CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9349 matches found

Tenable Nessus•added 2016/01/19 12:0 a.m.•52 views

Amazon Linux AMI : openssh (ALAS-2016-638)

An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client. A buffer overflow flaw was found in t...

8.1CVSS8.1AI score0.63468EPSS

Exploits3References3

Tenable Nessus•added 2016/01/19 12:0 a.m.•21 views

Amazon Linux AMI : realmd (ALAS-2016-636)

A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response. C Tenable Network Security, Inc. The...

5CVSS5.5AI score0.02915EPSS

Exploits0References2

Tenable Nessus•added 2016/01/19 12:0 a.m.•28 views

Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)

DL::dlopen could open a library with tainted library name even if $SAFE 0. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-632. include"compat.inc"; if description scriptid87966;...

8.4CVSS8AI score0.005EPSS

Exploits0References2

Tenable Nessus•added 2016/01/19 12:0 a.m.•34 views

Amazon Linux AMI : dhcp (ALAS-2016-637)

ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service application crash via an invalid length field in a UDP IPv4 packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

6.5CVSS6.8AI score0.7645EPSS

Exploits0References2

Tenable Nessus•added 2016/01/19 12:0 a.m.•22 views

Amazon Linux AMI : sssd (ALAS-2016-635)

It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...

6.8CVSS7.2AI score0.03666EPSS

Exploits0References2

Tenable Nessus•added 2016/01/19 12:0 a.m.•39 views

Amazon Linux AMI : php56 / php55 (ALAS-2016-640)

The imagerotate function lacked validation of the background color variable, an integer which represents an index of the color palette. A number larger than the length of the color palette could be used in the function, reading beyond the memory of the color palette and causing an information lea...

9.1CVSS8AI score0.07806EPSS

Exploits1References2

Tenable Nessus•added 2016/01/19 12:0 a.m.•235 views

Amazon Linux AMI : libldb (ALAS-2016-633)

A denial of service flaw was found in the ldbwildcardcompare function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb for example the AD LDAP server in Samba, would cause that application to consume an excessive amount of memo...

7.5CVSS6.5AI score0.06884EPSS

Exploits0References3

Amazon•added 2016/01/19 12:0 a.m.•36 views

Medium: bind

Issue Overview: Specific APL RR data could cause a server to exit due to an INSIST failure in apl42.c when performing certain string formatting operations. CVE-2015-8704 CVE-2015-8705 was also issued today for bind, but the Amazon Linux AMI's version of bind is not impacted by that CVE. Affected...

7CVSS7.1AI score0.20172EPSS

Exploits0

OpenVAS•added 2015/12/16 12:0 a.m.•22 views

Amazon Linux: Security Advisory (ALAS-2015-630)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9.2AI score0.06664EPSS

Exploits0References2

OpenVAS•added 2015/12/16 12:0 a.m.•28 views

Amazon Linux: Security Advisory (ALAS-2015-631)

7.1CVSS7.8AI score0.5469EPSS

Exploits0References2

Tenable Nessus•added 2015/12/16 12:0 a.m.•23 views

Amazon Linux AMI : bind (ALAS-2015-631)

An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possib...

7.1CVSS6.9AI score0.5469EPSS

Exploits0References2

Tenable Nessus•added 2015/12/16 12:0 a.m.•23 views

Amazon Linux AMI : python-pygments (ALAS-2015-630)

An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...

9.3CVSS8.3AI score0.06664EPSS

Exploits0References2

OpenVAS•added 2015/12/15 12:0 a.m.•24 views

Amazon Linux: Security Advisory (ALAS-2015-622)

5CVSS6.5AI score0.04535EPSS

Exploits0References2

OpenVAS•added 2015/12/15 12:0 a.m.•16 views

Amazon Linux: Security Advisory (ALAS-2015-627)

5.5CVSS5.6AI score0.00432EPSS

Exploits0References2

OpenVAS•added 2015/12/15 12:0 a.m.•40 views

Amazon Linux: Security Advisory (ALAS-2015-621)