrdtool

Issue Overview: A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allo...

7.8CVSS6.4AI score0.00126EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: containerd

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.2AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Important: runfinch-finch

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.2AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: soci-snapshotter

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.2AI score0.0065EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.4 views

Important: containerd

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.2AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: runfinch-finch

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.1AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.12 views

Important: soci-snapshotter

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.1AI score0.0065EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.14 views

Medium: giflib

Issue Overview: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size. CVE-2026-26740 Affected Packages: giflib Issue Correction...

8.2CVSS5.9AI score0.00467EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs CVE-2026-46323 Affected Packages: kernel...

7.8CVSS6.6AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.9 views

Important: credentials-fetcher

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.1AI score0.0065EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs CVE-2026-46323 Affected Packages: kernel6....

7.8CVSS6.6AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs CVE-2026-46323 Affected Packages: kernel6....

7.8CVSS6.6AI score0.00353EPSS
Exploits4
Amazon
Amazon
added 2026/06/22 12:0 a.m.3 views

Important: containerd

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS6.1AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: perl-DBI

Issue Overview: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders...

9.8CVSS6.3AI score0.00413EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.9 views

Important: mariadb1011

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

9.8CVSS7.4AI score0.00469EPSS
Exploits1
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: mariadb114

Issue Overview: During the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. CVE-2026-4416...

9.8CVSS6.2AI score0.00469EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: perl-DBI

Issue Overview: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders...

9.8CVSS6.3AI score0.00413EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: mariadb-connector-c

Issue Overview: An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysqlrealescapestring was supposed to prevent them. CVE-2026-4417...

9.8CVSS5.8AI score0.00319EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: containerd

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

10CVSS5.9AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: openssl11

Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...

8.8CVSS6.7AI score0.02719EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: openssl

Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...

8.8CVSS6.7AI score0.02719EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.5 views

Important: amazon-cloudwatch-agent

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause severa...

10CVSS6AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: amazon-cloudwatch-agent

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause severa...

10CVSS6.1AI score0.005EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.8 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

5.9AI score
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

6AI score
Exploits0
Total number of security vulnerabilities8850