Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
•added 2013/04/25 12:0 a.m.•80 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check...

10CVSS8.7AI score0.86963EPSS
Exploits15References1
Amazon
Amazon
•added 2023/03/06 12:0 a.m.•79 views

Important: libdb

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

7.8CVSS8.1AI score0.00567EPSS
Exploits1
Amazon
Amazon
•added 2022/06/07 12:0 a.m.•79 views

Medium: microcode_ctl

Issue Overview: A flaw was found in hw. Processor optimization removal or modification of security-critical code for some IntelR processors may potentially allow an authenticated user to enable information disclosure via local access. CVE-2022-21151 A flaw was found in hw. Incomplete cleanup in...

5.5CVSS7.1AI score0.05465EPSS
Exploits0
Amazon
Amazon
•added 2022/06/07 12:0 a.m.•79 views

Medium: vim

Issue Overview: A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. CVE-2022-0393 A flaw was found in vim. Th...

8.8CVSS8AI score0.26583EPSS
Exploits17
Amazon
Amazon
•added 2021/07/02 12:0 a.m.•79 views

Medium: kernel

Issue Overview: A flaw was found in kernel/bpf/verifier.c in BPF in the Linux kernel. An incorrect limit is enforced for pointer arithmetic operations which can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation. The highest threat from thi...

7.8CVSS6.6AI score0.00377EPSS
Exploits0
Amazon
Amazon
•added 2021/06/23 12:0 a.m.•79 views

Medium: python

Issue Overview: A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The...

7.2CVSS7.8AI score0.0642EPSS
Exploits1
Amazon
Amazon
•added 2021/05/24 12:0 a.m.•79 views

Medium: python3

Issue Overview: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of...

5.9CVSS8AI score0.35963EPSS
Exploits1
Amazon
Amazon
•added 2020/06/26 12:0 a.m.•79 views

Important: tomcat7

Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...

7CVSS8.4AI score0.56636EPSS
Exploits15
Amazon
Amazon
•added 2020/05/13 12:0 a.m.•79 views

Medium: dovecot

Issue Overview: In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. CVE-2019-7524 It was discovered that...

8.8CVSS7.8AI score0.02462EPSS
Exploits1
Amazon
Amazon
•added 2019/08/23 12:0 a.m.•79 views

Medium: ruby

Issue Overview: It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory...

9.8CVSS8.2AI score0.10552EPSS
Exploits0
Amazon
Amazon
•added 2019/01/23 12:0 a.m.•79 views

Low: krb5

Issue Overview: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a...

6.5CVSS6.2AI score0.026EPSS
Exploits0
Amazon
Amazon
•added 2018/06/08 12:0 a.m.•79 views

Important: qemu-kvm

Issue Overview: An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator QEMU. It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulti...

7.8CVSS7.3AI score0.60631EPSS
Exploits4
Amazon
Amazon
•added 2013/12/17 12:0 a.m.•79 views

Critical: php

Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...

7.5CVSS8.2AI score0.35635EPSS
Exploits8
Amazon
Amazon
•added 2013/03/14 12:0 a.m.•79 views

Important: java-1.7.0-openjdk

Issue Overview: An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges...

10CVSS10AI score0.85882EPSS
Exploits10References1
Amazon
Amazon
•added 2023/07/19 12:0 a.m.•78 views

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

7.5CVSS5.5AI score0.01812EPSS
Exploits0
Amazon
Amazon
•added 2023/02/04 12:0 a.m.•78 views

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services NSS get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting...

7.5CVSS7.1AI score0.17011EPSS
Exploits3
Amazon
Amazon
•added 2022/06/07 12:0 a.m.•78 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO CVE-2021-47435 A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read...

7.8CVSS6.5AI score0.01027EPSS
Exploits8
Amazon
Amazon
•added 2022/06/07 12:0 a.m.•78 views

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

8.1CVSS8.1AI score0.07546EPSS
Exploits1
Amazon
Amazon
•added 2021/03/20 12:0 a.m.•78 views

Important: kernel

Issue Overview: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be...

7.8CVSS7.2AI score0.02079EPSS
Exploits3
Amazon
Amazon
•added 2020/09/17 12:0 a.m.•78 views

Important: mod_http2

Issue Overview: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this...

7.5CVSS6.8AI score0.89744EPSS
Exploits2
Amazon
Amazon
•added 2020/08/31 12:0 a.m.•78 views

Medium: python36

Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Pyth...

7.5CVSS8.2AI score0.06304EPSS
Exploits2
Amazon
Amazon
•added 2020/07/22 12:0 a.m.•78 views

Important: qemu

Issue Overview: In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code. CVE-2020-8608 Affected Packages: qemu Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

6.8CVSS7.6AI score0.02486EPSS
Exploits0
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•78 views

Medium: php56, php70, php71

Issue Overview: Reflected XSS in .phar 404 page An issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Denial of Service DoS via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gdgifin.c Th...

6.1CVSS6.8AI score0.79949EPSS
Exploits1
Amazon
Amazon
•added 2016/10/20 12:0 a.m.•78 views

Critical: kernel

Issue Overview: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their...

7.2CVSS7.4AI score0.83524EPSS
Exploits81
Amazon
Amazon
•added 2016/09/27 12:0 a.m.•78 views

Medium: openvpn

Issue Overview: Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remo...

5.9CVSS6.2AI score0.0594EPSS
Exploits0
Amazon
Amazon
•added 2016/03/10 12:0 a.m.•78 views

Medium: tomcat7

Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...

8.1CVSS7.4AI score0.13872EPSS
Exploits0
Amazon
Amazon
•added 2015/06/16 12:0 a.m.•78 views

Medium: openssl

Issue Overview: LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient...

7.5CVSS8AI score0.9986EPSS
Exploits2
Amazon
Amazon
•added 2015/06/02 12:0 a.m.•78 views

Medium: php55

Issue Overview: An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. CVE-2015-4021 An integer overflow flaw leading to...

7.5CVSS9.8AI score0.50129EPSS
Exploits4
Amazon
Amazon
•added 2015/04/17 12:0 a.m.•78 views

Low: php55

Issue Overview: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or...

7.5CVSS8.7AI score0.38434EPSS
Exploits3
Amazon
Amazon
•added 2015/01/11 12:0 a.m.•78 views

Medium: openssl

Issue Overview: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for t...

5CVSS7.2AI score0.98685EPSS
Exploits0
Amazon
Amazon
•added 2012/07/05 12:0 a.m.•78 views

Low: busybox

Issue Overview: A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or,...

7.5CVSS8.1AI score0.05422EPSS
Exploits2References1
Amazon
Amazon
•added 2024/07/22 12:0 a.m.•77 views

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

9.8CVSS7.4AI score0.99957EPSS
Exploits2
Amazon
Amazon
•added 2023/05/16 12:0 a.m.•77 views

Important: golang

Issue Overview: HTTP and MIME header parsing could allocate large amounts of memory, even when parsing small inputs. Certain unusual patterns of input data could cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed...

7.5CVSS6.8AI score0.01888EPSS
Exploits0
Amazon
Amazon
•added 2022/03/10 12:0 a.m.•77 views

Critical: expat

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS8.8AI score0.33936EPSS
Exploits0
Amazon
Amazon
•added 2021/03/25 12:0 a.m.•77 views

Important: tomcat8

Issue Overview: A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the...

7.5CVSS7.7AI score0.56636EPSS
Exploits15
Amazon
Amazon
•added 2021/02/20 12:0 a.m.•77 views

Important: glibc

Issue Overview: The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial...

8.1CVSS7.2AI score0.05223EPSS
Exploits1
Amazon
Amazon
•added 2021/02/20 12:0 a.m.•77 views

Medium: python, python3

Issue Overview: A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer...

9.8CVSS8.4AI score0.23293EPSS
Exploits1
Amazon
Amazon
•added 2020/12/09 12:0 a.m.•77 views

Medium: bind

Issue Overview: A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability. CVE-2020-8622 A flaw was found in bind. An assertion failure can occur when a special...

7.5CVSS6.6AI score0.06348EPSS
Exploits0
Amazon
Amazon
•added 2020/05/13 12:0 a.m.•77 views

Medium: expat

Issue Overview: Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. CVE-2015-2716 Affecte...

7.5CVSS9.1AI score0.19069EPSS
Exploits0
Amazon
Amazon
•added 2018/04/19 12:0 a.m.•77 views

Low: openssl

Issue Overview: RSA key generation cache timing vulnerability in crypto/rsa/rsagen.c allows attackers to recover private keys: OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key...

5.9CVSS6.5AI score0.12046EPSS
Exploits0
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•77 views

Medium: mod_wsgi

Issue Overview: Failure to handle errors when attempting to drop group privileges: modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

6.9CVSS7.1AI score0.00403EPSS
Exploits0
Amazon
Amazon
•added 2016/12/15 12:0 a.m.•77 views

Important: tomcat8

Issue Overview: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener Affected Packages: tomcat8 Issue Correction: Run yum update tomcat8 or yum update...

9.8CVSS8.1AI score0.90338EPSS
Exploits7
Amazon
Amazon
•added 2016/04/06 12:0 a.m.•77 views

Important: openssl098e

Issue Overview: A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. CVE-2015-02...

5.9CVSS7.2AI score0.82112EPSS
Exploits2
Amazon
Amazon
•added 2015/02/11 12:0 a.m.•77 views

Medium: php55

Issue Overview: sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newlin...

7.5CVSS8.8AI score0.53166EPSS
Exploits12
Amazon
Amazon
•added 2014/10/16 12:0 a.m.•77 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-65...

6.8CVSS8.2AI score0.04102EPSS
Exploits0References1
Amazon
Amazon
•added 2014/09/24 12:0 a.m.•77 views

Critical: bash

Issue Overview: This ALAS is superceded by ALAS-2014-419 https://alas.aws.amazon.com/ALAS-2014-419.html". A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell...

10CVSS9.4AI score0.99999EPSS
Exploits130
Amazon
Amazon
•added 2013/05/14 12:0 a.m.•77 views

Medium: kernel

Issue Overview: The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call. Affected Packages: kernel Issue Correction: Run yum update kernel or yum...

8.4CVSS7.3AI score0.47709EPSS
Exploits15
Amazon
Amazon
•added 2024/08/15 12:0 a.m.•76 views

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

6.2CVSS6.7AI score0.04134EPSS
Exploits3
Amazon
Amazon
•added 2023/05/02 12:0 a.m.•76 views

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficul...

7.4CVSS6.4AI score0.02474EPSS
Exploits1
Amazon
Amazon
•added 2022/07/15 12:0 a.m.•76 views

Important: kernel

Issue Overview: A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAPSYSADMIN or CAPSYSRAWIO to create issues with confidentiality. CVE-2022-0494 An information...

8.2CVSS7AI score0.06451EPSS
Exploits10
Total number of security vulnerabilities5000