CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9349 matches found

Tenable Nessus•added 2016/11/11 12:0 a.m.•18 views

Amazon Linux AMI : cloud-init (ALAS-2016-763)

It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AMI derived from a...

5.5AI score

Exploits0References1

Tenable Nessus•added 2016/11/11 12:0 a.m.•32 views

Amazon Linux AMI : memcached (ALAS-2016-761)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. CVE-2016-8704 , CVE-2016-8705 An integer...

9.8CVSS9.1AI score0.45703EPSS

Exploits4References4

Tenable Nessus•added 2016/11/11 12:0 a.m.•55 views

Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-764)

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. CVE-2016-6325 A...

9.1CVSS6.3AI score0.10303EPSS

Exploits5References7

Amazon•added 2016/11/10 12:0 a.m.•30 views

Important: cloud-init

Issue Overview: It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AM...

7.1AI score

Exploits0

Tenable Nessus•added 2016/10/28 12:0 a.m.•260 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

9.6CVSS7AI score0.05437EPSS

Exploits0References6

Tenable Nessus•added 2016/10/28 12:0 a.m.•49 views

Amazon Linux AMI : python-twisted-web (ALAS-2016-760)

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

5.3CVSS5.6AI score0.02406EPSS

Exploits0References2

OpenVAS•added 2016/10/26 12:0 a.m.•26 views

Amazon Linux: Security Advisory (ALAS-2016-712)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.03231EPSS

Exploits0References2

OpenVAS•added 2016/10/26 12:0 a.m.•48 views

Amazon Linux: Security Advisory (ALAS-2016-726)

7.5CVSS7.5AI score0.15073EPSS

Exploits3References2

OpenVAS•added 2016/10/26 12:0 a.m.•28 views

Amazon Linux: Security Advisory (ALAS-2016-735)

9.8CVSS8.4AI score0.16893EPSS

Exploits0References2

OpenVAS•added 2016/10/26 12:0 a.m.•45 views

Amazon Linux: Security Advisory (ALAS-2016-719)