CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9341 matches found

Tenable Nessus•added 2016/06/06 12:0 a.m.•27 views

Amazon Linux AMI : mod_dav_svn (ALAS-2016-710)

The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repositor...

6.8CVSS6.8AI score0.19628EPSS

Exploits0References3

Tenable Nessus•added 2016/06/06 12:0 a.m.•66 views

Amazon Linux AMI : ntp (ALAS-2016-708)

It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively...

7.2CVSS6.5AI score0.15201EPSS

Exploits4References5

Tenable Nessus•added 2016/06/06 12:0 a.m.•43 views

Amazon Linux AMI : jq (ALAS-2016-705)

A heap-based buffer overflow flaw was found in the tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. CVE-2015-8863 C Tenable Network Security, Inc. The...

10CVSS8.9AI score0.07495EPSS

Exploits0References2

Tenable Nessus•added 2016/06/06 12:0 a.m.•55 views

Amazon Linux AMI : php56 (ALAS-2016-706)

The following security-related issues were resolved : Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 Integer overflow in phphtmlentities CVE-2016-5094 Integer overflow in phpfilterfullspecialchars CVE-2016-5095...

8.6CVSS8.3AI score0.05487EPSS

Exploits3References6

Tenable Nessus•added 2016/06/06 12:0 a.m.•57 views

Amazon Linux AMI : cacti (ALAS-2016-711)

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter. CVE-2016-3659 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux...

8.8CVSS8.4AI score0.02213EPSS

Exploits2References2

Tenable Nessus•added 2016/06/06 12:0 a.m.•231 views

Amazon Linux AMI : kernel (ALAS-2016-704)

The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...

7.8CVSS6.7AI score0.00512EPSS

Exploits0References2

Tenable Nessus•added 2016/06/06 12:0 a.m.•31 views

Amazon Linux AMI : subversion (ALAS-2016-709)

6.8CVSS6.8AI score0.19628EPSS

Exploits0References3

Tenable Nessus•added 2016/06/06 12:0 a.m.•283 views

Amazon Linux AMI : php55 (ALAS-2016-707)

The following security-related issues were resolved : Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size...

8.8CVSS8.5AI score0.05487EPSS

Exploits4References7

Tenable Nessus•added 2016/06/06 12:0 a.m.•31 views

Amazon Linux AMI : libksba (ALAS-2016-712)

The following security-related issues were resolved : Incomplete fix for CVE-2016-4356 CVE-2016-4574 Out-of-bounds read in ksbaberparsetl CVE-2016-4579 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...

7.5CVSS8AI score0.03231EPSS

Exploits0References3

Tenable Nessus•added 2016/05/19 12:0 a.m.•41 views

Amazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)

A use-after-free flaw was found in the way NSS handled DHE DiffieHellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause tha...

8.8CVSS8.5AI score0.02386EPSS

Exploits0References3

Tenable Nessus•added 2016/05/19 12:0 a.m.•237 views

Amazon Linux AMI : kernel (ALAS-2016-703)

The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area. CVE-2016-3961 / XSA-174 A flaw was found in the way the Linux kernel's ASN.1 DER decod...

7.8CVSS6.2AI score0.10202EPSS

Exploits9References10

Tenable Nessus•added 2016/05/12 12:0 a.m.•36 views

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2016-700)

Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-0686 , CVE-2016-0687 It was discovered that the RMI server implementation in the JMX...

10CVSS7.2AI score0.92334EPSS

Exploits1References6

OpenVAS•added 2016/05/09 12:0 a.m.•38 views

Amazon Linux: Security Advisory (ALAS-2016-682)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.3AI score0.82112EPSS

Exploits2References2

OpenVAS•added 2016/05/09 12:0 a.m.•46 views

Amazon Linux: Security Advisory (ALAS-2016-694)

10CVSS8.2AI score0.24299EPSS

Exploits13References2

OpenVAS•added 2016/05/09 12:0 a.m.•33 views

Amazon Linux: Security Advisory (ALAS-2016-696)

9.3CVSS8AI score0.0831EPSS

Exploits1References2

OpenVAS•added 2016/05/09 12:0 a.m.•30 views

Amazon Linux: Security Advisory (ALAS-2016-697)