Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Medium: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...

5.3CVSS6.6AI score0.7848EPSS
Exploits2
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: net-snmp

Issue Overview: handleipv6IpForwarding in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2022-44793 Affected...

6.5CVSS7.7AI score0.5346EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.6 views

Medium: libsndfile

Issue Overview: Multiple signed integers overflow in function aureadheader in src/au.c and in functions mat4open and mat4readheader in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts. CVE-2022-33065 Affected Packages: libsndfile Note: This...

7.8CVSS7.3AI score0.00351EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.72 views

Low: vim

Issue Overview: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in...

4.3CVSS7AI score0.00749EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.2 views

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as i...

4.2CVSS6.6AI score0.00544EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Medium: ncurses

Issue Overview: There is a heap-based buffer over-read in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses before 6.1-20191012. CVE-2019-17594 There is a heap-based buffer over-read in the fmtentry function in tinfo/comphash.c in the terminfo library in ncurses befo...

6.5CVSS7.2AI score0.02034EPSS
Exploits8
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Important: thunderbird

Issue Overview: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch...

8.8CVSS10AI score0.20472EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Important: firefox

Issue Overview: The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, a...

8.8CVSS10AI score0.20472EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.6 views

Important: kernel

Issue Overview: An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an iouring/fdinfo.c iouringshowfdinfo NULL pointer dereference can occur. CVE-2023-46862 When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6...

7.8CVSS7.1AI score0.01657EPSS
Exploits1
Amazon
Amazon
added 2024/01/09 12:0 a.m.8 views

Important: kernel

Issue Overview: A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. CVE-2023-39198 An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an iouring/fdinfo.c iouringshowfdinfo NULL pointer dereference can occur...

7.8CVSS6.6AI score0.01657EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Low: curl

Issue Overview: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 Affected Packages: curl Issue Correction: Run dnf update curl --releasev...

6.5CVSS6.8AI score0.01685EPSS
Exploits2
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Low: curl

Issue Overview: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 Affected Packages: curl Issue Correction: Run dnf update curl --releasev...

6.5CVSS6.7AI score0.01685EPSS
Exploits2
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Medium: ecs-init

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init --releasever 2023.3.20240108 or dnf update...

6.1CVSS8.6AI score0.00843EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: ecs-init

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init --releasever 2023.3.20240108 to update you...

6.1CVSS6.3AI score0.00843EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Medium: jtidy

Issue Overview: An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. CVE-2023-34623 Affected Packages: jtidy Issue Correction: Run dnf update jtidy --releasever 2023.3.20240108 to updat...

7.5CVSS6.9AI score0.00866EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.6 views

Medium: ncurses

Issue Overview: NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component ncwrapentry. CVE-2023-50495 Affected Packages: ncurses Issue Correction: Run dnf update ncurses --releasever 2023.3.20240108 to update your system. New Packages: aarch64: ...

6.5CVSS7.2AI score0.00962EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Medium: tomcat9

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

7.5CVSS9.1AI score0.02651EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Medium: tomcat9

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

7.5CVSS7AI score0.02651EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7.1AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.7 views

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS6.2AI score0.01328EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Important: ghostscript

Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releaseve...

7.5CVSS6.9AI score0.0153EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: jtidy

Issue Overview: An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. CVE-2023-34623 Affected Packages: jtidy Issue Correction: Run dnf update jtidy --releasever 2023.3.20240108 or dnf...

7.5CVSS7AI score0.00866EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Medium: bouncycastle

Issue Overview: Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file...

5.5CVSS6.8AI score0.00932EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.2 views

Low: tar

Issue Overview: It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service. CVE-2023-39804 Affected Packages: tar Issue Correction: Run dnf update tar --releasever...

6.2CVSS6.8AI score0.00283EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Low: tar

Issue Overview: It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service. CVE-2023-39804 Affected Packages: tar Issue Correction: Run dnf update tar --releasever...

6.2CVSS6.8AI score0.00283EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.2 views

Medium: gnutls

Issue Overview: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected. CVE-2023-5981 Affected Packages: gnutls Issue Correction:...

5.9CVSS7.5AI score0.01257EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.7 views

Medium: libssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

5.9CVSS6.2AI score0.93305EPSS
Exploits4
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Important: bluez

Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Issue Correction: Run dnf update bluez --releasever 2023.3.20240108 to update your system. New Packages: aarch64: ...

6.3CVSS7.8AI score0.07879EPSS
Exploits8
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.02758EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: ansible-core

Issue Overview: The upstream bug report describes this issue as follows: A flaw was found in Ansible, where a user's controller is vulnerable to template injection when internal templating operations may errantly remove the unsafe designation from template data. CVE-2023-5764 Affected Packages:...

7.8CVSS9.1AI score0.00539EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.7 views

Medium: p7zip

Issue Overview: p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. CVE-2022-47069 Affected Packages: p7zip Issue Correction: Run dnf update p7zip --releasever 2023.3.20240108 or dnf...

7.8CVSS7.2AI score0.00296EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Important: ghostscript

Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releaseve...

7.5CVSS7AI score0.0153EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Medium: ncurses

Issue Overview: NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component ncwrapentry. CVE-2023-50495 Affected Packages: ncurses Issue Correction: Run dnf update ncurses --releasever 2023.3.20240108 or dnf update --advisory ALAS2023-2024-466 --releasever 2023.3.2024010...

6.5CVSS7.2AI score0.00962EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Low: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

4.7CVSS7.9AI score0.00441EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.2 views

Low: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

4.7CVSS7.1AI score0.00441EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.6 views

Medium: bouncycastle

Issue Overview: Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file...

5.5CVSS6.8AI score0.00932EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.11 views

Important: postgresql15

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.1AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Important: postgresql15

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

8.8CVSS8.2AI score0.04322EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Medium: ansible-core

Issue Overview: The upstream bug report describes this issue as follows: A flaw was found in Ansible, where a user's controller is vulnerable to template injection when internal templating operations may errantly remove the unsafe designation from template data. CVE-2023-5764 Affected Packages:...

7.8CVSS7AI score0.00539EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Medium: p7zip

Issue Overview: p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. CVE-2022-47069 Affected Packages: p7zip Issue Correction: Run dnf update p7zip --releasever 2023.3.20240108 to upda...

7.8CVSS7.3AI score0.00296EPSS
Exploits1
Amazon
Amazon
added 2024/01/08 12:0 a.m.20 views

Important: grpc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: grpc Issue Correction: Run dnf update grpc --releaseve...

7.5CVSS8.6AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2024/01/08 12:0 a.m.9 views

Medium: libssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

5.9CVSS6.9AI score0.93305EPSS
Exploits4
Amazon
Amazon
added 2024/01/08 12:0 a.m.5 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

8.6CVSS6.7AI score0.57627EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Medium: gnutls

Issue Overview: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected. CVE-2023-5981 Affected Packages: gnutls Issue Correction:...

5.9CVSS6.7AI score0.01257EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS8.9AI score0.02758EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.2 views

Important: bluez

Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Issue Correction: Run dnf update bluez --releasever 2023.3.20240108 or dnf update --advisory ALAS2023-2024-473 --releasever 2023.3.2024010...

6.3CVSS7.6AI score0.07879EPSS
Exploits8
Amazon
Amazon
added 2024/01/08 12:0 a.m.4 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

8.6CVSS6.9AI score0.57627EPSS
Exploits0
Amazon
Amazon
added 2024/01/08 12:0 a.m.8 views

Important: grpc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: grpc Issue Correction: Run dnf update grpc --releaseve...

7.5CVSS8.7AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/12/19 12:0 a.m.36 views

Medium: openssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

5.9CVSS7.6AI score0.93305EPSS
Exploits4
Amazon
Amazon
added 2023/12/18 12:0 a.m.4 views

Important: kernel-livepatch-6.1.52-71.125

Issue Overview: An integer overflow in kmallocreserve in the Linux kernel may allow a local user to crash the system, or in some cases obtain code execution in kernel space. CVE-2023-42752 An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel...

7.8CVSS8.1AI score0.00856EPSS
Exploits1
Total number of security vulnerabilities8850