Lucene search
K

9378 matches found

Tenable Nessus
Tenable Nessus
added 2018/10/11 12:0 a.m.97 views

Amazon Linux 2 : kernel (ALAS-2018-1086)

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...

8.3CVSS7.1AI score0.08743EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2018/10/11 12:0 a.m.61 views

Amazon Linux 2 : ghostscript (ALAS-2018-1088)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

9.3CVSS7.2AI score0.92499EPSS
Exploits4References15
Amazon
Amazon
added 2018/10/08 10:13 p.m.51 views

Important: kernel

Issue Overview: NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the Amazon Linux 2 LTS release. The advisory release date does not accurately reflect the date this was fixed. An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged...

7.8CVSS7.6AI score0.14806EPSS
Exploits6
Amazon
Amazon
added 2018/10/08 12:0 a.m.36 views

Medium: zsh

Issue Overview: An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line.CVE-2018-0502 It was discovered that zsh does not properly validate the shebang of input files and it truncates i...

9.8CVSS9.6AI score0.02723EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/10/05 12:0 a.m.273 views

Amazon Linux AMI : kernel (ALAS-2018-1086)

A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...

8.3CVSS7.2AI score0.08743EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2018/10/05 12:0 a.m.103 views

Amazon Linux AMI : kernel (ALAS-2018-1087)

NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the 2018.03 AMI release. The advisory release date does not accurately reflect the date this was fixed. The actual date of the fix being released is: 2018-04-23. An integer overflow flaw was found in the Linux kernel's...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2018/10/05 12:0 a.m.38 views

Amazon Linux AMI : mod_perl / mod24_perl (ALAS-2018-1085)

modperl allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users...

10CVSS8AI score0.08946EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.47 views

Amazon Linux 2 : bind (ALAS-2018-1082)

A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.CVE-2018-5740 %NASLMINLEVEL 70300 C Tenable...

7.5CVSS7.3AI score0.59353EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.54 views

Amazon Linux 2 : openssh (ALAS-2018-1075)

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.CVE-2018-15473 C Tenable Network...

5.9CVSS6.5AI score0.98631EPSS
Exploits23References2
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.133 views

Amazon Linux 2 : postgresql (ALAS-2018-1080)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.7AI score0.05154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.39 views

Amazon Linux AMI : procmail (ALAS-2018-1084)

A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.CVE-2017-16844 C Tenable Network Securit...

10CVSS8.3AI score0.12524EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.40 views

Amazon Linux AMI : squid (ALAS-2018-1081)

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with...

7.5CVSS6.6AI score0.13149EPSS
Exploits0References3
Amazon
Amazon
added 2018/09/20 12:0 a.m.46 views

Low: openssh

Issue Overview: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.CVE-2018-15473 Affecte...

5.9CVSS7.3AI score0.98631EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.47 views

Amazon Linux AMI : bind (ALAS-2018-1082)

A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.CVE-2018-5740 C Tenable Network Security, Inc...

7.5CVSS7.3AI score0.59353EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.60 views

Amazon Linux AMI : ntp (ALAS-2018-1083)

ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for...

9.8CVSS7.5AI score0.29037EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.112 views

Amazon Linux AMI : postgresql92 (ALAS-2018-1080)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.7AI score0.05154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.41 views

Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2018-1079)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.7AI score0.05154EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/09/19 12:0 a.m.57 views

Amazon Linux 2 : mariadb (ALAS-2018-1078)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

7.7CVSS5.8AI score0.0401EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2018/09/19 12:0 a.m.256 views

Amazon Linux 2 : qemu-kvm (ALAS-2018-1073)

A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...

8.8CVSS7.8AI score0.00823EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/09/19 12:0 a.m.36 views

Amazon Linux 2 : mutt (ALAS-2018-1077)

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.CVE-2018-14362 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-1...

9.8CVSS7.8AI score0.06229EPSS
Exploits0References4
Rows per page
Query Builder