Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2024/02/19 12:0 a.m.35 views

Medium: jsoup

Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.8AI score0.01208EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Medium: graphviz

Issue Overview: buffer overflow via a crafted config6a file NOTE: Crosses no security boundary, config files are under local control NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441 NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f...

7.8CVSS6.8AI score0.00712EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.3 views

Medium: xstream

Issue Overview: Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

7.5CVSS7AI score0.01022EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.30 views

Medium: xstream

Issue Overview: Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

7.5CVSS7.1AI score0.01022EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.25 views

Important: ghostscript

Issue Overview: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature. CVE-2020-36773 Affected Packages: ghostscri...

9.8CVSS9.6AI score0.00879EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.22 views

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

8.8CVSS8.4AI score0.01559EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Low: opensc

Issue Overview: A heap use after free issue was found in Opensc before version 0.22.0 in scfilevalid. CVE-2021-42779 Affected Packages: opensc Issue Correction: Run dnf update opensc --releasever 2023.3.20240219 to update your system. New Packages: aarch64: ...

5.3CVSS6.9AI score0.01938EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.75 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

7.8CVSS8.3AI score0.28058EPSS
Exploits16
Amazon
Amazon
added 2024/02/19 12:0 a.m.35 views

Medium: ipa

Issue Overview: A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system...

6.5CVSS6.3AI score0.0057EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.28 views

Important: nss-util

Issue Overview: Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8. CVE-2019-11729 A heap-based buffer overflow was...

8.8CVSS8.2AI score0.02994EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.7 views

Important: redis6

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

8.1CVSS8.6AI score0.02582EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Medium: graphviz

Issue Overview: buffer overflow via a crafted config6a file NOTE: Crosses no security boundary, config files are under local control NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441 NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f...

7.8CVSS6.9AI score0.00712EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.3 views

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to...

7.5CVSS6.9AI score0.01408EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Medium: ipa

Issue Overview: A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system...

6.5CVSS7AI score0.0057EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.8 views

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

7.8CVSS6.5AI score0.00563EPSS
Exploits2
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

5.3CVSS6.7AI score0.01208EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.2 views

Medium: liblouis

Issue Overview: Liblouis 3.5.0 has a Segmentation fault in loulogPrint in logging.c. CVE-2018-11577 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function...

8.8CVSS7.2AI score0.03236EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.7 views

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment...

7.8CVSS6.8AI score0.00386EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment...

7.8CVSS7.2AI score0.00386EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.3 views

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service crash via a crafted FLI file. CVE-2016-0775 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 A...

6.5CVSS8.7AI score0.02689EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.47 views

Medium: jetty

Issue Overview: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reje...

5.3CVSS6.6AI score0.01069EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5970 NOTE: Fixed by:...

8.8CVSS7.5AI score0.01559EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Important: redis6

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

8.1CVSS6.8AI score0.02582EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.42 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

7.8CVSS7.2AI score0.28058EPSS
Exploits16
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

7.8CVSS6.7AI score0.28058EPSS
Exploits16
Amazon
Amazon
added 2024/02/19 12:0 a.m.7 views

Important: ghostscript

Issue Overview: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature. CVE-2020-36773 Affected Packages: ghostscri...

9.8CVSS7.4AI score0.00879EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.31 views

Important: xorg-x11-server

Issue Overview: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 CVE-2023-6816 Reattaching to different master device...

9.8CVSS8.4AI score0.02106EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.40 views

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service crash via a crafted FLI file. CVE-2016-0775 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 A...

6.5CVSS6.4AI score0.02689EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next...

7.8CVSS7.6AI score0.00284EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Medium: lynx

Issue Overview: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165 Affected Packages: lynx Issue Correction: Run dnf update lynx --releasever 2023.3.20240219 or dnf...

5.3CVSS6.9AI score0.04455EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Medium: lynx

Issue Overview: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165 Affected Packages: lynx Issue Correction: Run dnf update lynx --releasever 2023.3.20240219 to updat...

5.3CVSS6.9AI score0.04455EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.2 views

Important: xorg-x11-server

Issue Overview: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 CVE-2023-6816 Reattaching to different master device...

9.8CVSS7.5AI score0.02106EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Important: xorg-x11-server

Issue Overview: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is...

9.8CVSS8.5AI score0.02106EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.3 views

Important: nss-util

Issue Overview: Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8. CVE-2019-11729 A heap-based buffer overflow was...

8.8CVSS9.2AI score0.02994EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.3 views

Important: xorg-x11-server

Issue Overview: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is...

9.8CVSS7.9AI score0.02106EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.52 views

Important: postgresql

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...

7.5CVSS7.3AI score0.01807EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.2 views

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

7.8CVSS7.5AI score0.00563EPSS
Exploits2
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to...

7.5CVSS6.8AI score0.01408EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Important: GraphicsMagick

Issue Overview: Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. CVE-2020-21679 In GraphicsMagick, a heap buffer overflow was found when parsing MIFF...

7.8CVSS7.3AI score0.00427EPSS
Exploits2
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Medium: jetty

Issue Overview: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reje...

5.3CVSS6.8AI score0.01069EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.3 views

Medium: libtiff

Issue Overview: A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356 Affected Packages: libtiff Issue...

7.5CVSS6.7AI score0.02187EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.2 views

Medium: libtiff

Issue Overview: A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356 Affected Packages: libtiff Issue...

7.5CVSS6.8AI score0.02187EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Important: GraphicsMagick

Issue Overview: Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. CVE-2020-21679 In GraphicsMagick, a heap buffer overflow was found when parsing MIFF...

7.8CVSS7.4AI score0.00427EPSS
Exploits2
Amazon
Amazon
added 2024/02/19 12:0 a.m.5 views

Important: postgresql

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...

7.5CVSS7.9AI score0.01807EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.45 views

Medium: unbound

Issue Overview: A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by queryin...

7.5CVSS7.7AI score0.01259EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.27 views

Medium: liblouis

Issue Overview: Liblouis 3.5.0 has a Segmentation fault in loulogPrint in logging.c. CVE-2018-11577 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function...

8.8CVSS8.9AI score0.03236EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.10 views

Important: cifs-utils

Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be...

7.8CVSS7.1AI score0.01804EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.33 views

Medium: nss-softokn

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss-softokn Note: This advisory is applicable...

4.3CVSS5.7AI score0.00714EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Important: cifs-utils

Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be...

7.8CVSS6.5AI score0.01804EPSS
Exploits0
Amazon
Amazon
added 2024/02/19 12:0 a.m.4 views

Medium: vim

Issue Overview: Vim before 9.0.2142 has a stack-based buffer overflow because didsetlangmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CVE-2024-22667 Affected Packages: vim Issue Correction: Run dnf update vim --releasever...

7.8CVSS7.9AI score0.00563EPSS
Exploits1
Total number of security vulnerabilities8850