Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2014/07/09 12:0 a.m.74 views

Medium: php55

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

7.5CVSS8.4AI score0.30128EPSS
Exploits5
Amazon
Amazon
added 2014/02/03 12:0 a.m.74 views

Important: java-1.6.0-openjdk

Issue Overview: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox...

10CVSS6.4AI score0.08383EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.74 views

Important: java-1.6.0-openjdk

Issue Overview: An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2013-1486 It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protoc...

10CVSS7.2AI score0.35584EPSS
Exploits1References1
Amazon
Amazon
added 2012/03/16 12:0 a.m.74 views

Medium: kernel

Issue Overview: A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk...

7.8CVSS6.3AI score0.20492EPSS
Exploits14References1
Amazon
Amazon
added 2023/11/03 12:0 a.m.73 views

Important: python27

Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python27 Issue Correction: Run yum update python27 or yum update...

9.8CVSS8.5AI score0.04268EPSS
Exploits3
Amazon
Amazon
added 2023/08/22 12:0 a.m.73 views

Important: openssh

Issue Overview: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into...

9.8CVSS8AI score0.76768EPSS
Exploits13
Amazon
Amazon
added 2023/04/20 12:0 a.m.73 views

Medium: curl

Issue Overview: A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or...

8.8CVSS6.9AI score0.02511EPSS
Exploits3
Amazon
Amazon
added 2023/04/05 12:0 a.m.73 views

Important: python-twisted-web

Issue Overview: A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass...

8.1CVSS7AI score0.028EPSS
Exploits1
Amazon
Amazon
added 2023/03/21 12:0 a.m.73 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindexsetparms CVE-2022-50396 Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy...

7.8CVSS6.1AI score0.01377EPSS
Exploits4
Amazon
Amazon
added 2023/02/21 12:0 a.m.73 views

Important: ca-certificates

Issue Overview: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from...

7.5CVSS6.8AI score0.00535EPSS
Exploits0
Amazon
Amazon
added 2023/01/20 12:0 a.m.73 views

Medium: java-17-amazon-corretto

Issue Overview: Enhance DTLS performance: DTLS does not avail itself of the HelloVerifyRequest message which opens opportunities for DoS. CVE-2023-21835 Better Banking of Sounds: JARSoundbankReader can load classes from remote URLs. CVE-2023-21843 Affected Packages: java-17-amazon-corretto Note:...

5.3CVSS6.8AI score0.01836EPSS
Exploits0
Amazon
Amazon
added 2022/08/08 12:0 a.m.73 views

Medium: openssl11

Issue Overview: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it ...

10CVSS7.7AI score0.95764EPSS
Exploits6
Amazon
Amazon
added 2022/02/19 12:0 a.m.73 views

Medium: vim

Issue Overview: A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS8.2AI score0.02086EPSS
Exploits10
Amazon
Amazon
added 2020/11/11 12:0 a.m.73 views

Important: qemu

Issue Overview: A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon...

5CVSS7.4AI score0.05447EPSS
Exploits1
Amazon
Amazon
added 2020/10/27 12:0 a.m.73 views

Important: mariadb

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

7.2CVSS6.3AI score0.03972EPSS
Exploits0
Amazon
Amazon
added 2020/09/17 12:0 a.m.73 views

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

7.5CVSS7.2AI score0.0473EPSS
Exploits0
Amazon
Amazon
added 2019/05/02 12:0 a.m.73 views

Important: python3

Issue Overview: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are...

9.8CVSS8.3AI score0.08811EPSS
Exploits1
Amazon
Amazon
added 2018/11/07 12:0 a.m.73 views

Medium: openssl

Issue Overview: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client ha...

7.5CVSS6.4AI score0.49268EPSS
Exploits1
Amazon
Amazon
added 2018/02/20 12:0 a.m.73 views

Important: curl

Issue Overview: Out-of-bounds read in code handling HTTP/2 trailers: libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less th...

9.8CVSS7.9AI score0.08031EPSS
Exploits0
Amazon
Amazon
added 2017/03/29 12:0 a.m.73 views

Medium: tomcat6

Issue Overview: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulati...

7.5CVSS7.6AI score0.39633EPSS
Exploits6References1
Amazon
Amazon
added 2016/08/01 12:0 a.m.73 views

Medium: php55, php56

Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...

9.8CVSS9.2AI score0.50427EPSS
Exploits11
Amazon
Amazon
added 2015/10/27 12:0 a.m.73 views

Important: ntp

Issue Overview: It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable...

9.8CVSS7.6AI score0.81762EPSS
Exploits2References1
Amazon
Amazon
added 2015/09/02 12:0 a.m.73 views

Low: ntp

Issue Overview: As discussed upstream http://support.ntp.org/bin/view/Main/SecurityNoticeJune2015NTPSecurityVulnerabi, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. CVE-2015-5146 It was found that the...

7.5CVSS7.1AI score0.07483EPSS
Exploits0
Amazon
Amazon
added 2013/12/02 12:0 a.m.73 views

Medium: kernel

Issue Overview: The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that us...

7.1CVSS6.8AI score0.09408EPSS
Exploits2
Amazon
Amazon
added 2013/06/20 12:0 a.m.73 views

Important: java-1.7.0-openjdk

Issue Overview: Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-2470,...

10CVSS9.7AI score0.98704EPSS
Exploits32References1
Amazon
Amazon
added 2024/08/15 12:0 a.m.72 views

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

6.2CVSS7.1AI score0.04134EPSS
Exploits3
Amazon
Amazon
added 2024/07/22 12:0 a.m.72 views

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

9.8CVSS7AI score0.99957EPSS
Exploits2
Amazon
Amazon
added 2023/10/26 12:0 a.m.72 views

Important: python3

Issue Overview: A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The...

9.8CVSS8.2AI score0.08235EPSS
Exploits6
Amazon
Amazon
added 2023/10/17 12:0 a.m.72 views

Important: nghttp2

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nghttp2 Issue Correction: Run yum update nghttp2 or yu...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/09/25 12:0 a.m.72 views

Medium: busybox

Issue Overview: There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. CVE-2022-48174 Affected Packages: busybox Issue Correction: Run yum update busybox...

9.8CVSS8.5AI score0.02979EPSS
Exploits0
Amazon
Amazon
added 2023/09/05 12:0 a.m.72 views

Medium: amazon-ssm-agent

Issue Overview: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

7.5CVSS7.8AI score0.04561EPSS
Exploits0
Amazon
Amazon
added 2022/08/08 12:0 a.m.72 views

Important: golang

Issue Overview: A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic...

9.8CVSS8.2AI score0.10299EPSS
Exploits4
Amazon
Amazon
added 2022/08/05 12:0 a.m.72 views

Medium: git

Issue Overview: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to ...

7.8CVSS7.9AI score0.00445EPSS
Exploits0
Amazon
Amazon
added 2022/03/10 12:0 a.m.72 views

Critical: expat

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS8.9AI score0.33936EPSS
Exploits0
Amazon
Amazon
added 2022/03/08 12:0 a.m.72 views

Medium: containerd

Issue Overview: A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on...

7.5CVSS7.1AI score0.27392EPSS
Exploits4
Amazon
Amazon
added 2021/11/04 12:0 a.m.72 views

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

5.9CVSS6.3AI score0.02956EPSS
Exploits0
Amazon
Amazon
added 2021/04/07 12:0 a.m.72 views

Low: tomcat7

Issue Overview: A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the...

7.5CVSS7.7AI score0.56636EPSS
Exploits15
Amazon
Amazon
added 2020/10/27 12:0 a.m.72 views

Medium: libxml2

Issue Overview: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956 A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being...

7.5CVSS7.7AI score0.07836EPSS
Exploits0
Amazon
Amazon
added 2020/09/16 12:0 a.m.72 views

Important: clamav

Issue Overview: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service DoS condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This...

7.5CVSS7.4AI score0.05063EPSS
Exploits0
Amazon
Amazon
added 2019/08/07 12:0 a.m.72 views

Important: vim

Issue Overview: It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 Affected Packages: vim Note: This advisory is applicable to...

9.3CVSS9.3AI score0.19111EPSS
Exploits5
Amazon
Amazon
added 2018/01/18 12:0 a.m.72 views

Important: kernel

Issue Overview: Race condition in rawsendmsg function allows denial-of-service or kernel addresses leak A flaw was found in the Linux kernel's implementation of rawsendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of...

7.8CVSS6.8AI score0.01355EPSS
Exploits5
Amazon
Amazon
added 2018/01/12 12:0 a.m.72 views

Important: qemu-kvm

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

5.6CVSS7.2AI score0.74041EPSS
Exploits8
Amazon
Amazon
added 2017/08/17 12:0 a.m.72 views

Important: kernel

Issue Overview: Buffer overflow in mpoverridelegacyirq: Buffer overflow in the mpoverridelegacyirq function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. CVE-2017-11473 A race between inotifyhandleevent and...

7.8CVSS7AI score0.01223EPSS
Exploits3
Amazon
Amazon
added 2017/05/10 12:0 a.m.72 views

Important: kernel

Issue Overview: Infinite recursion in ahash.c by triggering EBUSY on a full queue: A vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full...

7.8CVSS7.2AI score0.17827EPSS
Exploits19
Amazon
Amazon
added 2017/03/29 12:0 a.m.72 views

Medium: php70

Issue Overview: Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization...

9.8CVSS9AI score0.41943EPSS
Exploits3
Amazon
Amazon
added 2016/12/15 12:0 a.m.72 views

Medium: expat

Issue Overview: CVE-2016-0718: Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly,...

9.8CVSS9.1AI score0.13335EPSS
Exploits3References1
Amazon
Amazon
added 2016/05/03 12:0 a.m.72 views

Important: php56, php55

Issue Overview: The following security-related issues were resolved: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 Signedness vulnerability causing heap overflow in libgd CVE-2016-3074 Integer overflow in phprawurlencode CVE-2016-4070 Format string vulnerability in...

9.8CVSS9.3AI score0.36974EPSS
Exploits13
Amazon
Amazon
added 2013/10/16 12:0 a.m.72 views

Medium: kernel

Issue Overview: The dotkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a 1 tkill or 2 tgkill system call. The...

6.1CVSS7.1AI score0.0381EPSS
Exploits3
Amazon
Amazon
added 2024/04/30 12:0 a.m.71 views

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

7.3CVSS7.1AI score0.03914EPSS
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.71 views

Low: vim

Issue Overview: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in...

4.3CVSS7AI score0.00749EPSS
Exploits0
Total number of security vulnerabilities5000