Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2024/01/18 12:0 a.m.7 views

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.5CVSS8.3AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.15 views

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS6.9AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.3 views

Low: java-1.8.0-amazon-corretto

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-amazon-corretto Issue Correction: Run dnf update java-1.8.0-amazon-corretto --releasever 2023.3.20240117 to update your system. New Packages: aarch64: java-1.8.0-amazon-corretto-1.8.0402.b06-1.amzn2023.aarch64...

7.4CVSS7.7AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.6 views

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS6.8AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/18 12:0 a.m.14 views

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

7.4CVSS8.1AI score0.00911EPSS
Exploits0
Amazon
Amazon
added 2024/01/17 12:0 a.m.4 views

Low: java-1.8.0-amazon-corretto

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-amazon-corretto Note: This advisory is applicable to Amazon Linux 2 - Corretto8 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2...

7.4CVSS7AI score0.01026EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Important: thunderbird

Issue Overview: On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox 120, Firefox 115.5, and Thunderbird 115.5.0. CVE-2023-6204 It was...

8.8CVSS9.9AI score0.01406EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Important: firefox

Issue Overview: On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox 120, Firefox 115.5, and Thunderbird 115.5.0. CVE-2023-6204 It was...

8.8CVSS9.9AI score0.01406EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: double hook unregistration in netns path CVE-2022-49558 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. CVE-2023-39198 A use-after-free...

7.8CVSS6.6AI score0.01657EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.6 views

Medium: dmidecode

Issue Overview: Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630 Affected Packages: dmidecode Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...

7.1CVSS6.8AI score0.00523EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to...

8.6CVSS6.9AI score0.10352EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Medium: ntp

Issue Overview: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. CVE-2023-26552 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an...

6.4CVSS8.2AI score0.00703EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.56 views

Important: kernel

Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 "Packet Too...

7.8CVSS6.4AI score0.0094EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.43 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

8.6CVSS8.4AI score0.88818EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Medium: ncurses

Issue Overview: NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component ncwrapentry. CVE-2023-50495 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

6.5CVSS7.3AI score0.00962EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Medium: djvulibre

Issue Overview: An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. CVE-2021-46312 Affected Packages: djvulibre Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn mo...

6.5CVSS6.9AI score0.00869EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Low: curl

Issue Overview: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 Affected Packages: curl Note: This advisory is applicable to Amazon Linu...

6.5CVSS6.9AI score0.01685EPSS
Exploits2
Amazon
Amazon
added 2024/01/09 12:0 a.m.6 views

Low: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based...

7.3CVSS6.8AI score0.02108EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: ecs-init

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to...

6.1CVSS6.3AI score0.00843EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.26 views

Important: xorg-x11-server

Issue Overview: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is...

7.8CVSS7.5AI score0.01631EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.44 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS7AI score0.02758EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.45 views

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

5.3CVSS5AI score0.014EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: squid

Issue Overview: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to...

8.6CVSS7.1AI score0.88864EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: binutils

Issue Overview: A memory consumption issue in getdata function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. CVE-2020-19724 Heap-based Buffer Overflow in function bfdgetl32 in Binutils objdump 3.37. CVE-2021-46174 An issue was discovered...

7.5CVSS7.6AI score0.00895EPSS
Exploits7
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

5.3CVSS5.8AI score0.014EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Medium: libXpm

Issue Overview: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVE-2023-43786 Affected Packages: libXpm Note: This advisory is applicable ...

5.5CVSS6.5AI score0.00461EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.02758EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

5.3CVSS6AI score0.014EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: c-ares

Issue Overview: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and...

8.6CVSS9.3AI score0.02617EPSS
Exploits2
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Important: bluez

Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL...

6.3CVSS7.7AI score0.07879EPSS
Exploits8
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Important: libsass

Issue Overview: Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::hasrealparentref function. CVE-2022-26592 Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers t...

8.8CVSS7.3AI score0.01252EPSS
Exploits3
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: xmlgraphics-commons

Issue Overview: Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET...

8.2CVSS7AI score0.0665EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. CVE-2022-38750 Using snakeYAML to parse untrusted YAM...

6.5CVSS7AI score0.01453EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: python

Issue Overview: An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest. CVE-2022-48566 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2...

5.9CVSS7.1AI score0.01148EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Low: tar

Issue Overview: It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service. CVE-2023-39804 Affected Packages: tar Note: This advisory is applicable to Amazon Linux 2...

6.2CVSS6.9AI score0.00283EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: python-ldap

Issue Overview: python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could...

6.5CVSS6.8AI score0.01701EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Important: qpdf

Issue Overview: An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf. CVE-2021-25786 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in...

5.5CVSS8.5AI score0.01272EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: resteasy-base

Issue Overview: A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramete...

5.5CVSS6.5AI score0.01439EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.6 views

Important: kernel

Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel...

7.8CVSS4.4AI score0.0094EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Important: virtuoso-opensource

Issue Overview: An issue in the boxdiv function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement. CVE-2023-48948 An issue in the boxadd function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of...

8.8CVSS7AI score0.00958EPSS
Exploits4
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Medium: python-pillow

Issue Overview: Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.mapbuffer in map.c component. CVE-2016-9189 Affected Packages: python-pillow Note: Thi...

5.5CVSS6.7AI score0.01861EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Low: libpq

Issue Overview: No CVE associated with this advisory Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql12 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

8.8CVSS7AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Low: libuv

Issue Overview: Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can...

5.3CVSS9.2AI score0.23132EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Medium: jetty

Issue Overview: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space...

3.5CVSS7AI score0.01006EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.7 views

Medium: haproxy2

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...

8.2CVSS7.1AI score0.01526EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Medium: gstreamer-plugins-base

Issue Overview: A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability. CVE-2021-3522 Affected Packages: gstreamer-plugins-base Note: This advisory is applicable to...

5.5CVSS6.8AI score0.05372EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Low: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

4.7CVSS7.2AI score0.00441EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Important: xorg-x11-server

Issue Overview: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is...

7.8CVSS7.9AI score0.01631EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: avahi

Issue Overview: A reachable assertion was found in avahirdataparse. CVE-2023-38472 Affected Packages: avahi Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum upda...

6.2CVSS7AI score0.00306EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: avahi

Issue Overview: A reachable assertion was found in avahialternativehostname. CVE-2023-38473 Affected Packages: avahi Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run...

6.2CVSS7AI score0.00306EPSS
Exploits0
Total number of security vulnerabilities8850