Lucene search
K
AmazonMost viewed

8850 matches found

Amazon
Amazon
•added 2014/08/21 12:0 a.m.•87 views

Medium: php

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the...

7.5CVSS8.6AI score0.30128EPSS
Exploits4
Amazon
Amazon
•added 2014/02/03 12:0 a.m.•87 views

Medium: augeas

Issue Overview: A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content. CVE-2013-6412 Affected Packages: augea...

4.6CVSS6.3AI score0.00368EPSS
Exploits0References1
Amazon
Amazon
•added 2023/09/05 12:0 a.m.•86 views

Medium: glibc

Issue Overview: A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the...

7CVSS7.3AI score0.00758EPSS
Exploits1
Amazon
Amazon
•added 2022/12/06 12:0 a.m.•86 views

Medium: tcpdump

Issue Overview: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrpprint for VRRP version 3, a different vulnerability than CVE-2018-14463. CVE-2019-15167 Affected Packages: tcpdump Issue Correction: Run yum update tcpdump or yum update --advisory ALAS-2022-1641 to...

9.1CVSS6.8AI score0.04719EPSS
Exploits0
Amazon
Amazon
•added 2021/07/13 12:0 a.m.•86 views

Medium: golang

Issue Overview: A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB...

5.9CVSS7.1AI score0.03692EPSS
Exploits0
Amazon
Amazon
•added 2020/08/31 12:0 a.m.•86 views

Medium: ruby19, ruby21

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.1AI score0.13911EPSS
Exploits0
Amazon
Amazon
•added 2020/04/23 12:0 a.m.•86 views

Low: libtirpc

Issue Overview: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefdxprt was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could...

7.5CVSS5.7AI score0.03861EPSS
Exploits0
Amazon
Amazon
•added 2020/03/16 12:0 a.m.•86 views

Important: sudo

Issue Overview: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, an...

7.8CVSS8.2AI score0.19426EPSS
Exploits13
Amazon
Amazon
•added 2018/04/19 12:0 a.m.•86 views

Medium: kernel

Issue Overview: Missing length check of payload in net/sctp/smmakechunk.c:sctpmakechunk function allows denial of service: An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

7.1CVSS6.3AI score0.0363EPSS
Exploits1
Amazon
Amazon
•added 2017/10/02 12:0 a.m.•86 views

Critical: dnsmasq

Issue Overview: Information leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data...

9.8CVSS9.1AI score0.93307EPSS
Exploits32
Amazon
Amazon
•added 2016/03/16 12:0 a.m.•86 views

Low: php54

Issue Overview: A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language XSL transformations using untrusted XSLT files and allowed the use of PHP functions to be...

9.8CVSS9AI score0.46801EPSS
Exploits7
Amazon
Amazon
•added 2015/04/15 12:0 a.m.•86 views

Important: php54

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

7.5CVSS8.8AI score0.42593EPSS
Exploits7
Amazon
Amazon
•added 2024/04/30 12:0 a.m.•85 views

Important: bind

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

7.5CVSS7.5AI score0.99995EPSS
Exploits1
Amazon
Amazon
•added 2021/02/17 6:3 p.m.•85 views

Important: glibc

Issue Overview: A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. CVE-2019-25013 Affected...

7.1CVSS7AI score0.03538EPSS
Exploits0
Amazon
Amazon
•added 2020/10/27 12:0 a.m.•85 views

Medium: expat

Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...

7.8CVSS8.3AI score0.07107EPSS
Exploits2
Amazon
Amazon
•added 2020/03/16 12:0 a.m.•85 views

Important: nss, nss-softokn, nss-util, nspr

Issue Overview: A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the...

8.8CVSS7.8AI score0.44398EPSS
Exploits1
Amazon
Amazon
•added 2020/02/17 12:0 a.m.•85 views

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with netwo...

8.1CVSS7.4AI score0.04903EPSS
Exploits0
Amazon
Amazon
•added 2019/10/31 12:0 a.m.•86 views

Critical: php

Issue Overview: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

9.8CVSS8.5AI score0.9947EPSS
Exploits54
Amazon
Amazon
•added 2019/10/28 12:0 a.m.•85 views

Medium: python27, python34, python35, python36

Issue Overview: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on th...

7.5CVSS8AI score0.05366EPSS
Exploits0
Amazon
Amazon
•added 2019/08/23 12:0 a.m.•85 views

Medium: poppler

Issue Overview: XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in...

9.8CVSS8.1AI score0.03518EPSS
Exploits9
Amazon
Amazon
•added 2018/12/06 12:0 a.m.•86 views

Important: postgresql95

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

8.5CVSS8.3AI score0.05154EPSS
Exploits0
Amazon
Amazon
•added 2016/05/18 12:0 a.m.•85 views

Medium: kernel

Issue Overview: The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area. CVE-2016-3961 / XSA-174 A flaw was found in the way the Linux kernel's...

7.8CVSS6.6AI score0.10202EPSS
Exploits9
Amazon
Amazon
•added 2015/01/08 12:0 a.m.•85 views

Medium: php55

Issue Overview: Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of...

10CVSS8.6AI score0.53166EPSS
Exploits8
Amazon
Amazon
•added 2024/04/30 12:0 a.m.•84 views

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

7.3CVSS6.8AI score0.03914EPSS
Exploits0
Amazon
Amazon
•added 2023/02/07 12:0 a.m.•84 views

Important: openssl11

Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...

7.5CVSS7.4AI score0.59501EPSS
Exploits0
Amazon
Amazon
•added 2022/07/07 12:0 a.m.•84 views

Medium: expat

Issue Overview: In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. CVE-2021-46143 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 h...

9.8CVSS8.5AI score0.04829EPSS
Exploits1
Amazon
Amazon
•added 2020/08/31 12:0 a.m.•84 views

Medium: python27

Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 Affected Packages: python27 Issue Correction: Run yum update python27 or yum updat...

7.5CVSS7.9AI score0.06304EPSS
Exploits0
Amazon
Amazon
•added 2020/07/29 12:0 a.m.•84 views

Important: nghttp2

Issue Overview: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The...

7.5CVSS7.1AI score0.05316EPSS
Exploits0
Amazon
Amazon
•added 2020/06/03 12:0 a.m.•84 views

Medium: python

Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...

7.1CVSS8AI score0.06617EPSS
Exploits2
Amazon
Amazon
•added 2020/06/03 12:0 a.m.•84 views

Medium: python27

Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...

6.1CVSS7.3AI score0.05406EPSS
Exploits3
Amazon
Amazon
•added 2020/03/02 12:0 a.m.•84 views

Important: qemu

Issue Overview: ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-14378 Affected Packages: qemu Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

8.8CVSS8.1AI score0.16658EPSS
Exploits3
Amazon
Amazon
•added 2020/02/05 12:0 a.m.•84 views

Medium: python-pip

Issue Overview: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store...

7.5CVSS8.5AI score0.02813EPSS
Exploits1
Amazon
Amazon
•added 2019/03/21 12:0 a.m.•84 views

Low: nvidia

Issue Overview: NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. CVE-2018-6260 Affected...

5.5CVSS5.9AI score0.00393EPSS
Exploits0
Amazon
Amazon
•added 2018/12/06 12:0 a.m.•84 views

Important: postgresql93, postgresql94

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

8.5CVSS8.7AI score0.05154EPSS
Exploits0
Amazon
Amazon
•added 2018/11/07 12:0 a.m.•84 views

Medium: kernel

Issue Overview: An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...

7.1CVSS7AI score0.00694EPSS
Exploits1
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•84 views

Important: linux-firmware

Issue Overview: Speculative execution branch target injection An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ ...

5.6CVSS7.4AI score0.74041EPSS
Exploits8
Amazon
Amazon
•added 2016/12/06 12:0 a.m.•84 views

Important: kernel

Issue Overview: CVE-2016-8645 kernel: a BUG statement can be hit in net/ipv4/tcpinput.c It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcpfastopen; set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls leading to a possible system...

7.8CVSS7.1AI score0.11127EPSS
Exploits16
Amazon
Amazon
•added 2016/03/10 12:0 a.m.•84 views

Important: openssl

Issue Overview: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This...

10CVSS8.9AI score0.82112EPSS
Exploits2
Amazon
Amazon
•added 2014/07/31 12:0 a.m.•84 views

Important: httpd

Issue Overview: A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cau...

6.8CVSS8.4AI score0.85744EPSS
Exploits5References1
Amazon
Amazon
•added 2014/07/09 12:0 a.m.•84 views

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

7.5CVSS8.5AI score0.30128EPSS
Exploits5
Amazon
Amazon
•added 2024/06/24 12:0 a.m.•83 views

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

6.1CVSS6.6AI score0.00979EPSS
Exploits0
Amazon
Amazon
•added 2024/06/12 12:0 a.m.•83 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl CVE-2021-47634 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user t...

7.8CVSS7.9AI score0.01179EPSS
Exploits0
Amazon
Amazon
•added 2022/08/05 12:0 a.m.•83 views

Important: tomcat8

Issue Overview: A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled...

8.6CVSS7.6AI score0.71653EPSS
Exploits5
Amazon
Amazon
•added 2021/01/26 12:0 a.m.•83 views

Important: kernel

Issue Overview: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c,...

9.3CVSS6.8AI score0.03293EPSS
Exploits6
Amazon
Amazon
•added 2019/08/07 12:0 a.m.•83 views

Important: ruby20, ruby21, ruby24

Issue Overview: An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.CVE-2019-8322 An issue was discovered in RubyGems. Gem::GemcutterUtilitieswithresponse...

8.8CVSS7.6AI score0.04212EPSS
Exploits1
Amazon
Amazon
•added 2018/05/10 12:0 a.m.•83 views

Medium: openssl

Issue Overview: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believe...

7.5CVSS7.1AI score0.83645EPSS
Exploits2
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•83 views

Important: libvirt

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

5.6CVSS7.3AI score0.74041EPSS
Exploits8
Amazon
Amazon
•added 2011/10/31 12:0 a.m.•83 views

Medium: httpd

Issue Overview: It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make...

5CVSS8.1AI score0.90734EPSS
Exploits14References1
Amazon
Amazon
•added 2024/05/03 12:0 a.m.•82 views

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

7.3CVSS7.5AI score0.03914EPSS
Exploits0
Amazon
Amazon
•added 2023/10/17 12:0 a.m.•82 views

Important: golang

Issue Overview: Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the...

8.1CVSS8AI score0.99999EPSS
Exploits19
Total number of security vulnerabilities5000