Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2020/03/09 12:0 a.m.142 views

Important: tomcat8

Issue Overview: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located...

9.8CVSS8.4AI score0.9927EPSS
Exploits45
Amazon
Amazon
added 2012/02/16 12:0 a.m.139 views

Medium: httpd

Issue Overview: It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a...

5CVSS8.9AI score0.90734EPSS
Exploits24References1
Amazon
Amazon
added 2019/11/04 12:0 a.m.138 views

Important: subversion

Issue Overview: In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.CVE-2018-11782 In Apache Subversion versio...

7.5CVSS7.2AI score0.0344EPSS
Exploits0
Amazon
Amazon
added 2019/03/21 12:0 a.m.138 views

Low: openssl

Issue Overview: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. CVE-2018-0734 Affected Packages: openssl Issue Correction: Run yum update openssl or yum updat...

5.9CVSS6.8AI score0.12154EPSS
Exploits0
Amazon
Amazon
added 2021/04/21 12:0 a.m.137 views

Medium: ipa

Issue Overview: A flaw was found in jQuery. HTML containing elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6
Amazon
Amazon
added 2020/02/04 12:0 a.m.137 views

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is...

9.8CVSS7.6AI score0.08818EPSS
Exploits5
Amazon
Amazon
added 2019/07/17 12:0 a.m.137 views

Medium: php71, php72, php73

Issue Overview: Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that...

9.1CVSS5.8AI score0.04332EPSS
Exploits3
Amazon
Amazon
added 2020/12/09 12:0 a.m.136 views

Important: openssl, openssl11

Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...

5.9CVSS6.9AI score0.06968EPSS
Exploits3
Amazon
Amazon
added 2020/03/09 12:0 a.m.136 views

Important: tomcat7

Issue Overview: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located...

9.8CVSS8.4AI score0.9927EPSS
Exploits45
Amazon
Amazon
added 2014/04/07 12:0 a.m.136 views

Critical: openssl

Issue Overview: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers ...

7.5CVSS7.5AI score0.99999EPSS
Exploits87
Amazon
Amazon
added 2022/01/20 12:0 a.m.135 views

Medium: log4j

Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j...

10CVSS9AI score0.99999EPSS
Exploits352
Amazon
Amazon
added 2021/06/16 8:37 p.m.135 views

Important: httpd

Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows CVE-2020-13938 A flaw was found In Apache httpd. The modproxy has a NULL...

9.8CVSS0.5AI score0.68067EPSS
Exploits0
Amazon
Amazon
added 2018/12/13 12:0 a.m.135 views

Medium: nginx

Issue Overview: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used i...

7.8CVSS7AI score0.47057EPSS
Exploits0
Amazon
Amazon
added 2014/09/17 12:0 a.m.135 views

Low: httpd

Issue Overview: The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

5CVSS6.6AI score0.60205EPSS
Exploits2
Amazon
Amazon
added 2023/03/21 12:0 a.m.134 views

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

9.8CVSS6.8AI score0.8377EPSS
Exploits5
Amazon
Amazon
added 2019/09/13 12:0 a.m.134 views

Medium: perl-Archive-Tar

Issue Overview: It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl...

7.5CVSS8AI score0.08207EPSS
Exploits1
Amazon
Amazon
added 2019/03/20 12:0 a.m.134 views

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

7.1CVSS6.6AI score0.04457EPSS
Exploits0
Amazon
Amazon
added 2018/12/06 12:0 a.m.134 views

Medium: mysql56

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

9.8CVSS7.8AI score0.0595EPSS
Exploits0
Amazon
Amazon
added 2019/03/21 12:0 a.m.133 views

Medium: python27, python34, python35, python36

Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...

7.5CVSS8AI score0.20743EPSS
Exploits1
Amazon
Amazon
added 2017/11/02 12:0 a.m.133 views

Medium: httpd

Issue Overview: Hash character matches all IPs: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. CVE-2017-12171 Affected...

6.5CVSS6.9AI score0.08078EPSS
Exploits0
Amazon
Amazon
added 2011/11/19 12:0 a.m.133 views

Medium: kernel

Issue Overview: The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service CPU consumption via a crafted application that makes epollcreate and epollctl system calls. Buffer...

6.9CVSS6.8AI score0.00795EPSS
Exploits3
Amazon
Amazon
added 2019/07/17 12:0 a.m.132 views

Important: bind

Issue Overview: A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as l...

7.5CVSS7.9AI score0.06404EPSS
Exploits0
Amazon
Amazon
added 2019/05/16 12:0 a.m.132 views

Medium: ntp

Issue Overview: NTP has a NULL pointer dereference attack in an authenticated mode 6 packet. CVE-2019-8936 Affected Packages: ntp Issue Correction: Run yum update ntp or yum update --advisory ALAS-2019-1206 to update your system. New Packages: i686: ntp-debuginfo-4.2.8p12-1.41.amzn1.i686 ...

7.5CVSS7AI score0.05726EPSS
Exploits2
Amazon
Amazon
added 2018/12/06 12:0 a.m.132 views

Medium: mysql55

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with...

9.8CVSS7.8AI score0.0595EPSS
Exploits0
Amazon
Amazon
added 2019/05/02 12:0 a.m.131 views

Important: mod24_auth_mellon

Issue Overview: A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7AI score0.02969EPSS
Exploits1
Amazon
Amazon
added 2018/12/06 12:0 a.m.131 views

Medium: glibc

Issue Overview: A buffer overflow has been discovered in the GNU C Library aka glibc or libc6 in the mempcpyavx512novzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.CVE-2018-11237 elf/dl-load....

9.8CVSS8.8AI score0.074EPSS
Exploits3
Amazon
Amazon
added 2020/06/03 12:0 a.m.130 views

Important: kernel

Issue Overview: In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4xattrsetentry use-after-free in fs/ext4/xattr.c when a large oldsize value is used in a memset call.CVE-2019-19319 In the Linux...

7.5CVSS6.4AI score0.0415EPSS
Exploits1
Amazon
Amazon
added 2020/02/17 12:0 a.m.130 views

Important: sqlite

Issue Overview: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13734 Affected Packages: sqlite Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit th...

8.8CVSS8.6AI score0.04022EPSS
Exploits0
Amazon
Amazon
added 2018/12/20 12:0 a.m.130 views

Important: ghostscript

Issue Overview: It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document.CVE-2018-16509 Affect...

9.3CVSS8.3AI score0.92499EPSS
Exploits4
Amazon
Amazon
added 2014/08/21 12:0 a.m.130 views

Important: 389-ds-base

Issue Overview: It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose...

5CVSS6.6AI score0.02198EPSS
Exploits0
Amazon
Amazon
added 2021/01/07 12:0 a.m.129 views

Important: libuv

Issue Overview: Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on t...

7.5CVSS6.4AI score0.08794EPSS
Exploits0
Amazon
Amazon
added 2017/09/13 12:0 a.m.129 views

Important: httpd

Issue Overview: A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. CVE-2017-3169 It was...

9.8CVSS9.4AI score0.5677EPSS
Exploits3
Amazon
Amazon
added 2023/02/07 12:0 a.m.128 views

Important: openssl

Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...

7.5CVSS7.3AI score0.59501EPSS
Exploits0
Amazon
Amazon
added 2021/05/20 5:0 p.m.128 views

Important: systemd

Issue Overview: It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the...

7.8CVSS0.7AI score0.02279EPSS
Exploits8
Amazon
Amazon
added 2020/02/04 12:0 a.m.128 views

Medium: python-pip

Issue Overview: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store...

7.5CVSS8.5AI score0.02813EPSS
Exploits1
Amazon
Amazon
added 2019/09/08 12:0 a.m.128 views

Critical: exim

Issue Overview: Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.CVE-2019-15846 Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory ALAS-2019-1277 to update your system. New Packages: i686: ...

10CVSS10AI score0.35736EPSS
Exploits3
Amazon
Amazon
added 2019/07/17 12:0 a.m.128 views

Medium: libxslt

Issue Overview: libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVE-2019-11068 Affected...

9.8CVSS7.7AI score0.0523EPSS
Exploits0
Amazon
Amazon
added 2019/05/16 12:0 a.m.128 views

Low: graphviz

Issue Overview: The agroot function in cgraph\obj.c in libcgraph.a in Graphviz has a NULL pointer dereference, as demonstrated by graphml2gv. CVE-2019-11023 Affected Packages: graphviz Issue Correction: Run yum update graphviz or yum update --advisory ALAS-2019-1207 to update your system. New...

8.8CVSS8.9AI score0.05037EPSS
Exploits1
Amazon
Amazon
added 2019/09/13 12:0 a.m.127 views

Low: kernel

Issue Overview: An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discov...

5.5CVSS6.9AI score0.00694EPSS
Exploits1
Amazon
Amazon
added 2019/08/07 12:0 a.m.127 views

Important: python34, python35, python36

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...

9.8CVSS8.3AI score0.08811EPSS
Exploits0
Amazon
Amazon
added 2020/05/13 12:0 a.m.126 views

Important: kernel

Issue Overview: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIP...

7.8CVSS6.5AI score0.03097EPSS
Exploits1
Amazon
Amazon
added 2019/09/13 12:0 a.m.125 views

Medium: zsh

Issue Overview: It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.CVE-2018-13259...

9.8CVSS9.5AI score0.02723EPSS
Exploits0
Amazon
Amazon
added 2019/07/25 12:0 a.m.125 views

Important: exim

Issue Overview: Exim allows remote code execution as root in some unusual configurations that use the $sort expansion for items that can be controlled by an attacker e.g., $localpart or $domain. CVE-2019-13917 Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory...

10CVSS9.9AI score0.08622EPSS
Exploits0
Amazon
Amazon
added 2013/03/26 12:0 a.m.125 views

Medium: httpd

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...

4.3CVSS7.8AI score0.22913EPSS
Exploits3
Amazon
Amazon
added 2018/12/20 12:0 a.m.124 views

Medium: kernel

Issue Overview: A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new...

5.5CVSS6.2AI score0.0053EPSS
Exploits0
Amazon
Amazon
added 2017/10/26 12:0 a.m.124 views

Important: tomcat8, tomcat80, tomcat7

Issue Overview: A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. CVE-2017-12617 Affected Packages: tomcat8, tomcat80, tomcat7...

8.1CVSS8.1AI score0.99988EPSS
Exploits23
Amazon
Amazon
added 2017/10/26 12:0 a.m.124 views

Critical: java-1.8.0-openjdk

Issue Overview: Multiple unbounded memory allocations in deserialization Serialization, 8174109 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE...

9.6CVSS8.7AI score0.16181EPSS
Exploits2
Amazon
Amazon
added 2023/08/07 12:0 a.m.121 views

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of thi...

5.9CVSS5AI score0.01164EPSS
Exploits0
Amazon
Amazon
added 2019/10/12 12:0 a.m.121 views

Important: sudo

Issue Overview: When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands ...

9CVSS8AI score0.63917EPSS
Exploits10
Amazon
Amazon
added 2019/07/17 12:0 a.m.121 views

Medium: docker

Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...

7.5CVSS7.5AI score0.03398EPSS
Exploits2
Total number of security vulnerabilities5000