Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
•added 2013/10/16 12:0 a.m.•72 views

Medium: kernel

Issue Overview: The dotkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a 1 tkill or 2 tgkill system call. The...

6.1CVSS7.1AI score0.0381EPSS
Exploits3
Amazon
Amazon
•added 2023/07/19 12:0 a.m.•71 views

Medium: python-pip

Issue Overview: A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interfac...

5.9CVSS7.8AI score0.12826EPSS
Exploits0
Amazon
Amazon
•added 2023/04/20 12:0 a.m.•71 views

Medium: mysql-connector-java

Issue Overview: Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

5.1CVSS4.5AI score0.032EPSS
Exploits0
Amazon
Amazon
•added 2023/04/04 12:0 a.m.•71 views

Medium: babel

Issue Overview: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution. CVE-2021-42771 Affected Packages: babel Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

7.8CVSS8.6AI score0.00716EPSS
Exploits1
Amazon
Amazon
•added 2022/10/21 12:0 a.m.•71 views

Medium: glibc

Issue Overview: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potential...

7.8CVSS8.3AI score0.0072EPSS
Exploits1
Amazon
Amazon
•added 2021/10/05 12:0 a.m.•71 views

Medium: golang

Issue Overview: A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. CVE-2021-36221 Affected Packages: golang Issue...

5.9CVSS6.9AI score0.03128EPSS
Exploits0
Amazon
Amazon
•added 2021/08/05 12:0 a.m.•71 views

Medium: curl

Issue Overview: A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPTCONNECTONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to...

7.5CVSS6.7AI score0.09917EPSS
Exploits3
Amazon
Amazon
•added 2021/05/10 12:0 a.m.•71 views

Medium: python35

Issue Overview: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of...

5.9CVSS7.8AI score0.35963EPSS
Exploits1
Amazon
Amazon
•added 2020/10/28 12:0 a.m.•71 views

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multipl...

6.5CVSS5.1AI score0.0261EPSS
Exploits0
Amazon
Amazon
•added 2020/08/31 12:0 a.m.•71 views

Medium: python34, python35

Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Pyth...

7.5CVSS8.2AI score0.06304EPSS
Exploits2
Amazon
Amazon
•added 2020/08/24 12:0 a.m.•71 views

Medium: gnome-shell

Issue Overview: It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. CVE-2019-3820 Affected...

4.8CVSS5.4AI score0.00498EPSS
Exploits1
Amazon
Amazon
•added 2020/04/22 12:0 a.m.•71 views

Medium: python-virtualenv

Issue Overview: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...

9.8CVSS8.1AI score0.07443EPSS
Exploits3
Amazon
Amazon
•added 2020/02/24 12:0 a.m.•71 views

Medium: php72

Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS7.5AI score0.08888EPSS
Exploits2
Amazon
Amazon
•added 2019/11/19 12:0 a.m.•71 views

Important: python34

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...

9.8CVSS8.5AI score0.11844EPSS
Exploits3
Amazon
Amazon
•added 2019/10/28 12:0 a.m.•71 views

Medium: httpd

Issue Overview: A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A...

7.2CVSS7.1AI score0.81466EPSS
Exploits5
Amazon
Amazon
•added 2018/12/18 12:0 a.m.•71 views

Low: curl

Issue Overview: curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used ...

10CVSS8.6AI score0.10823EPSS
Exploits0
Amazon
Amazon
•added 2018/08/10 12:0 a.m.•71 views

Critical: kernel

Issue Overview: Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a...

7.8CVSS7AI score0.24575EPSS
Exploits0
Amazon
Amazon
•added 2018/04/26 12:0 a.m.•71 views

Medium: openssl

Issue Overview: bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...

7.5CVSS6.7AI score0.83645EPSS
Exploits2
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•71 views

Important: microcode_ctl

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

5.6CVSS7.3AI score0.74041EPSS
Exploits8
Amazon
Amazon
•added 2015/07/07 12:0 a.m.•71 views

Medium: php56

Issue Overview: Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326. All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream...

10CVSS8.4AI score0.16948EPSS
Exploits5
Amazon
Amazon
•added 2015/04/23 12:0 a.m.•71 views

Important: java-1.7.0-openjdk

Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...

10CVSS6.2AI score0.07224EPSS
Exploits1References1
Amazon
Amazon
•added 2015/04/15 12:0 a.m.•71 views

Important: php55

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

7.5CVSS8.8AI score0.42593EPSS
Exploits7
Amazon
Amazon
•added 2012/10/15 12:0 a.m.•71 views

Medium: libxml2

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2,...

6.8CVSS9.7AI score0.0266EPSS
Exploits0References1
Amazon
Amazon
•added 2023/03/22 12:0 a.m.•70 views

Important: httpd

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

9CVSS6.8AI score0.57941EPSS
Exploits0
Amazon
Amazon
•added 2023/03/20 12:0 a.m.•70 views

Important: kernel

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

7.1CVSS6.2AI score0.00733EPSS
Exploits1
Amazon
Amazon
•added 2023/02/22 12:0 a.m.•70 views

Medium: golang

Issue Overview: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This...

9.1CVSS8.9AI score0.03015EPSS
Exploits0
Amazon
Amazon
•added 2023/02/21 12:0 a.m.•70 views

Medium: postgresql

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

8.1CVSS8AI score0.01901EPSS
Exploits0
Amazon
Amazon
•added 2022/07/20 12:0 a.m.•70 views

Medium: libxml2

Issue Overview: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

7.5CVSS8AI score0.0601EPSS
Exploits0
Amazon
Amazon
•added 2022/04/27 12:0 a.m.•70 views

Important: python-pillow

Issue Overview: A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or...

9.8CVSS7.2AI score0.03399EPSS
Exploits0
Amazon
Amazon
•added 2021/11/04 12:0 a.m.•70 views

Important: java-11-amazon-corretto

Issue Overview: There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to...

8.6CVSS6.6AI score0.14839EPSS
Exploits0
Amazon
Amazon
•added 2020/08/31 12:0 a.m.•70 views

Low: httpd24

Issue Overview: No CVE associated with this advisory Affected Packages: httpd24 Issue Correction: Run yum update httpd24 or yum update --advisory ALAS-2020-1418 to update your system. New Packages: i686: mod24proxyhtml-2.4.46-1.90.amzn1.i686 httpd24-tools-2.4.46-1.90.amzn1.i686 ...

9.8CVSS7.1AI score0.90039EPSS
Exploits4
Amazon
Amazon
•added 2020/06/30 12:0 a.m.•70 views

Important: tomcat

Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...

7CVSS8.4AI score0.56636EPSS
Exploits15
Amazon
Amazon
•added 2020/06/26 12:0 a.m.•70 views

Important: telnet

Issue Overview: utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. CVE-2020-10188 Affected Packages: telnet Issue Correction: Run yum upda...

10CVSS9.1AI score0.74513EPSS
Exploits2
Amazon
Amazon
•added 2020/03/23 12:0 a.m.•70 views

Important: openssl

Issue Overview: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a grou...

4.7CVSS6.6AI score0.03838EPSS
Exploits0
Amazon
Amazon
•added 2019/07/18 12:0 a.m.•70 views

Medium: java-11-amazon-corretto

Issue Overview: OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because...

5.8CVSS8.1AI score0.09393EPSS
Exploits3
Amazon
Amazon
•added 2017/03/06 12:0 a.m.•70 views

Medium: openssl

Issue Overview: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 A denial of service flaw was found in the way...

7.5CVSS7.9AI score0.57595EPSS
Exploits2
Amazon
Amazon
•added 2016/05/18 12:0 a.m.•70 views

Critical: mysql56

Issue Overview: A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

10CVSS6.7AI score0.26335EPSS
Exploits1
Amazon
Amazon
•added 2016/03/29 12:0 a.m.•70 views

Medium: tomcat7

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...

8.8CVSS7.9AI score0.1838EPSS
Exploits0
Amazon
Amazon
•added 2015/12/14 12:0 a.m.•70 views

Medium: openssl

Issue Overview: A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. CVE-2015-3194...

7.5CVSS7.8AI score0.44016EPSS
Exploits1
Amazon
Amazon
•added 2015/12/14 12:0 a.m.•70 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883,...

10CVSS7.5AI score0.09991EPSS
Exploits0References1
Amazon
Amazon
•added 2015/01/27 12:0 a.m.•70 views

Critical: glibc

Issue Overview: A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code...

10CVSS9.2AI score0.94859EPSS
Exploits29
Amazon
Amazon
•added 2014/07/23 12:0 a.m.•70 views

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discover...

9.3CVSS8.7AI score0.06118EPSS
Exploits1References1
Amazon
Amazon
•added 2013/12/17 12:0 a.m.•70 views

Critical: php54

Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...

7.5CVSS8.6AI score0.35635EPSS
Exploits8
Amazon
Amazon
•added 2012/09/04 12:0 a.m.•70 views

Medium: glibc

Issue Overview: Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation strtod, strtof, and strtold. If an application used such a function on attacker controlled input, it could cause the...

4.6CVSS7.2AI score0.00993EPSS
Exploits0References1
Amazon
Amazon
•added 2023/11/14 12:0 a.m.•69 views

Important: httpd

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

7.5CVSS6.3AI score0.70595EPSS
Exploits1
Amazon
Amazon
•added 2023/03/20 12:0 a.m.•69 views

Important: python-lxml

Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...

8.2CVSS6.6AI score0.03934EPSS
Exploits1
Amazon
Amazon
•added 2023/03/07 12:0 a.m.•69 views

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS4.8AI score0.01746EPSS
Exploits0
Amazon
Amazon
•added 2023/01/24 12:0 a.m.•69 views

Important: krb5

Issue Overview: Integer overflow vulnerabilities in PAC parsing CVE-2022-42898 Affected Packages: krb5 Issue Correction: Run yum update krb5 or yum update --advisory ALAS-2023-1667 to update your system. New Packages: i686: krb5-server-ldap-1.15.1-46.49.amzn1.i686 ...

8.8CVSS7.3AI score0.06419EPSS
Exploits1
Amazon
Amazon
•added 2022/12/06 12:0 a.m.•69 views

Important: python38

Issue Overview: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Affected...

9.8CVSS9AI score0.05193EPSS
Exploits1
Amazon
Amazon
•added 2022/10/11 12:0 a.m.•69 views

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernels framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUTVSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS6.8AI score0.06214EPSS
Exploits14
Total number of security vulnerabilities5000