Lucene search
K

9391 matches found

Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.32 views

Amazon Linux AMI : tomcat8 (ALAS-2020-1390)

The version of tomcat8 installed on the remote host is prior to 8.5.56-1.84. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1390 advisory. When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an...

7CVSS7.2AI score0.56636EPSS
Exploits15References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.41 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1389)

The version of tomcat7 installed on the remote host is prior to 7.0.104-1.38. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1389 advisory. When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an...

7CVSS7.2AI score0.56636EPSS
Exploits15References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.26 views

Amazon Linux AMI : telnet (ALAS-2020-1387)

The version of telnet installed on the remote host is prior to 0.17-49.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1387 advisory. utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent dat...

10CVSS8.5AI score0.74513EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.35 views

Amazon Linux 2 : libexif (ALAS-2020-1443)

The version of libexif installed on the remote host is prior to 0.6.21-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1443 advisory. An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information...

9.1CVSS7.4AI score0.02684EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.28 views

Amazon Linux AMI : rubygem24-rake (ALAS-2020-1385)

The version of rubygem24-rake installed on the remote host is prior to 12.0.0-1.49. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1385 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begin...

6.9CVSS6.9AI score0.01359EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.40 views

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2020-1446 (ALAS-2020-1446)

The version of python-urllib3 installed on the remote host is prior to 1.25.7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1446 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.26 views

Amazon Linux AMI : rubygem-rake (ALAS-2020-1384)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1384 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. CVE-2020-8130 Tenable has extracted the preceding...

6.9CVSS6.8AI score0.01359EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.29 views

Amazon Linux AMI : exim (ALAS-2020-1380)

The version of exim installed on the remote host is prior to 4.92-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1380 advisory. Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa...

7.5CVSS8.1AI score0.04467EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.40 views

Amazon Linux AMI : bash (ALAS-2020-1379)

The version of bash installed on the remote host is prior to 4.2.46-34.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1379 advisory. rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any comma...

7.8CVSS7.2AI score0.00415EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.39 views

Amazon Linux 2 : microcode_ctl (ALAS-2020-1444)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1444 advisory. A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. Th...

5.5CVSS7.6AI score0.00587EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.24 views

Amazon Linux AMI : json-c (ALAS-2020-1381)

The version of json-c installed on the remote host is prior to 0.11-7.8. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1381 advisory. json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.20 views

Amazon Linux AMI : lftp (ALAS-2020-1383)

The version of lftp installed on the remote host is prior to 4.4.8-12.30. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1383 advisory. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss ...

7.8CVSS6AI score0.04782EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.48 views

Amazon Linux 2 : bind (ALAS-2020-1441)

The version of bind installed on the remote host is prior to 9.11.4-9.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1441 advisory. managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which...

7.5CVSS6.4AI score0.04022EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.46 views

Amazon Linux 2 : squid (ALAS-2020-1448)

The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1448 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain...

9.8CVSS7.2AI score0.74477EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.28 views

Amazon Linux 2 : json-c (ALAS-2020-1442)

The version of json-c installed on the remote host is prior to 0.11-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1442 advisory. json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.27 views

Amazon Linux AMI : texlive (ALAS-2020-1388)

The version of texlive installed on the remote host is prior to 2012-45.20130427r30134. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1388 advisory. An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A...

7.8CVSS8.3AI score0.02058EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.37 views

Amazon Linux 2 : nghttp2 (ALAS-2020-1445)

The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1445 advisory. In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept...

7.5CVSS7AI score0.05316EPSS
Exploits0References3
Amazon
Amazon
added 2020/06/30 12:0 a.m.70 views

Important: tomcat

Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...

7CVSS8.4AI score0.56636EPSS
Exploits15
Amazon
Amazon
added 2020/06/30 12:0 a.m.32 views

Medium: json-c

Issue Overview: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762 Affected Packages: json-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

7.8CVSS7.4AI score0.01888EPSS
Exploits1
Amazon
Amazon
added 2020/06/30 12:0 a.m.82 views

Low: python-urllib3

Issue Overview: No CVE associated with this advisory Affected Packages: python-urllib3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-urllib3 or...

9.8CVSS8.3AI score0.04488EPSS
Exploits0
Rows per page
Query Builder