Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2021/09/15 12:0 a.m.63 views

Medium: kernel

Issue Overview: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could...

8.8CVSS6.6AI score0.00658EPSS
Exploits3
Amazon
Amazon
added 2021/03/20 12:0 a.m.63 views

Important: kernel

Issue Overview: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be...

7.8CVSS7.2AI score0.02079EPSS
Exploits3
Amazon
Amazon
added 2020/12/09 12:0 a.m.63 views

Medium: qemu

Issue Overview: A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ipreass routine while reassembling incoming packets, if the first fragment is bigger than the m-mdat buffer. A user or process could use this flaw to crash the QEMU...

7.5CVSS7.2AI score0.04027EPSS
Exploits0
Amazon
Amazon
added 2020/10/28 12:0 a.m.63 views

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

7.5CVSS7.2AI score0.0473EPSS
Exploits0
Amazon
Amazon
added 2020/06/17 12:0 a.m.63 views

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler. CVE-2020-12657 A flaw was...

7.8CVSS6AI score0.00711EPSS
Exploits1
Amazon
Amazon
added 2019/01/07 12:0 a.m.63 views

Low: binutils

Issue Overview: An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7568 The ignoresectionsym function in elf.c ...

7.8CVSS8.1AI score0.05944EPSS
Exploits9
Amazon
Amazon
added 2018/05/25 12:0 a.m.63 views

Medium: mysql56

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

7.7CVSS6.9AI score0.0401EPSS
Exploits0
Amazon
Amazon
added 2018/05/10 12:0 a.m.63 views

Medium: ntp

Issue Overview: Ephemeral association time spoofing additional protection ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modif...

9.8CVSS7.9AI score0.2985EPSS
Exploits8
Amazon
Amazon
added 2018/05/10 12:0 a.m.63 views

Medium: ntp

Issue Overview: The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013. CVE-2013-5211 A malicious authenticated...

9.8CVSS7.8AI score0.97549EPSS
Exploits29
Amazon
Amazon
added 2018/05/10 12:0 a.m.63 views

Medium: php56, php70, php71

Issue Overview: Null pointer dereference due to mishandling of ldapgetdn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c...

8.8CVSS7.2AI score0.79949EPSS
Exploits0
Amazon
Amazon
added 2018/04/26 12:0 a.m.63 views

Medium: python34, python35, python36, python27

Issue Overview: DOS via regular expression catastrophic backtracking in apop method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. CVE-2018-1060 DOS via regular...

7.5CVSS6.7AI score0.05103EPSS
Exploits1
Amazon
Amazon
added 2018/03/21 12:0 a.m.63 views

Medium: ruby24, ruby22, ruby23

Issue Overview: Unsafe object deserialization through YAML formatted gem specifications: A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute...

9.8CVSS9.8AI score0.15853EPSS
Exploits1
Amazon
Amazon
added 2017/07/25 12:0 a.m.63 views

Important: aws-cfn-bootstrap

Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 Affected Packages: aws-cfn-bootstrap Issue...

7.8CVSS8AI score0.00376EPSS
Exploits2
Amazon
Amazon
added 2017/04/06 12:0 a.m.63 views

Medium: gnutls

Issue Overview: A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients...

9.8CVSS7.6AI score0.39657EPSS
Exploits1References1
Amazon
Amazon
added 2016/09/15 12:0 a.m.63 views

Important: java-1.6.0-openjdk

Issue Overview: An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. CVE-2016-3606 Multiple denial of service flaws were found in the JAXP componen...

9.6CVSS7.7AI score0.04797EPSS
Exploits0
Amazon
Amazon
added 2016/07/20 12:0 a.m.63 views

Medium: python26, python27, python34

Issue Overview: It was found that Python's httplib library used urllib, urllib2 and others did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values...

10CVSS8.8AI score0.25671EPSS
Exploits7
Amazon
Amazon
added 2016/03/24 12:0 a.m.63 views

Medium: cacti

Issue Overview: Various cross-site scripting XSS flaws CVE-2013-5588, CVE-2014-5025, CVE-2014-5026 and various SQL injection flaws CVE-2013-5589, CVE-2015-4342, CVE-2015-4634, CVE-2015-8377, CVE-2015-8604 were discovered affecting versions of Cacti prior to 0.8.8g. Cross-site scripting XSS...

8.8CVSS8.6AI score0.03227EPSS
Exploits7
Amazon
Amazon
added 2016/02/09 12:0 a.m.63 views

Medium: nss

Issue Overview: A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct...

5.9CVSS7.5AI score0.0288EPSS
Exploits0References1
Amazon
Amazon
added 2015/07/22 12:0 a.m.63 views

Medium: nss, nss-util

Issue Overview: A flaw was found in the way the TLS protocol composes the Diffie-Hellman DH key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. CVE-2015-4000 Please note th...

4.3CVSS7AI score0.9986EPSS
Exploits1References1
Amazon
Amazon
added 2015/03/23 12:0 a.m.63 views

Medium: file

Issue Overview: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of...

7.5CVSS8.5AI score0.05926EPSS
Exploits0
Amazon
Amazon
added 2014/10/28 12:0 a.m.63 views

Medium: xerces-j2

Issue Overview: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application...

7.1CVSS7.8AI score0.24738EPSS
Exploits0References1
Amazon
Amazon
added 2014/10/15 12:0 a.m.63 views

Important: openssl

Issue Overview: A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory...

7.1CVSS7.7AI score0.37072EPSS
Exploits0
Amazon
Amazon
added 2013/03/02 12:0 a.m.63 views

Medium: kernel

Issue Overview: It was found that a deadlock could occur in the Out of Memory OOM killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing requestmodule to be called. A local, unprivileged user could use this flaw to cause a denial of service excessive...

6.9CVSS6.6AI score0.01434EPSS
Exploits3References2
Amazon
Amazon
added 2012/08/03 12:0 a.m.63 views

Important: krb5

Issue Overview: An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests AS-REQ. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. CVE-2012-1015 A NULL pointer dereference flaw...

9.3CVSS8.2AI score0.04814EPSS
Exploits1References1
Amazon
Amazon
added 2024/03/04 12:0 a.m.62 views

Important: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 A flaw was found in the ATA over Ethernet AoE driver in the...

7CVSS7AI score0.0041EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.62 views

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...

7.1CVSS7.3AI score0.00522EPSS
Exploits1
Amazon
Amazon
added 2023/10/17 12:0 a.m.62 views

Important: nginx

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run yum update nginx or yum...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/05/03 12:0 a.m.62 views

Important: tomcat7

Issue Overview: 2023-05-11: CVE-2017-12616 was added to this advisory. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted...

7.5CVSS7.4AI score0.708EPSS
Exploits5
Amazon
Amazon
added 2023/05/02 12:0 a.m.62 views

Medium: libxml2

Issue Overview: A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce...

6.5CVSS8AI score0.01086EPSS
Exploits1
Amazon
Amazon
added 2023/05/02 12:0 a.m.62 views

Important: tomcat

Issue Overview: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. CVE-2017-12616 When using the RemoteIpFilter with...

7.5CVSS7AI score0.708EPSS
Exploits4
Amazon
Amazon
added 2023/02/21 12:0 a.m.62 views

Medium: ImageMagick

Issue Overview: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input. CVE-2022-44267 ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize...

6.5CVSS8AI score0.89855EPSS
Exploits31
Amazon
Amazon
added 2022/07/15 12:0 a.m.62 views

Medium: expat

Issue Overview: In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. CVE-2021-46143 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 h...

9.8CVSS8.5AI score0.04829EPSS
Exploits1
Amazon
Amazon
added 2022/01/20 12:0 a.m.62 views

Important: httpd24

Issue Overview: There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via...

9.8CVSS8.6AI score0.97108EPSS
Exploits4
Amazon
Amazon
added 2020/12/09 12:0 a.m.62 views

Important: freetype

Issue Overview: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Affected Packages: freetype Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

9.6CVSS8.7AI score0.5063EPSS
Exploits2
Amazon
Amazon
added 2020/11/11 12:0 a.m.62 views

Medium: nspr, nss-softokn, nss-util, nss

Issue Overview: When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services NSS library. This could lead to information disclosure. This vulnerability affects Firefox ESR 60.8, Firefox 68, and...

10CVSS7.8AI score0.03552EPSS
Exploits1
Amazon
Amazon
added 2019/06/13 12:0 a.m.62 views

Critical: kernel

Issue Overview: CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernel...

7.8CVSS7AI score0.98745EPSS
Exploits4
Amazon
Amazon
added 2019/04/04 12:0 a.m.62 views

Medium: openssl

Issue Overview: A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.CVE-2018-5407 If an application encounters a fata...

5.9CVSS7.1AI score0.17139EPSS
Exploits4
Amazon
Amazon
added 2019/01/22 12:0 a.m.62 views

Low: sssd

Issue Overview: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. CVE-2018-10852...

7.5CVSS6.6AI score0.01519EPSS
Exploits0
Amazon
Amazon
added 2018/12/13 12:0 a.m.62 views

Medium: httpd24

Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

5.9CVSS6.5AI score0.51002EPSS
Exploits0
Amazon
Amazon
added 2018/09/20 12:0 a.m.62 views

Important: postgresql

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

8.5CVSS8.7AI score0.05154EPSS
Exploits0
Amazon
Amazon
added 2018/05/10 12:0 a.m.62 views

Critical: java-1.7.0-openjdk

Issue Overview: Unbounded memory allocation during deserialization in NamedNodeMapImpl JAXP, 8189993 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded:...

8.3CVSS5.3AI score0.15141EPSS
Exploits0
Amazon
Amazon
added 2017/10/02 12:0 a.m.62 views

Medium: 389-ds-base

Issue Overview: Password brute-force possible for locked account due to different return codes: A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDA...

9.8CVSS9.7AI score0.01418EPSS
Exploits1
Amazon
Amazon
added 2017/01/26 12:0 a.m.62 views

Medium: php70

Issue Overview: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

9.8CVSS10AI score0.46801EPSS
Exploits8
Amazon
Amazon
added 2016/06/02 12:0 a.m.62 views

Medium: ntp

Issue Overview: It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses...

7.2CVSS7AI score0.15201EPSS
Exploits4
Amazon
Amazon
added 2016/05/11 12:0 a.m.62 views

Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagi...

10CVSS6.3AI score0.97485EPSS
Exploits13
Amazon
Amazon
added 2016/04/13 12:0 a.m.62 views

Critical: samba

Issue Overview: Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running...

7.5CVSS7.6AI score0.3693EPSS
Exploits0
Amazon
Amazon
added 2014/03/24 12:0 a.m.62 views

Low: kernel

Issue Overview: The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and...

7.8CVSS6.2AI score0.06988EPSS
Exploits0
Amazon
Amazon
added 2014/02/26 12:0 a.m.62 views

Medium: kernel

Issue Overview: The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1...

7.2CVSS6.9AI score0.006EPSS
Exploits0
Amazon
Amazon
added 2013/12/17 12:0 a.m.62 views

Critical: php55

Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...

7.5CVSS8.6AI score0.35635EPSS
Exploits8
Amazon
Amazon
added 2013/05/24 12:0 a.m.62 views

Medium: httpd24

Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...

5.1CVSS8.5AI score0.24886EPSS
Exploits4References1
Total number of security vulnerabilities5000