Lucene search
K

9382 matches found

Amazon
Amazon
added 2019/10/21 12:0 a.m.27 views

Low: exempi

Issue Overview: An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file.CVE-2017-18233 An issue was discovered in Exempi...

7.8CVSS6.8AI score0.01707EPSS
Exploits5
Amazon
Amazon
added 2019/10/21 12:0 a.m.40 views

Low: blktrace

Issue Overview: blktrace aka Block IO Tracing 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the devmapread function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted...

5.5CVSS6.1AI score0.02001EPSS
Exploits0
Amazon
Amazon
added 2019/10/21 12:0 a.m.41 views

Important: SDL2

Issue Overview: An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9. There is an out-of-bounds read in the function SDLInvalidateMap at video/SDLpixels.c.CVE-2019-12222 A heap-based buffer overflow was discovered in SDL in the SDLBlitCopy function, that was called while...

8.1CVSS8.1AI score0.03299EPSS
Exploits2
Amazon
Amazon
added 2019/10/21 12:0 a.m.40 views

Medium: curl

Issue Overview: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.CVE-2019-5481 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

9.8CVSS7.1AI score0.17939EPSS
Exploits0
Amazon
Amazon
added 2019/10/21 12:0 a.m.57 views

Medium: http-parser

Issue Overview: Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to...

7.5CVSS8AI score0.10207EPSS
Exploits0
Amazon
Amazon
added 2019/10/21 12:0 a.m.33 views

Medium: libarchive

Issue Overview: libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16.CVE-2017-14503 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0...

8.8CVSS7.4AI score0.04575EPSS
Exploits1
Amazon
Amazon
added 2019/10/21 12:0 a.m.21 views

Low: keycloak-httpd-client-install

Issue Overview: It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.CVE-2017-15111 In keycloak-http-client-install prior to versi...

7.8CVSS6.8AI score0.00386EPSS
Exploits0
Amazon
Amazon
added 2019/10/21 12:0 a.m.40 views

Medium: perl-Archive-Tar

Issue Overview: It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl...

7.5CVSS8AI score0.07638EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/10/18 12:0 a.m.286 views

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1316)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...

6.8CVSS6.4AI score0.03749EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.34 views

Amazon Linux 2 : sudo (ALAS-2019-1315)

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if...

9CVSS7.4AI score0.63917EPSS
Exploits18References4
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.28 views

Amazon Linux AMI : sudo (ALAS-2019-1309)

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if...

9CVSS7.3AI score0.63917EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.36 views

Amazon Linux 2 : opensc (ALAS-2019-1312)

Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other...

6.8CVSS6.4AI score0.00692EPSS
Exploits10References12
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.30 views

Amazon Linux 2 : libmspack (ALAS-2019-1310)

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.CVE-2018-18584 chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' a...

6.5CVSS6.7AI score0.03086EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.20 views

Amazon Linux 2 : libwpd (ALAS-2019-1311)

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.CVE-2018-19208 C Tenable Network Security, Inc. The descriptive text and package checks in th...

6.5CVSS5.8AI score0.01488EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.31 views

Amazon Linux AMI : sssd (ALAS-2019-1307)

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.CVE-2018-16838 A vulnerability was found in sssd where, if a us...

5.5CVSS5.8AI score0.01122EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.34 views

Amazon Linux 2 : optipng (ALAS-2019-1313)

The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory write and crash via a series of delta escapes in a crafted BMP image.CVE-2016-2191 C Tenable Network Security, Inc. The descriptive text and package checks i...

6.5CVSS6.8AI score0.03519EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.64 views

Amazon Linux 2 : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

7.8CVSS7.8AI score0.82017EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.34 views

Amazon Linux AMI : libtiff (ALAS-2019-1306)

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service application crash via a crafted GIF file.CVE-2016-3186 An integer overflow has been discovered in libtiff in TIFFSetupStrips:tifwrite.c, which could lead to a heap-bas...

8.8CVSS7AI score0.25183EPSS
Exploits10References11
Tenable Nessus
Tenable Nessus
added 2019/10/11 12:0 a.m.42 views

Amazon Linux 2 : golang (ALAS-2019-1309)

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

9.8CVSS8AI score0.08359EPSS
Exploits1References2
Amazon
Amazon
added 2019/10/08 12:0 a.m.31 views

Medium: libmspack

Issue Overview: In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.CVE-2018-18584 chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename...

6.5CVSS7.4AI score0.03086EPSS
Exploits1
Rows per page
Query Builder