Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2024/01/22 12:0 a.m.28 views

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

7.8CVSS8.5AI score0.167EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Medium: qt5-qtbase

Issue Overview: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Affected Packages: qt5-qtbase...

9.8CVSS7.3AI score0.00986EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.8AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.30 views

Medium: tomcat8

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

7.5CVSS7.7AI score0.02651EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.7AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: ghostscript

Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2...

7.5CVSS7.1AI score0.0153EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.31 views

Important: ghostscript

Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2...

7.5CVSS7.6AI score0.0153EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. CVE-2023-42883 The issue was addresse...

8.8CVSS9.4AI score0.03208EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Low: c-ares

Issue Overview: When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a...

3.7CVSS6.8AI score0.00936EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.12 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS7.3AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS8.1AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.12 views

Important: kernel

Issue Overview: When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too Big" PTB message to the sender. The sender caches this updated Maximum Transmission Unit MTU so it knows not to exceed this value when subsequently routing to the same host...

7.5CVSS8.7AI score0.0094EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.53 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS5.4AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

7.8CVSS7.8AI score0.167EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: webkitgtk4

Issue Overview: Impact: Visiting a website that frames malicious content may lead to UI spoofing. Description: The issue was addressed with improved UI handling. CVE-2022-32919 A website may be able to track the websites a user visited in Safari private browsing mode. CVE-2022-32933 A spoofing...

8.8CVSS8.7AI score0.29179EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: perl-Spreadsheet-ParseExcel

Issue Overview: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the...

7.8CVSS7.6AI score0.167EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.30 views

Important: apache-ivy

Issue Overview: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which ar...

7.5CVSS8.1AI score0.01596EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.2 views

Low: traceroute

Issue Overview: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316 Affected Packages: traceroute Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

5.5CVSS7.1AI score0.00367EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Important: thunderbird

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.5AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.4AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.34 views

Important: thunderbird

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

7.3CVSS7.2AI score0.01249EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.23 views

Low: traceroute

Issue Overview: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316 Affected Packages: traceroute Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

5.5CVSS6.1AI score0.00367EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.40 views

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. CVE-2023-42883 The issue was addresse...

8.8CVSS7.4AI score0.03208EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.34 views

Important: exim

Issue Overview: Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some...

5.3CVSS7.7AI score0.01072EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.27 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.3AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: wireshark

Issue Overview: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0208 IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packe...

7.8CVSS7.2AI score0.01838EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Important: wireshark

Issue Overview: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0208 IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packe...

7.8CVSS7.1AI score0.01838EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.6 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.8AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Medium: python-pycryptodomex

Issue Overview: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Affected Packages: python-pycryptodomex Issue Correction: Run dnf update python-pycryptodomex --releasever 2023.3.20240122 or dnf update...

5.9CVSS6.8AI score0.00618EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Medium: python-pycryptodomex

Issue Overview: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Affected Packages: python-pycryptodomex Issue Correction: Run dnf update python-pycryptodomex --releasever 2023.3.20240122 to update your...

5.9CVSS7AI score0.00618EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.3 views

Medium: haproxy

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...

8.2CVSS7.1AI score0.01526EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.9 views

Important: kernel

Issue Overview: When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too Big" PTB message to the sender. The sender caches this updated Maximum Transmission Unit MTU so it knows not to exceed this value when subsequently routing to the same host...

7.5CVSS7AI score0.0094EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.9 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.1AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Important: wireshark

Issue Overview: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0208 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

7.8CVSS7.2AI score0.01838EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.32 views

Medium: qt5-qtbase

Issue Overview: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Affected Packages: qt5-qtbase...

9.8CVSS8.8AI score0.00986EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.103 views

Important: webkitgtk4

Issue Overview: Impact: Visiting a website that frames malicious content may lead to UI spoofing. Description: The issue was addressed with improved UI handling. CVE-2022-32919 A website may be able to track the websites a user visited in Safari private browsing mode. CVE-2022-32933 A spoofing...

8.8CVSS8.8AI score0.29179EPSS
Exploits3
Amazon
Amazon
added 2024/01/22 12:0 a.m.11 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets CVE-2023-52654 In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for biointegrityprep...

8.8CVSS7.3AI score0.01999EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets CVE-2023-52654 In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for biointegrityprep...

8.8CVSS6.4AI score0.01999EPSS
Exploits2
Amazon
Amazon
added 2024/01/22 12:0 a.m.4 views

Important: ImageMagick

Issue Overview: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable. CVE-2016-5841 ImageMagick 7.0.7-12 Q16, a CPU exhaustion...

9.8CVSS9.1AI score0.13393EPSS
Exploits53
Amazon
Amazon
added 2024/01/22 12:0 a.m.7 views

Low: uriparser

Issue Overview: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. CVE-2021-46141 Affected Packages: uriparser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

5.5CVSS7.1AI score0.01131EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.25 views

Low: uriparser

Issue Overview: An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. CVE-2021-46141 Affected Packages: uriparser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

5.5CVSS5.5AI score0.01131EPSS
Exploits1
Amazon
Amazon
added 2024/01/22 12:0 a.m.36 views

Important: ImageMagick

Issue Overview: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable. CVE-2016-5841 ImageMagick 7.0.7-12 Q16, a CPU exhaustion...

9.8CVSS10AI score0.13393EPSS
Exploits53
Amazon
Amazon
added 2024/01/18 12:0 a.m.3 views

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.5CVSS6.9AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.14 views

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS8.1AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.6 views

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS8.2AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.49 views

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.5CVSS7.8AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.7 views

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS6.9AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.2 views

Low: java-1.8.0-amazon-corretto

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-amazon-corretto Issue Correction: Run dnf update java-1.8.0-amazon-corretto --releasever 2023.3.20240117 or dnf update --advisory ALAS2023-2024-482 --releasever 2023.3.20240117 to update your system. More informati...

7.4CVSS6.8AI score0.01026EPSS
Exploits0
Total number of security vulnerabilities8850