Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.41 views

Amazon Linux 2 : python3 (ALAS-2019-1259)

A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is...

9.8CVSS7.2AI score0.08811EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.223 views

Amazon Linux 2 : python (ALAS-2019-1258)

A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is...

9.8CVSS7.2AI score0.08811EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.31 views

Amazon Linux 2 : 389-ds-base (ALAS-2019-1262)

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service. CVE-2019-3883 C Tenab...

7.5CVSS6.2AI score0.08426EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.87 views

Amazon Linux 2 : kernel (ALAS-2019-1253)

There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure. CVE-2019-1125 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

5.6CVSS6.9AI score0.04521EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.46 views

Amazon Linux 2 : vim (ALAS-2019-1239)

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 C Tenable Network Security, Inc. The descriptive text and package checks in...

9.3CVSS8.2AI score0.19111EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.37 views

Amazon Linux 2 : mod_http2 (ALAS-2019-1264)

A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 C Tenable Network Security, Inc...

5.3CVSS6.4AI score0.193EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.32 views

Amazon Linux 2 : libssh2 (ALAS-2019-1263)

An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. CVE-2019-3858 An out of bounds read flaw was discovered...

9.1CVSS7.2AI score0.06448EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.61 views

Amazon Linux AMI : kernel (ALAS-2019-1253)

There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

5.6CVSS6.9AI score0.04521EPSS
Exploits4References2
Amazon
Amazon
added 2019/08/08 12:0 a.m.32 views

Critical: thunderbird

Issue Overview: When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even...

9.8CVSS9AI score0.20271EPSS
Exploits2
Amazon
Amazon
added 2019/08/07 12:0 a.m.30 views

Medium: 389-ds-base

Issue Overview: It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

7.5CVSS6.5AI score0.08426EPSS
Exploits0
Amazon
Amazon
added 2019/08/07 12:0 a.m.39 views

Low: mod_http2

Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...

5.3CVSS6.8AI score0.193EPSS
Exploits0
Amazon
Amazon
added 2019/08/05 12:0 a.m.38 views

Medium: kernel

Issue Overview: There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure. CVE-2019-1125 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2...

5.6CVSS7.1AI score0.04521EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.36 views

Amazon Linux AMI : tomcat7 (ALAS-2019-1235)

The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. CVE-2019-0221 C Tenable Network Security, In...

6.1CVSS6.9AI score0.45571EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.35 views

Amazon Linux AMI : python35 (ALAS-2019-1243)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header...

9.8CVSS7.3AI score0.08811EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.34 views

Amazon Linux AMI : python-urllib3 (ALAS-2019-1236)

In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2019-1236...

6.1CVSS7.4AI score0.02056EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.38 views

Amazon Linux AMI : golang (ALAS-2019-1238)

An issue was discovered in net/http in Go. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. CVE-2019-9741 C Tenable Network Security, Inc. The descriptive text an...

6.1CVSS6.6AI score0.02346EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.28 views

Amazon Linux AMI : bind (ALAS-2019-1244)

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...

7.5CVSS7.3AI score0.06404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.30 views

Amazon Linux AMI : exim (ALAS-2019-1252)

Exim allows remote code execution as root in some unusual configurations that use the $sort expansion for items that can be controlled by an attacker e.g., $localpart or $domain. CVE-2019-13917 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

10CVSS9AI score0.08622EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.55 views

Amazon Linux AMI : kernel (ALAS-2019-1232)

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

7.7CVSS6.3AI score0.04425EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.42 views

Amazon Linux AMI : curl (ALAS-2019-1233)

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

7.8CVSS7AI score0.49739EPSS
Exploits2References3
Rows per page
Query Builder