Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2024/02/05 12:0 a.m.49 views

Important: java-1.8.0-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.8AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.68 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS8.1AI score0.00767EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.5 views

Medium: firefox

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS10AI score0.02155EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.35 views

Medium: thunderbird

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS8.3AI score0.02155EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.3 views

Medium: thunderbird

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS9.9AI score0.02155EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.53 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS7.3AI score0.00715EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.3 views

Important: kernel

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS7AI score0.00767EPSS
Exploits1
Amazon
Amazon
added 2024/02/01 12:0 a.m.46 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS7.6AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.2 views

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

8.6CVSS6.7AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.6 views

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

8.6CVSS6.7AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/23 12:0 a.m.5 views

Medium: mariadb

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.6AI score0.01782EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.9 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.4AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.5 views

Important: firefox

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Low: libpq

Issue Overview: No CVE associated with this advisory Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

8.8CVSS7AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.2 views

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.2 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...

7.1CVSS6.3AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.4 views

Low: containerd

Issue Overview: No CVE associated with this advisory Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras...

7.8CVSS7AI score0.01814EPSS
Exploits2
Amazon
Amazon
added 2024/01/23 12:0 a.m.4 views

Low: containerd

Issue Overview: No CVE associated with this advisory Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7AI score0.01814EPSS
Exploits2
Amazon
Amazon
added 2024/01/23 12:0 a.m.1 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

7.8CVSS6.3AI score0.00836EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.4 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

7.8CVSS6.3AI score0.00836EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.26 views

Important: wireshark

Issue Overview: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0208 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

7.8CVSS6.8AI score0.01838EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.14 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Low: c-ares

Issue Overview: When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a...

3.7CVSS6.5AI score0.00936EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.28 views

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

7.8CVSS8.5AI score0.167EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Medium: qt5-qtbase

Issue Overview: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Affected Packages: qt5-qtbase...

9.8CVSS7.3AI score0.00986EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.8AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.30 views

Medium: tomcat8

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

7.5CVSS7.7AI score0.02651EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.7AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: ghostscript

Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2...

7.5CVSS7.1AI score0.0153EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Important: ghostscript

Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2...

7.5CVSS7.6AI score0.0153EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Low: c-ares

Issue Overview: When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a...

3.7CVSS6.8AI score0.00936EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.12 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.3AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS8.1AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.12 views

Important: kernel

Issue Overview: When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too Big" PTB message to the sender. The sender caches this updated Maximum Transmission Unit MTU so it knows not to exceed this value when subsequently routing to the same host...

7.5CVSS8.7AI score0.0094EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.53 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS5.4AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

7.8CVSS7.8AI score0.167EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: webkitgtk4

Issue Overview: Impact: Visiting a website that frames malicious content may lead to UI spoofing. Description: The issue was addressed with improved UI handling. CVE-2022-32919 A website may be able to track the websites a user visited in Safari private browsing mode. CVE-2022-32933 A spoofing...

8.8CVSS8.7AI score0.29179EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

7.8CVSS7.6AI score0.167EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.30 views

Important: apache-ivy

Issue Overview: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which ar...

7.5CVSS8.1AI score0.01596EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.2 views

Low: traceroute

Issue Overview: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316 Affected Packages: traceroute Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

5.5CVSS7.1AI score0.00367EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: thunderbird

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.5AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.34 views

Important: thunderbird

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.2AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.23 views

Low: traceroute

Issue Overview: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316 Affected Packages: traceroute Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

5.5CVSS6.1AI score0.00367EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.40 views

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. CVE-2023-42883 The issue was addresse...

8.8CVSS7.4AI score0.03208EPSS
Exploits0
Total number of security vulnerabilities8850