Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2026/06/12 12:0 a.m.10 views

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2026/06/12 12:0 a.m.13 views

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2026/06/12 12:0 a.m.14 views

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Amazon
Amazon
added 2026/06/12 12:0 a.m.6 views

Medium: mariadb114

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.7AI score0.00303EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: nvidia-fabricmanager

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: gstreamer1-plugins-good

Issue Overview: An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by...

9.1CVSS5.4AI score0.00208EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: credentials-fetcher

Issue Overview: A denial of service vulnerability GHSA-XMRV-PMRH-HHX2 was found in the bundled AWS SDK for Go v2 EventStream decoder used by credentials-fetcher. An attacker who can inject a malformed EventStream response frame with a crafted header value type byte outside the valid range can cau...

5.4AI score
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update perl or yum updat...

9.8CVSS5.5AI score0.00398EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: bind

Issue Overview: Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message, causing denial of service. Both authoritative servers and resolvers are affected. CVE-2026-5946 Affected Packages: bind Note: This...

7.5CVSS5.5AI score0.0181EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Medium: sendmail

Issue Overview: sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail...

5.3CVSS5.9AI score0.01073EPSS
Exploits2
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: atril

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 Affected Packages: atril Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visi...

8.4CVSS5.5AI score0.00529EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

5.5AI score0.00529EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: libsolv

Issue Overview: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI...

7.8CVSS5.9AI score0.00399EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: libsolv

Issue Overview: A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable...

7.8CVSS5.9AI score0.00399EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: postgresql17

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: postgresql18

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.7AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: postgresql16

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: dotnet8.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...

7.5CVSS5.7AI score0.0243EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: dotnet9.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...

7.5CVSS5.7AI score0.0243EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: dotnet10.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...

7.5CVSS5.7AI score0.0243EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: gnutls

Issue Overview: A remotely triggerable underflow in the DTLS reassembly code led to a heap overrun. The issue was reported in the issue tracker as 1811 by Joshua Rogers of AISLE Research Team. CVE-2026-33845 Affected Packages: gnutls Issue Correction: Run dnf update gnutls --releasever...

9.1CVSS5.5AI score0.00805EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: kmod-nvidia-open-dkms

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: cuda-drivers

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: kmod-nvidia-latest-dkms

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: perl-YAML-Syck

Issue Overview: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the...

7.3CVSS5.7AI score0.00333EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: nvidia-imex

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread CVE-2022-50350 In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache...

8.8CVSS4.8AI score0.00129EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.5AI score0.00266EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.4AI score0.00266EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: nvlink5

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: nvidia-persistenced

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: composer

Issue Overview: Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1800 --releasever 2023.12.20260608 to update your system...

5.7AI score0.00079EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: nvidia-modprobe

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: perl-Template-Toolkit

Issue Overview: emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly...

6.1CVSS5.7AI score0.00282EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Issue Correction: Run dnf update perl-Crypt-PasswdMD5...

7.5CVSS5.4AI score0.00447EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: tomcat9

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.01339EPSS
Exploits2
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: tomcat

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.01339EPSS
Exploits2
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: bind

Issue Overview: Limit resolver server list size CVE-2026-3592 Avoid unbounded recursion loop CVE-2026-5950 Affected Packages: bind Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

5.3CVSS5.5AI score0.00551EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

7.5CVSS5.5AI score0.00447EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: libvncserver

Issue Overview: LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A...

8.8CVSS5.5AI score0.00242EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: 7zip

Issue Overview: A heap buffer overflow vulnerability GHSL-2026-140 exists in 7-Zip version 26.00, caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to exploit this issue for arbitrary code execution or application crashes...

8.8CVSS6.4AI score0.00938EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.15 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files CVE-2025-39901 In the Linux kernel, the following vulnerability has been resolved: exfat: validate cluster allocation bits of the allocation bitmap CVE-2025-40307 In the...

8.8CVSS5.1AI score0.0049EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: tomcat10

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

9.8CVSS6.4AI score0.01339EPSS
Exploits2
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: nvidia-xconfig

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.8 views

Important: nvidia-kmod-common

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: libnvidia-nscq

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: yelp

Issue Overview: A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help document can use a CSS stylesheet embedded in an SVG image to exfiltrate the contents of local files such as files under /proc to an external server witho...

7.4CVSS6.8AI score0.10598EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Medium: perl-Template-Toolkit

Issue Overview: emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly...

6.1CVSS5.7AI score0.00282EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: libnvsdm

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.7 views

Important: nvidia-open

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Total number of security vulnerabilities8850