Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
•added 2024/02/05 12:0 a.m.•61 views

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

6.1CVSS6.8AI score0.00892EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•59 views

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

6.1CVSS6.8AI score0.00892EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•2 views

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

7.8CVSS7.6AI score0.00563EPSS
Exploits2
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•3 views

Important: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in...

7.8CVSS6.5AI score0.01999EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•2 views

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update sudo or yum update --advisor...

7CVSS7AI score0.00541EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•3 views

Low: pcre2

Issue Overview: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. CVE-2022-41409 Affected Packages: pcre2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

7.5CVSS7.2AI score0.00962EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•2 views

Medium: kernel

Issue Overview: A memory corruption flaw was found in the Linux kernel's human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-1073 Affected Packages: kernel Note:...

6.6CVSS6.6AI score0.00388EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•3 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

8.6CVSS6.8AI score0.57627EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•9 views

Important: kernel-livepatch-4.14.328-248.540

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.4AI score0.00522EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Important: kernel-livepatch-4.14.327-246.539

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.4AI score0.00522EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•2 views

Important: kernel-livepatch-4.14.330-250.540

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.4AI score0.00522EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•32 views

Medium: kernel

Issue Overview: A memory corruption flaw was found in the Linux kernel's human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-1073 Affected Packages: kernel Note:...

6.6CVSS7.7AI score0.00388EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•44 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

8.6CVSS8.3AI score0.57627EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•30 views

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Issue Correction: Run yum update sudo or yum update --advisory ALAS-2024-1917 to update your system. New Packages: i686: sudo-debuginfo-1.8.23-10.58.amzn1.i686 sudo-devel-1.8.23-10.58.amzn1.i686 ...

7CVSS6.8AI score0.00541EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•31 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

8.6CVSS8.1AI score0.57627EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•38 views

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update sudo to update your system...

7CVSS7.3AI score0.00541EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•21 views

Low: pcre2

Issue Overview: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. CVE-2022-41409 Affected Packages: pcre2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

7.5CVSS6.7AI score0.00962EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Important: java-11-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7AI score0.01026EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Important: java-1.8.0-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.4AI score0.01026EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Medium: php

Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...

6.5CVSS7.7AI score0.49336EPSS
Exploits2
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•5 views

Important: webkitgtk4

Issue Overview: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-42950 A type...

8.8CVSS9.4AI score0.10593EPSS
Exploits7
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•51 views

Important: webkitgtk4

Issue Overview: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-42950 A type...

8.8CVSS9.4AI score0.10593EPSS
Exploits7
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•28 views

Important: libtiff

Issue Overview: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVE-2023-6277 Affected Packages: libtiff Issue Correction: Run yum update libtiff or yu...

6.5CVSS7.4AI score0.01825EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•3 views

Important: wireshark

Issue Overview: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0209 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

7.8CVSS7.2AI score0.00579EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•47 views

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.01364EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.01364EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•1 views

Important: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in...

7.8CVSS6.3AI score0.01999EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Important: nss

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.5AI score0.01249EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Medium: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error page...

6.5CVSS6.8AI score0.6005EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•3 views

Important: redis

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

8.1CVSS8.1AI score0.02582EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•38 views

Medium: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error page...

6.5CVSS7.3AI score0.6005EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•67 views

Important: nss

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.2AI score0.01249EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•30 views

Medium: rear

Issue Overview: Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301 Affected Packages: rear Note: This advisory is applicable to Amazon Linux 2...

5.5CVSS5.6AI score0.00291EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•37 views

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

7.8CVSS7AI score0.00563EPSS
Exploits2
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•37 views

Low: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CVE-2022-38752 Affected Packages: snakeyaml Note: Th...

6.5CVSS7.5AI score0.02015EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•34 views

Important: cacti

Issue Overview: Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the "Settings/Utilities" permission can se...

8.8CVSS9AI score0.09022EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•21 views

Low: indent

Issue Overview: A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash. CVE-2024-0911 Affected Packages: indent Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

5.5CVSS5.4AI score0.00312EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•30 views

Important: wireshark

Issue Overview: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0209 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

7.8CVSS6.7AI score0.00579EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•29 views

Low: pam

Issue Overview: A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in...

5.5CVSS5.8AI score0.00455EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•4 views

Important: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in...

7.8CVSS6.1AI score0.01999EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•7 views

Medium: rear

Issue Overview: Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. CVE-2024-23301 Affected Packages: rear Note: This advisory is applicable to Amazon Linux 2...

5.5CVSS6.9AI score0.00291EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•2 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•8 views

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 In...

7.8CVSS5AI score0.0788EPSS
Exploits15
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•68 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS8.1AI score0.00767EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•3 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS7AI score0.00767EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•53 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS7.3AI score0.00715EPSS
Exploits1
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•6 views

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

9.8CVSS7.4AI score0.03399EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•46 views

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

9.8CVSS9.2AI score0.03399EPSS
Exploits0
Amazon
Amazon
•added 2024/02/05 12:0 a.m.•8 views

Important: kernel

Issue Overview: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if unbind the driver. CVE-2020-27820 A flaw use-after-free in...

7.8CVSS5.4AI score0.01245EPSS
Exploits3
Total number of security vulnerabilities8850