9391 matches found
Amazon Linux AMI : tomcat8 (ALAS-2020-1390)
The version of tomcat8 installed on the remote host is prior to 8.5.56-1.84. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1390 advisory. When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an...
Amazon Linux AMI : tomcat7 (ALAS-2020-1389)
The version of tomcat7 installed on the remote host is prior to 7.0.104-1.38. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1389 advisory. When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an...
Amazon Linux AMI : telnet (ALAS-2020-1387)
The version of telnet installed on the remote host is prior to 0.17-49.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1387 advisory. utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent dat...
Amazon Linux 2 : libexif (ALAS-2020-1443)
The version of libexif installed on the remote host is prior to 0.6.21-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1443 advisory. An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information...
Amazon Linux AMI : rubygem24-rake (ALAS-2020-1385)
The version of rubygem24-rake installed on the remote host is prior to 12.0.0-1.49. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1385 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begin...
Amazon Linux 2 : python-urllib3, --advisory ALAS2-2020-1446 (ALAS-2020-1446)
The version of python-urllib3 installed on the remote host is prior to 1.25.7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1446 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...
Amazon Linux AMI : rubygem-rake (ALAS-2020-1384)
It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1384 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. CVE-2020-8130 Tenable has extracted the preceding...
Amazon Linux AMI : exim (ALAS-2020-1380)
The version of exim installed on the remote host is prior to 4.92-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1380 advisory. Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa...
Amazon Linux AMI : bash (ALAS-2020-1379)
The version of bash installed on the remote host is prior to 4.2.46-34.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1379 advisory. rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any comma...
Amazon Linux 2 : microcode_ctl (ALAS-2020-1444)
The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1444 advisory. A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. Th...
Amazon Linux AMI : json-c (ALAS-2020-1381)
The version of json-c installed on the remote host is prior to 0.11-7.8. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1381 advisory. json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...
Amazon Linux AMI : lftp (ALAS-2020-1383)
The version of lftp installed on the remote host is prior to 4.4.8-12.30. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1383 advisory. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss ...
Amazon Linux 2 : bind (ALAS-2020-1441)
The version of bind installed on the remote host is prior to 9.11.4-9.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1441 advisory. managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which...
Amazon Linux 2 : squid (ALAS-2020-1448)
The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1448 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain...
Amazon Linux 2 : json-c (ALAS-2020-1442)
The version of json-c installed on the remote host is prior to 0.11-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1442 advisory. json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...
Amazon Linux AMI : texlive (ALAS-2020-1388)
The version of texlive installed on the remote host is prior to 2012-45.20130427r30134. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1388 advisory. An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A...
Amazon Linux 2 : nghttp2 (ALAS-2020-1445)
The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1445 advisory. In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept...
Important: tomcat
Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...
Medium: json-c
Issue Overview: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762 Affected Packages: json-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Low: python-urllib3
Issue Overview: No CVE associated with this advisory Affected Packages: python-urllib3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-urllib3 or...