Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
added 2014/08/21 12:0 a.m.108 views

Medium: kernel

Issue Overview: The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a...

7.8CVSS6.4AI score0.37233EPSS
Exploits24
Amazon
Amazon
added 2022/09/13 12:0 a.m.107 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the putdevice down a bit to avoid the use after free. wsa: added comment to the code, added Fixes...

7.8CVSS7.2AI score0.06214EPSS
Exploits11
Amazon
Amazon
added 2020/11/11 12:0 a.m.106 views

Medium: glib2

Issue Overview: filecopyfallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVE-2019-12450 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2...

9.8CVSS6.9AI score0.02602EPSS
Exploits0
Amazon
Amazon
added 2019/03/18 12:0 a.m.106 views

Medium: squid

Issue Overview: A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine. CVE-2018-19132 Affected Packages: squid Issue Correction: Run yum update squid or yum update --advisory ALAS-2019-1176 to...

5.9CVSS6.8AI score0.06114EPSS
Exploits0
Amazon
Amazon
added 2018/12/20 12:0 a.m.106 views

Important: git

Issue Overview: Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017.CVE-2018-19486 Affecte...

9.8CVSS7.5AI score0.0412EPSS
Exploits0
Amazon
Amazon
added 2014/09/24 12:0 a.m.106 views

Important: bash

Issue Overview: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vecto...

10CVSS9.6AI score0.99999EPSS
Exploits141
Amazon
Amazon
added 2022/01/20 12:0 a.m.105 views

Important: httpd

Issue Overview: There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via...

9.8CVSS8.7AI score0.97108EPSS
Exploits4
Amazon
Amazon
added 2021/02/20 12:0 a.m.105 views

Medium: openssl

Issue Overview: OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS...

7.5CVSS7.3AI score0.50732EPSS
Exploits0
Amazon
Amazon
added 2020/01/06 12:0 a.m.105 views

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Information Schema. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

6.5CVSS5.4AI score0.03726EPSS
Exploits0
Amazon
Amazon
added 2019/08/23 12:0 a.m.105 views

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with...

5.8CVSS7.3AI score0.04472EPSS
Exploits0
Amazon
Amazon
added 2023/08/08 12:0 a.m.104 views

Medium: openssh

Issue Overview: An issue was discovered in OpenSSH 7.4 on Amazon Linux 2 and Amazon Linux 1. The fix for CVE-2019-6111 only covered cases where an absolute path is passed to scp. When a relative path is used there is no verification that the name of a file received by the client matches the file...

5.9CVSS7.4AI score0.58204EPSS
Exploits9
Amazon
Amazon
added 2023/07/19 12:0 a.m.104 views

Medium: tcpdump

Issue Overview: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrpprint for VRRP version 3, a different vulnerability than CVE-2018-14463. CVE-2019-15167 Affected Packages: tcpdump Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

9.1CVSS6.7AI score0.04719EPSS
Exploits0
Amazon
Amazon
added 2022/02/22 12:0 a.m.104 views

Important: log4j

Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

9.8CVSS8.7AI score0.66537EPSS
Exploits1
Amazon
Amazon
added 2018/12/06 12:0 a.m.104 views

Medium: 389-ds-base

Issue Overview: It was found that a specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service.CVE-2018-14648 Affected Packages: 389-ds-base Issue Correction: Run yum update...

7.8CVSS7.8AI score0.06238EPSS
Exploits0
Amazon
Amazon
added 2020/07/29 12:0 a.m.103 views

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

6.5CVSS6.1AI score0.03306EPSS
Exploits0
Amazon
Amazon
added 2019/07/18 12:0 a.m.103 views

Important: python3

Issue Overview: An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ?...

6.1CVSS8.2AI score0.05406EPSS
Exploits2
Amazon
Amazon
added 2019/01/25 12:0 a.m.103 views

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory...

8CVSS7.3AI score0.01455EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.102 views

Important: webkitgtk4

Issue Overview: Impact: Visiting a website that frames malicious content may lead to UI spoofing. Description: The issue was addressed with improved UI handling. CVE-2022-32919 A website may be able to track the websites a user visited in Safari private browsing mode. CVE-2022-32933 A spoofing...

8.8CVSS8.8AI score0.29179EPSS
Exploits3
Amazon
Amazon
added 2023/05/31 12:0 a.m.102 views

Important: kernel

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

7.8CVSS6.7AI score0.12966EPSS
Exploits7
Amazon
Amazon
added 2018/12/06 12:0 a.m.102 views

Important: postgresql96

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

9.1CVSS7.6AI score0.05154EPSS
Exploits0
Amazon
Amazon
added 2014/04/25 12:0 a.m.102 views

Medium: httpd

Issue Overview: It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV reque...

5CVSS8.7AI score0.26831EPSS
Exploits2References1
Amazon
Amazon
added 2021/06/02 12:0 a.m.101 views

Important: nginx

Issue Overview: A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote...

7.7CVSS8.5AI score0.52838EPSS
Exploits10
Amazon
Amazon
added 2020/05/13 12:0 a.m.101 views

Medium: php73

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

8.8CVSS7.4AI score0.04764EPSS
Exploits4
Amazon
Amazon
added 2019/10/21 12:0 a.m.101 views

Low: python-requests

Issue Overview: A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-midd...

7.5CVSS7.6AI score0.07443EPSS
Exploits2
Amazon
Amazon
added 2023/03/07 12:0 a.m.100 views

Medium: ImageMagick

Issue Overview: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file,...

7.8CVSS7.2AI score0.89855EPSS
Exploits33
Amazon
Amazon
added 2022/12/06 12:0 a.m.100 views

Medium: curl

Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...

8.1CVSS7.1AI score0.3197EPSS
Exploits8
Amazon
Amazon
added 2022/01/20 12:0 a.m.100 views

Important: log4j

Issue Overview: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the...

9.8CVSS9.1AI score0.8904EPSS
Exploits14
Amazon
Amazon
added 2019/08/23 12:0 a.m.100 views

Important: libvirt

Issue Overview: Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091 Modern Intel microprocessors implement hardware-level micro-optimizations to...

8.8CVSS7.5AI score0.01553EPSS
Exploits0
Amazon
Amazon
added 2011/12/02 12:0 a.m.100 views

Medium: kernel

Issue Overview: IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. CVE-2011-2699, Important A signedness issue was found in the Linux kernel's CIFS Common Internet File Syste...

9.1CVSS7.6AI score0.05689EPSS
Exploits9References1
Amazon
Amazon
added 2022/01/20 12:0 a.m.99 views

Medium: aws-kinesis-agent

Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...

8.5CVSS9.1AI score0.97906EPSS
Exploits9
Amazon
Amazon
added 2021/07/16 12:0 a.m.99 views

Important: kernel

Issue Overview: A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing SSP, Secure Connections SC and LE Secure Connections LESC of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the...

9.8CVSS6.7AI score0.01261EPSS
Exploits7
Amazon
Amazon
added 2021/07/13 12:0 a.m.99 views

Medium: glibc

Issue Overview: A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the...

7.5CVSS7.3AI score0.03538EPSS
Exploits1
Amazon
Amazon
added 2020/08/31 12:0 a.m.99 views

Important: ruby24

Issue Overview: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.1CVSS7.3AI score0.29726EPSS
Exploits7
Amazon
Amazon
added 2019/12/13 12:0 a.m.99 views

Important: rssh

Issue Overview: Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. CVE-2019-3464 Insufficient sanitati...

9.8CVSS9.3AI score0.04869EPSS
Exploits5
Amazon
Amazon
added 2019/12/13 12:0 a.m.99 views

Medium: samba

Issue Overview: A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba...

5.5CVSS5.1AI score0.03392EPSS
Exploits0
Amazon
Amazon
added 2019/11/14 12:0 a.m.99 views

Medium: microcode_ctl, kernel

Issue Overview: This security update is only applicable to EC2 Bare Metal instance types using Intel processors. Intel has released microcode updates for certain Intel CPUs. After installing the updated microcodectl package, the microcode will be automatically activated on next boot. Improper...

6.5CVSS7.3AI score0.03133EPSS
Exploits0
Amazon
Amazon
added 2019/03/21 12:0 a.m.99 views

Low: libwmf

Issue Overview: The GD Graphics Library aka LibGD has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected. CVE-2019-6978 Affected Packages: libwmf Issue Correction: Run yum update libwmf or yum update --advisory ALAS-2019-1174 to update your...

9.8CVSS9.9AI score0.04416EPSS
Exploits0
Amazon
Amazon
added 2020/11/18 12:0 a.m.98 views

Medium: python27, python34, python35

Issue Overview: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.reques...

7.2CVSS8.1AI score0.0642EPSS
Exploits1
Amazon
Amazon
added 2020/08/12 12:0 a.m.98 views

Medium: ruby20

Issue Overview: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. CVE-2018-16396 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4...

8.1CVSS8AI score0.13911EPSS
Exploits0
Amazon
Amazon
added 2020/07/29 12:0 a.m.98 views

Medium: python27, python34, python35, python36

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

7.1CVSS7.5AI score0.06617EPSS
Exploits1
Amazon
Amazon
added 2018/12/06 12:0 a.m.98 views

Medium: python27

Issue Overview: A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service.CVE-2018-1060 A flaw was found in the way catastrophic backtracking was implemented in python's difflib.ISLINEJUNK...

7.5CVSS6.7AI score0.05103EPSS
Exploits1
Amazon
Amazon
added 2019/08/07 12:0 a.m.97 views

Important: qemu-kvm

Issue Overview: Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off...

5.6CVSS6.2AI score0.01553EPSS
Exploits0
Amazon
Amazon
added 2016/10/12 12:0 a.m.96 views

Medium: openssl

Issue Overview: It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

9.8CVSS8.8AI score0.95707EPSS
Exploits7
Amazon
Amazon
added 2023/03/21 12:0 a.m.95 views

Medium: libxml2

Issue Overview: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a...

7.8CVSS7.3AI score0.22791EPSS
Exploits2
Amazon
Amazon
added 2023/02/04 12:0 a.m.95 views

Important: sudo

Issue Overview: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege...

7.8CVSS8.8AI score0.55367EPSS
Exploits20
Amazon
Amazon
added 2021/07/02 12:0 a.m.95 views

Important: libwebp

Issue Overview: A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2018-25011 A flaw was found in libwebp in versions before 1.0.1. A heap-based...

9.8CVSS8.3AI score0.02662EPSS
Exploits0
Amazon
Amazon
added 2021/06/23 12:0 a.m.95 views

Medium: python-urllib3

Issue Overview: A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to...

6.5CVSS8AI score0.02269EPSS
Exploits0
Amazon
Amazon
added 2019/08/07 12:0 a.m.95 views

Medium: lighttpd

Issue Overview: An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the ali...

7.5CVSS6.8AI score0.1408EPSS
Exploits1
Amazon
Amazon
added 2019/07/17 12:0 a.m.95 views

Medium: python-urllib3

Issue Overview: In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Affected Packages: python-urllib3 Issue Correction: Run yum update python-urllib3 or yum update --advisory ALAS-2019-1236 to update your system. New Package...

6.1CVSS8.5AI score0.02056EPSS
Exploits1
Amazon
Amazon
added 2022/10/11 12:0 a.m.94 views

Medium: ruby

Issue Overview: A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. CVE-2022-28739 Affected...

7.5CVSS7.2AI score0.0387EPSS
Exploits0
Total number of security vulnerabilities5000