Lucene search
K

9382 matches found

Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.42 views

Amazon Linux AMI : curl (ALAS-2019-1233)

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

7.8CVSS7AI score0.49739EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.39 views

Amazon Linux AMI : libxslt (ALAS-2019-1241)

libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVE-2019-11068 C Tenable Network Security,...

9.8CVSS7.2AI score0.0523EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.36 views

Amazon Linux AMI : tomcat8 (ALAS-2019-1234)

The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able...

7.5CVSS6.5AI score0.72855EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.30 views

Amazon Linux AMI : vim (ALAS-2019-1239)

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 C Tenable Network Security, Inc. The descriptive text and package checks in...

9.3CVSS8.2AI score0.19111EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.42 views

Amazon Linux AMI : python34 (ALAS-2019-1242)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header...

6.1CVSS7.3AI score0.05406EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.35 views

Amazon Linux AMI : php54-pecl-imagick / php55-pecl-imagick,php56-pecl-imagick,php70-pecl-imagick,php71-pecl-imagick,php72-pecl-imagick (ALAS-2019-1237)

In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. CVE-2019-11037 C...

9.8CVSS7AI score0.01972EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.25 views

Amazon Linux AMI : docker (ALAS-2019-1245)

A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...

7.5CVSS7.4AI score0.03398EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.30 views

Amazon Linux AMI : dbus (ALAS-2019-1246)

dbus as used in DBusServer, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus library. This only affects the DBUSCOOKIESHA1 authentication mechanism. A malicious client with write access to its own home directory could manipulat...

7.1CVSS7AI score0.00555EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.30 views

Amazon Linux 2 : curl (ALAS-2019-1233)

An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

7.8CVSS7AI score0.49739EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.40 views

Amazon Linux 2 : thunderbird (ALAS-2019-1250)

libical: Heap buffer over read in icalparser.c parsergetnextchar CVE-2019-11703 libical: Type confusion in icaltimezonegetvtimezoneproperties function in icalproperty.c CVE-2019-11706 Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 libical: Stack buffer overflow in icalrecuraddbydayrules...

10CVSS8.2AI score0.55874EPSS
Exploits28References7
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.259 views

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

5.8CVSS7.3AI score0.09393EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.45 views

Amazon Linux 2 : qemu (ALAS-2019-1248)

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

9.8CVSS7.2AI score0.05546EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.53 views

Amazon Linux 2 : kernel (ALAS-2019-1232)

An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostnet kernel thread,...

7.7CVSS6.3AI score0.04425EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.35 views

Amazon Linux 2 : ruby (ALAS-2019-1249)

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through...

8.8CVSS7AI score0.03372EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.72 views

Amazon Linux 2 : python3 (ALAS-2019-1247)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ? character followed b...

6.1CVSS7.3AI score0.05406EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/07/22 12:0 a.m.29 views

Amazon Linux 2 : python-jinja2 (ALAS-2019-1223)

In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory ALAS-2019-1223. include'compat.inc'; if description scriptid126831; scriptversion"1.3";...

8.6CVSS8.7AI score0.03492EPSS
Exploits0References2
Amazon
Amazon
added 2019/07/18 12:0 a.m.35 views

Important: ruby

Issue Overview: An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8322 An issue was discovered in RubyGems 2.6 and...

8.8CVSS7.5AI score0.03372EPSS
Exploits0
Amazon
Amazon
added 2019/07/18 12:0 a.m.33 views

Critical: dnsmasq

Issue Overview: A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations...

9.8CVSS9AI score0.93307EPSS
Exploits32
Amazon
Amazon
added 2019/07/18 12:0 a.m.44 views

Low: curl

Issue Overview: An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 Affected Packages: curl Note: This advisory is applicable to Amazon...

7.8CVSS7.6AI score0.49739EPSS
Exploits2
Amazon
Amazon
added 2019/07/18 12:0 a.m.30 views

Critical: thunderbird

Issue Overview: libical: Heap buffer over read in icalparser.c parsergetnextchar CVE-2019-11703 libical: Type confusion in icaltimezonegetvtimezoneproperties function in icalproperty.c CVE-2019-11706 Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 libical: Stack buffer overflow in...

10CVSS9.2AI score0.55874EPSS
Exploits28
Rows per page
Query Builder