Lucene search
K

3307 matches found

Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.30 views

Amazon Linux 2 : libvirt (ALAS-2018-952) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

5.6CVSS7AI score0.74041EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.27 views

Amazon Linux 2 : mailman (ALAS-2018-985)

Cross-site scripting XSS vulnerability in web UI A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CVE-2018-5950 C Tenable...

6.1CVSS6.6AI score0.04599EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.25 views

Amazon Linux 2 : curl (ALAS-2018-951)

HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

9.8CVSS6.9AI score0.08031EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.30 views

Amazon Linux 2 : dhcp (ALAS-2018-963)

Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file...

7.5CVSS6.3AI score0.72724EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.68 views

Amazon Linux 2 : systemd (ALAS-2018-961)

Access to automounted volumes can lock up A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.CVE-2018-1049 C Tenable Network Security, Inc. The descriptive text and package checks in this...

5.9CVSS6.2AI score0.0726EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.43 views

Amazon Linux 2 : glibc (ALAS-2018-992)

Integer overflow in malloc functions : The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that i...

9.8CVSS7.3AI score0.04778EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.37 views

Amazon Linux 2 : dhcp (ALAS-2018-984)

Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client...

7.5CVSS7.2AI score0.20242EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.252 views

Amazon Linux 2 : kernel (ALAS-2018-939) (Meltdown) (Spectre)

An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously...

5.6CVSS7.2AI score0.84172EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.37 views

Amazon Linux 2 : microcode_ctl (ALAS-2018-953) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

5.6CVSS7AI score0.74041EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.35 views

Amazon Linux 2 : 389-ds-base (ALAS-2018-980)

Authentication bypass due to lack of size check in slapictmemcmp function in chmalloc.c : It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypa...

8.1CVSS7.3AI score0.04817EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.71 views

Amazon Linux 2 : kernel (ALAS-2018-971)

Out-of-bounds write via userland offsets in ebtentry struct in netfilter/ebtables.c : A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. CVE-2018-1068 C Tenable...

7.2CVSS6.5AI score0.00451EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.44 views

Amazon Linux 2 : memcached (ALAS-2018-964)

It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. It was discovered that the memcached connections using UDP...

7.5CVSS7AI score0.8864EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.35 views

Amazon Linux 2 : nautilus (ALAS-2018-960)

Insufficient validation of trust of .desktop files with execute permission An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening...

6.5CVSS6.1AI score0.02471EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.51 views

Amazon Linux 2 : libvorbis (ALAS-2018-981)

Vorbis audio processing out of bounds write MFSA 2018-08 : An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code. CVE-2018-5146 C Tenable Network Securit...

8.8CVSS7.9AI score0.12054EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.31 views

Amazon Linux 2 : mod_wsgi (ALAS-2018-987)

Failure to handle errors when attempting to drop group privileges : modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. CVE-2014-8583 C...

6.9CVSS5.3AI score0.00403EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.39 views

Amazon Linux 2 : linux-firmware (ALAS-2018-962) (Spectre)

Speculative execution branch target injection An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the...

5.6CVSS7AI score0.74041EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.24 views

Amazon Linux 2 : bind (ALAS-2018-954)

Improper fetch cleanup sequencing in the resolver can cause named to crash A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acti...

7.5CVSS6.9AI score0.27725EPSS
Exploits0References2
Amazon
Amazon
added 2018/04/05 12:0 a.m.32 views

Low: zsh

Issue Overview: NULL dereference in cd in sh compatibility mode under given circumstances In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 Null-pointer...

9.8CVSS9.2AI score0.03223EPSS
Exploits0
Amazon
Amazon
added 2018/04/05 12:0 a.m.32 views

Important: dhcp

Issue Overview: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running...

7.5CVSS7.5AI score0.20242EPSS
Exploits0
Amazon
Amazon
added 2018/04/05 12:0 a.m.31 views

Medium: mailman

Issue Overview: Cross-site scripting XSS vulnerability in web UI A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions...

6.1CVSS7.3AI score0.04599EPSS
Exploits3
Rows per page
Query Builder