Lucene search
K

9396 matches found

Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.34 views

Amazon Linux AMI : tomcat7 (ALAS-2013-191)

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

2.6CVSS5.3AI score0.06501EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.20 views

Amazon Linux AMI : ca-certificates (ALAS-2011-03)

This update includes the latest updates to the root Certificate Authority list from Mozilla. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed ...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.40 views

Amazon Linux AMI : glibc (ALAS-2012-120)

Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation strtod, strtof, and strtold. If an application used such a function on attacker controlled input, it could cause the application to crash o...

4.6CVSS6.4AI score0.00993EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.46 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

10CVSS8.2AI score0.45113EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.32 views

Amazon Linux AMI : nss (ALAS-2012-108)

A flaw was found in the way the ASN.1 Abstract Syntax Notation One decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially crafted...

5CVSS8AI score0.02945EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.51 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-183)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384 Multiple improper permission check issues were...

10CVSS7.7AI score0.87227EPSS
Exploits21References23
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.26 views

Amazon Linux AMI : quagga (ALAS-2012-70)

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service daemon crash via a Link State Update aka LS Update packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the...

3.3CVSS8.2AI score0.01316EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.41 views

Amazon Linux AMI : postgresql9 (ALAS-2013-178)

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...

8.5CVSS8.2AI score0.54312EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.39 views

Amazon Linux AMI : postgresql8 (ALAS-2012-82)

The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by a SQL command. This SQL command might then be executed by a privileged user during later restore of the...

6.8CVSS7.8AI score0.03625EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.38 views

Amazon Linux AMI : fetchmail (ALAS-2012-132)

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to 1 cause a denial of service crash and delayed delivery of inbound mail via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or 2 obtain sensitive informati...

5.8CVSS8.1AI score0.01874EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.35 views

Amazon Linux AMI : freetype (ALAS-2012-66)

Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

10CVSS5.3AI score0.05637EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.47 views

Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

5CVSS8AI score0.90734EPSS
Exploits24References5
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.46 views

Amazon Linux AMI : bind (ALAS-2013-158)

A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones RPZ. If a remote attacker sent a specially crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by...

7.1CVSS7.1AI score0.12036EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.23 views

Amazon Linux AMI : glibc (ALAS-2012-57)

An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such...

6.8CVSS8.6AI score0.02717EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.39 views

Amazon Linux AMI : cups (ALAS-2013-170)

It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the...

7.2CVSS7.8AI score0.02128EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.44 views

Amazon Linux AMI : openssl (ALAS-2012-72)

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...

7.5CVSS8.2AI score0.48298EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.50 views

Amazon Linux AMI : kernel (ALAS-2012-45)

The journalunmapbuffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the Delay and Unwritten buffer head states, which allows local users to cause a denial of service system crash by leveraging the presence of an ext4 filesystem that was mounted with ...

4.9CVSS5.5AI score0.00391EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.13 views

Amazon Linux AMI : cacti (ALAS-2011-23)

The release notes for Cacti 0.8.7h indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2011-23...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.29 views

Amazon Linux AMI : nginx (ALAS-2011-30)

Heap-based buffer overflow in compression-pointer processing in core/ngxresolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service daemon crash or possibly have unspecified other impact via a long response. C Tenable Network Security, Inc. The descriptive text and...

6.8CVSS5.8AI score0.0607EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.33 views

Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2013-169)

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

5.8CVSS6.8AI score0.09254EPSS
Exploits0References2
Rows per page
Query Builder