Lucene search
K

9394 matches found

Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.25 views

Amazon Linux AMI : librabbitmq (ALAS-2020-1394)

The version of librabbitmq installed on the remote host is prior to 0.1-0.2.hgfb6fca832fd2.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1394 advisory. An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflo...

9.8CVSS8.3AI score0.03317EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.32 views

Amazon Linux AMI : cairo (ALAS-2020-1392)

The version of cairo installed on the remote host is prior to 1.12.14-6.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1392 advisory. The fillxrgb32lerpopaquespans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denia...

7.5CVSS7.2AI score0.01805EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.45 views

Amazon Linux AMI : poppler (ALAS-2020-1398)

The version of poppler installed on the remote host is prior to 0.26.5-42.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1398 advisory. The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through...

8.8CVSS7AI score0.02527EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.249 views

Amazon Linux AMI : kernel (ALAS-2020-1382)

The version of kernel installed on the remote host is prior to 4.14.177-107.254. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1382 advisory. A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw...

7.8CVSS6.7AI score0.03097EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.67 views

Amazon Linux 2 : lftp (ALAS-2020-1453)

The version of lftp installed on the remote host is prior to 4.4.8-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1453 advisory. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of...

7.8CVSS6AI score0.04782EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.35 views

Amazon Linux AMI : libexif (ALAS-2020-1393)

The version of libexif installed on the remote host is prior to 0.6.21-6.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1393 advisory. An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information...

9.1CVSS7.4AI score0.02684EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.30 views

Amazon Linux 2 : advancecomp (ALAS-2020-1450)

The version of advancecomp installed on the remote host is prior to 1.15-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1450 advisory. In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which...

7.8CVSS5.9AI score0.01424EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.38 views

Amazon Linux AMI : mailman (ALAS-2020-1395)

The version of mailman installed on the remote host is prior to 2.1.15-30.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1395 advisory. Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject...

6.5CVSS6.5AI score0.02541EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.25 views

Amazon Linux 2 : patch (ALAS-2020-1457)

The version of patch installed on the remote host is prior to 2.7.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1457 advisory. In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...

5.9CVSS6.6AI score0.03927EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.48 views

Amazon Linux AMI : php72, php73 (ALAS-2020-1397)

The version of php72 installed on the remote host is prior to 7.2.31-1.23. The version of php73 installed on the remote host is prior to 7.3.19-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1397 advisory. In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18...

5.3CVSS7.1AI score0.06264EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.26 views

Amazon Linux 2 : file (ALAS-2020-1452)

The version of file installed on the remote host is prior to 5.11-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1452 advisory. The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds rea...

6.5CVSS6.1AI score0.0341EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.82 views

Amazon Linux 2 : curl (ALAS-2020-1451)

The version of curl installed on the remote host is prior to 7.61.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1451 advisory. command line arguments lead to local file overwrite CVE-2020-8177 Tenable has extracted the preceding description block directly fro...

7.8CVSS6.8AI score0.01236EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.38 views

Amazon Linux AMI : squid (ALAS-2020-1386)

The version of squid installed on the remote host is prior to 3.5.20-15.39. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1386 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gai...

9.8CVSS7.2AI score0.74477EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.38 views

Amazon Linux 2 : qt (ALAS-2020-1458)

The version of qt installed on the remote host is prior to 4.8.5-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1458 advisory. An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...

9.8CVSS7.2AI score0.03382EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.34 views

Amazon Linux 2 : ntp (ALAS-2020-1455)

The version of ntp installed on the remote host is prior to 4.2.6p5-29. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1455 advisory. ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or...

7.5CVSS6.6AI score0.04071EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.32 views

Amazon Linux 2 : net-snmp (ALAS-2020-1454)

The version of net-snmp installed on the remote host is prior to 5.7.2-48. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1454 advisory. snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticate...

7.5CVSS7.5AI score0.04298EPSS
Exploits1References3
Amazon
Amazon
added 2020/07/16 12:0 a.m.30 views

Medium: patch

Issue Overview: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVE-2019-13636 Affected Packages: patch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for t...

5.9CVSS6.5AI score0.03927EPSS
Exploits0
Amazon
Amazon
added 2020/07/16 12:0 a.m.54 views

Medium: openssl11

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...

5.3CVSS6.5AI score0.06232EPSS
Exploits0
Amazon
Amazon
added 2020/07/16 12:0 a.m.25 views

Medium: advancecomp

Issue Overview: In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read. CVE-2019-9210 Affected Packages:...

7.8CVSS5.2AI score0.01424EPSS
Exploits1
Amazon
Amazon
added 2020/07/16 12:0 a.m.39 views

Medium: lftp

Issue Overview: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled...

7.8CVSS6.2AI score0.04782EPSS
Exploits1
Rows per page
Query Builder