Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2024/02/05 12:0 a.m.5 views

Medium: firefox

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS10AI score0.02155EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.35 views

Medium: thunderbird

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS8.3AI score0.02155EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.3 views

Medium: thunderbird

Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...

8.8CVSS9.9AI score0.02155EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.9 views

Important: kernel-livepatch-4.14.334-252.552

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.3AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/02/05 12:0 a.m.7 views

Important: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

6.5CVSS6.9AI score0.75353EPSS
Exploits4
Amazon
Amazon
added 2024/02/05 12:0 a.m.7 views

Important: tomcat

Issue Overview: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...

5.3CVSS7AI score0.75353EPSS
Exploits4
Amazon
Amazon
added 2024/02/05 12:0 a.m.62 views

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

6.1CVSS6.8AI score0.00892EPSS
Exploits0
Amazon
Amazon
added 2024/02/01 12:0 a.m.47 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS7.6AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.6 views

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

8.6CVSS6.7AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.4 views

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

8.6CVSS6.9AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/31 12:0 a.m.3 views

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

8.6CVSS6.7AI score0.18087EPSS
Exploits18
Amazon
Amazon
added 2024/01/23 12:0 a.m.2 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...

7.1CVSS6.3AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.4 views

Low: containerd

Issue Overview: No CVE associated with this advisory Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras...

7.8CVSS7AI score0.01814EPSS
Exploits2
Amazon
Amazon
added 2024/01/23 12:0 a.m.4 views

Low: containerd

Issue Overview: No CVE associated with this advisory Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.8CVSS7AI score0.01814EPSS
Exploits2
Amazon
Amazon
added 2024/01/23 12:0 a.m.1 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

7.8CVSS6.3AI score0.00836EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.4 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

7.8CVSS6.3AI score0.00836EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.5 views

Medium: mariadb

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.6AI score0.01782EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.9 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.4AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.5 views

Important: firefox

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Low: libpq

Issue Overview: No CVE associated with this advisory Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

8.8CVSS7AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/23 12:0 a.m.3 views

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS7AI score0.02037EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

6.5CVSS9.1AI score0.00816EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.2 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...

7.1CVSS6.2AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.10 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.12 views

Important: amazon-cloudwatch-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS6.7AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.2 views

Important: dotnet6.0

Issue Overview: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability CVE-2024-0057 Microsoft Identity Denial of service vulnerability CVE-2024-21319...

9.8CVSS7.2AI score0.02868EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Medium: nss

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

6.5CVSS6.9AI score0.00816EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.11 views

Important: amazon-cloudwatch-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS7.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.43 views

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

6.5CVSS7.2AI score0.00816EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.57 views

Important: amazon-cloudwatch-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS7.9AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.61 views

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: amazon-cloudwatch-agent

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Medium: dbus

Issue Overview: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the...

6.5CVSS6.9AI score0.01417EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Medium: python3.11

Issue Overview: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing host...

7.5CVSS7.7AI score0.20459EPSS
Exploits3
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Medium: nss

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

6.5CVSS6.8AI score0.00816EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Important: dotnet6.0

Issue Overview: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability CVE-2024-0057 Microsoft Identity Denial of service vulnerability CVE-2024-21319...

9.8CVSS7.6AI score0.02868EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS7.1AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.7 views

Medium: python3.11

Issue Overview: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing host...

7.5CVSS7.9AI score0.20459EPSS
Exploits3
Amazon
Amazon
added 2024/01/22 12:0 a.m.62 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...

7.1CVSS7.3AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Medium: dbus

Issue Overview: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the...

6.5CVSS6.9AI score0.01417EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.43 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Issue Correction: Run yum update...

7.1CVSS6.4AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.38 views

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

6.5CVSS7.6AI score0.00816EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Medium: haproxy

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...

8.2CVSS7AI score0.01526EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.26 views

Important: wireshark

Issue Overview: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0208 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

7.8CVSS6.8AI score0.01838EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.14 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Low: c-ares

Issue Overview: When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a...

3.7CVSS6.5AI score0.00936EPSS
Exploits0
Total number of security vulnerabilities8850