Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
•added 2024/03/04 12:0 a.m.•4 views

Medium: ncurses

Issue Overview: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c. CVE-2023-45918 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

7AI score
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•40 views

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

8.1CVSS7.9AI score0.0576EPSS
Exploits2
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•4 views

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

8.1CVSS7.5AI score0.0576EPSS
Exploits2
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•4 views

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

7AI score
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•23 views

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

7.3AI score
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•5 views

Important: shim

Issue Overview: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive...

8.3CVSS8.2AI score0.04852EPSS
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•44 views

Low: glib2

Issue Overview: An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance i...

5.3CVSS6.8AI score0.02622EPSS
Exploits1
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•6 views

Low: glib2

Issue Overview: An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance i...

5.3CVSS6.9AI score0.02622EPSS
Exploits1
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•39 views

Important: shim

Issue Overview: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive...

8.3CVSS8.8AI score0.04852EPSS
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•32 views

Medium: ncurses

Issue Overview: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c. CVE-2023-45918 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

5.4AI score
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•5 views

Important: less

Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7AI score0.01059EPSS
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•37 views

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run yum update cpio or yum update --advisory ALAS-2024-1925 to update your...

1.9CVSS6.5AI score0.02906EPSS
Exploits4
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•45 views

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

1.9CVSS6.2AI score0.02906EPSS
Exploits4
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•4 views

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

7.5CVSS6.9AI score0.99995EPSS
Exploits1
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•4 views

Low: glade

Issue Overview: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service application crash. CVE-2020-36774 Affected Packages: glade Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

5.5CVSS6.9AI score0.00214EPSS
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•5 views

Medium: xerces-c

Issue Overview: Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE page for fix status. CVE-2024-23807 Affected Packages: xerces-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

9.8CVSS8.4AI score0.09503EPSS
Exploits1
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•44 views

Important: kernel

Issue Overview: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. Th...

7CVSS7.3AI score0.0041EPSS
Exploits0
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•50 views

Important: edk2

Issue Overview: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

8.8CVSS7.8AI score0.03174EPSS
Exploits1
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•3 views

Important: edk2

Issue Overview: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

8.8CVSS7.5AI score0.03174EPSS
Exploits1
Amazon
Amazon
•added 2024/03/04 12:0 a.m.•37 views

Important: less

Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Issue Correction: Run yum update less or yum update --advisory ALAS-2024-1924 to update your system. New Packages: i686: less-436-13.13.amzn1.i686 ...

7.8CVSS6.8AI score0.01059EPSS
Exploits0
Amazon
Amazon
•added 2024/02/23 12:0 a.m.•22 views

Important: sudo

Issue Overview: In sudo-1.8.23-10.amzn2.3.6 Amazon Linux 2 and sudo-1.8.23-10.58.amzn1 Amazon Linux 1, a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been...

7.1AI score
Exploits1
Amazon
Amazon
•added 2024/02/23 12:0 a.m.•21 views

Important: sudo

Issue Overview: In sudo-1.8.23-10.amzn2.3.6 Amazon Linux 2 and sudo-1.8.23-10.58.amzn1 Amazon Linux 1, a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been...

6.7AI score
Exploits1
Amazon
Amazon
•added 2024/02/23 12:0 a.m.•4 views

Important: sudo

Issue Overview: In sudo-1.8.23-10.amzn2.3.6 Amazon Linux 2 and sudo-1.8.23-10.58.amzn1 Amazon Linux 1, a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been...

7AI score
Exploits1
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•4 views

Important: kernel-livepatch-4.14.336-253.554

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.7AI score0.00312EPSS
Exploits0
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•3 views

Low: containerd

Issue Overview: Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•3 views

Low: containerd

Issue Overview: Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•3 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

7.8CVSS6.7AI score0.28058EPSS
Exploits16
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•2 views

Important: atril

Issue Overview: Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem ...

8.5CVSS7.2AI score0.01016EPSS
Exploits2
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•4 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

7.8CVSS6.5AI score0.28058EPSS
Exploits16
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•4 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

7.8CVSS6.7AI score0.28058EPSS
Exploits16
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Amazon
Amazon
•added 2024/02/20 12:0 a.m.•4 views

Important: atril

Issue Overview: Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a...

9.6CVSS7.3AI score0.0234EPSS
Exploits2
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Medium: expat

Issue Overview: libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time. CVE-2023-52426 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.3.20240219 to update your system. New Packages: aarch64: ...

5.5CVSS6.8AI score0.00373EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•5 views

Important: amazon-ssm-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

9.8CVSS7.5AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•118 views

Important: amazon-ssm-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

9.8CVSS8.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•3 views

Important: amazon-ssm-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

9.8CVSS8AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Medium: unbound

Issue Overview: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation...

6.5CVSS6.8AI score0.0085EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•13 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling CVE-2023-52486 In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usag...

7.8CVSS7.3AI score0.28058EPSS
Exploits17
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•9 views

Important: amazon-ssm-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

9.8CVSS8AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•5 views

Medium: expat

Issue Overview: libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time. CVE-2023-52426 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.3.20240219 or dnf update --advisory ALAS2023-2024-524 --releasever 2023.3.20240219 ...

5.5CVSS9.3AI score0.00373EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Medium: openssl

Issue Overview: A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, i...

5.9CVSS6.5AI score0.03174EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•12 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling CVE-2023-52486 In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usag...

7.8CVSS8.3AI score0.28058EPSS
Exploits17
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Medium: openssl

Issue Overview: A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, i...

5.9CVSS7.1AI score0.03174EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•27 views

Medium: unbound

Issue Overview: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation...

6.5CVSS7AI score0.0085EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Medium: unbound

Issue Overview: A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by queryin...

7.5CVSS6.7AI score0.01259EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•6 views

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

7.5CVSS7AI score0.19653EPSS
Exploits1
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•35 views

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

7.5CVSS8.1AI score0.19653EPSS
Exploits1
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Low: opensc

Issue Overview: A heap use after free issue was found in Opensc before version 0.22.0 in scfilevalid. CVE-2021-42779 Affected Packages: opensc Issue Correction: Run dnf update opensc --releasever 2023.3.20240219 or dnf update --advisory ALAS2023-2024-534 --releasever 2023.3.20240219 to update you...

5.3CVSS6.9AI score0.01938EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•4 views

Important: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in...

7.8CVSS6.6AI score0.01177EPSS
Exploits0
Amazon
Amazon
•added 2024/02/19 12:0 a.m.•12 views

Important: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in...

7.8CVSS8.1AI score0.01177EPSS
Exploits0
Total number of security vulnerabilities8850