Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
•added 2018/04/05 12:0 a.m.•34 views

Critical: python-paramiko

Issue Overview: Authentication bypass in transport.py transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authenticatio...

9.8CVSS9.1AI score0.27065EPSS
Exploits10
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•42 views

Critical: libvorbis

Issue Overview: Vorbis audio processing out of bounds write: An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code. CVE-2018-5146 Affected Packages:...

8.8CVSS8.9AI score0.12054EPSS
Exploits0
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•31 views

Medium: mailman

Issue Overview: Cross-site scripting XSS vulnerability in web UI A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions...

6.1CVSS7.3AI score0.04599EPSS
Exploits3
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•30 views

Medium: nvidia

Issue Overview: NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. CVE-2018-6247 NVIDIA Windows GPU Display Driver contains ...

8.8CVSS7.8AI score0.00411EPSS
Exploits0
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•77 views

Medium: mod_wsgi

Issue Overview: Failure to handle errors when attempting to drop group privileges: modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

6.9CVSS7.1AI score0.00403EPSS
Exploits0
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•31 views

Medium: postgresql93, postgresql94, postgresql95, postgresql96

Issue Overview: Uncontrolled search path element in pgdump and other client applications A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser i...

8.8CVSS8AI score0.14142EPSS
Exploits1
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•68 views

Low: ruby

Issue Overview: Command injection in lib/resolv.rb:lazyinitialize allows arbitrary code execution: The "lazyinitialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. CVE-2017-17790...

9.8CVSS8.9AI score0.05913EPSS
Exploits1
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•32 views

Important: dhcp

Issue Overview: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running...

7.5CVSS7.5AI score0.20242EPSS
Exploits0
Amazon
Amazon
•added 2018/04/05 12:0 a.m.•30 views

Important: dhcp

Issue Overview: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running...

7.5CVSS7.5AI score0.20242EPSS
Exploits0
Amazon
Amazon
•added 2018/04/04 12:0 a.m.•50 views

Medium: ruby20, ruby22, ruby23, ruby24

Issue Overview: Path traversal when writing to a symlinked basedir outside of the root RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Director...

9.8CVSS9.4AI score0.10552EPSS
Exploits1
Amazon
Amazon
•added 2018/03/27 12:0 a.m.•60 views

Important: php71

Issue Overview: Stack-based buffer under-read in ext/standard/httpfopenwrapper.c:phpstreamurlwraphttpex function when parsing HTTP response allows denial of service: In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read...

9.8CVSS9AI score0.87883EPSS
Exploits3
Amazon
Amazon
•added 2018/03/22 12:0 a.m.•51 views

Critical: libvorbis

Issue Overview: Vorbis audio processing out of bounds write MFSA 2018-08: An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code. CVE-2018-5146 Affected...

8.8CVSS8.9AI score0.12054EPSS
Exploits0
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•52 views

Medium: tomcat7, tomcat8

Issue Overview: Late application of security constraints can lead to resource exposure for unauthorised users: Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the U...

6.5CVSS7.2AI score0.17716EPSS
Exploits2
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•43 views

Important: java-1.7.0-openjdk

Issue Overview: DerValue unbounded memory allocation: It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive...

8.3CVSS7.7AI score0.06905EPSS
Exploits0
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•43 views

Medium: clamav

Issue Overview: Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

10CVSS8.7AI score0.10027EPSS
Exploits4
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•50 views

Medium: tomcat80

Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...

6.5CVSS7.2AI score0.17716EPSS
Exploits2
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•28 views

Medium: python-crypto

Issue Overview: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by...

7.5CVSS7.8AI score0.0211EPSS
Exploits1
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•63 views

Medium: ruby24, ruby22, ruby23

Issue Overview: Unsafe object deserialization through YAML formatted gem specifications: A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute...

9.8CVSS9.8AI score0.15853EPSS
Exploits1
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•48 views

Medium: golang

Issue Overview: Arbitrary code execution during "go get" via C compiler options: An arbitrary command execution flaw was found in the way Go's "go get" command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially u...

9.3CVSS8.1AI score0.63229EPSS
Exploits5
Amazon
Amazon
•added 2018/03/21 12:0 a.m.•37 views

Important: 389-ds-base

Issue Overview: Authentication bypass due to lack of size check in slapictmemcmp function in chmalloc.c: It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use th...

8.1CVSS8.2AI score0.04817EPSS
Exploits0
Amazon
Amazon
•added 2018/03/16 12:0 a.m.•64 views

Important: kernel

Issue Overview: Out-of-bounds write via userland offsets in ebtentry struct in netfilter/ebtables.c: A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. CVE-2018-10...

7.2CVSS6.6AI score0.00451EPSS
Exploits0
Amazon
Amazon
•added 2018/03/16 12:0 a.m.•70 views

Important: kernel

Issue Overview: Out-of-bounds write via userland offsets in ebtentry struct in netfilter/ebtables.c: A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. CVE-2018-10...

7.2CVSS6.6AI score0.00451EPSS
Exploits0
Amazon
Amazon
•added 2018/03/08 12:0 a.m.•38 views

Medium: memcached

Issue Overview: It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. It was discovered that the memcached connections...

7.5CVSS8.1AI score0.8864EPSS
Exploits3
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•33 views

Medium: mod_auth_mellon, mod24_auth_mellon

Issue Overview: Cross-site session transfer vulnerability: It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...

6.1CVSS6.5AI score0.01068EPSS
Exploits0
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•30 views

Low: libvpx

Issue Overview: Denial of service DoS in vpx/src/vpximage.c file A vulnerability in the Android media framework libvpx related to odd frame width CVE-2017-13194 Affected Packages: libvpx Issue Correction: Run yum update libvpx or yum update --advisory ALAS-2018-967 to update your system. New...

7.8CVSS7.9AI score0.01805EPSS
Exploits0
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•54 views

Important: GraphicsMagick

Issue Overview: Memory information disclosure in DescribeImage function in magick/describe.c GraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of th...

9.8CVSS9.1AI score0.13679EPSS
Exploits5
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•41 views

Medium: tomcat-native

Issue Overview: Mishandling of client certificates can allow for OCSP check bypass: When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing...

5.9CVSS6.4AI score0.03594EPSS
Exploits0
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•48 views

Critical: exim

Issue Overview: Buffer overflow in b64decode function, possibly leading to remote code execution: An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely...

9.8CVSS9.7AI score0.82238EPSS
Exploits19
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•46 views

Important: mysql55, mysql56, mysql57

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

7.8CVSS7.3AI score0.0452EPSS
Exploits0
Amazon
Amazon
•added 2018/03/07 12:0 a.m.•69 views

Medium: memcached

Issue Overview: It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. It was discovered that the memcached connections...

7.5CVSS8.1AI score0.8864EPSS
Exploits3
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•31 views

Medium: clamav

Issue Overview: Heap-based buffer overflow in mspack/lzxd.c: mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM...

10CVSS8.6AI score0.12779EPSS
Exploits7
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•27 views

Medium: systemd

Issue Overview: Access to automounted volumes can lock up A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.CVE-2018-1049 Affected Packages: systemd Note: This advisory is applicable to...

5.9CVSS6.4AI score0.0726EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•36 views

Low: tomcat8

Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The updat...

5.3CVSS6.3AI score0.06198EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•41 views

Medium: dhcp

Issue Overview: Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to...

7.5CVSS6.1AI score0.72724EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•27 views

Important: 389-ds-base

Issue Overview: Remote DoS via search filters in slapifiltersprintf in slapd/util.c A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted...

7.5CVSS7.9AI score0.04093EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•29 views

Important: 389-ds-base

Issue Overview: Remote DoS via search filters in slapifiltersprintf in slapd/util.c A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted...

7.5CVSS8AI score0.04093EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•27 views

Medium: nautilus

Issue Overview: Insufficient validation of trust of .desktop files with execute permission An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a...

6.5CVSS6.4AI score0.02471EPSS
Exploits1
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•39 views

Important: quagga

Issue Overview: Infinite loop issue triggered by invalid OPEN message allows denial-of-service An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it...

9.8CVSS8.2AI score0.39045EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•74 views

Important: curl

Issue Overview: Out-of-bounds read in code handling HTTP/2 trailers: libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less th...

9.8CVSS7.9AI score0.08031EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•84 views

Important: linux-firmware

Issue Overview: Speculative execution branch target injection An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ ...

5.6CVSS7.4AI score0.74041EPSS
Exploits8
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•54 views

Important: kernel

Issue Overview: Kernel address information leak in drivers/acpi/sbshc.c:acpismbushcadd function potentially allowing KASLR bypass The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg...

7.8CVSS7AI score0.93838EPSS
Exploits98
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•68 views

Important: kernel

Issue Overview: Stack-based out-of-bounds read via vmcall instruction Linux kernel compiled with the KVM virtualization CONFIGKVM support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this...

7.8CVSS7AI score0.93838EPSS
Exploits98
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•30 views

Important: bind

Issue Overview: Improper fetch cleanup sequencing in the resolver can cause named to crash A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to...

7.5CVSS7.3AI score0.27725EPSS
Exploits0
Amazon
Amazon
•added 2018/02/20 12:0 a.m.•35 views

Important: bind

Issue Overview: Improper fetch cleanup sequencing in the resolver can cause named to crash: A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to...

7.5CVSS7.2AI score0.27725EPSS
Exploits0
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•41 views

Medium: python27

Issue Overview: Integer overflow in PyStringDecodeEscape results in heap-base buffer overflow CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

9.8CVSS8.5AI score0.07944EPSS
Exploits0
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•52 views

Important: java-1.8.0-openjdk

Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...

8.3CVSS7.7AI score0.06905EPSS
Exploits0
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•56 views

Important: java-1.8.0-openjdk

Issue Overview: SingleEntryRegistry incorrect setup of deserialization filter JMX, 8186998 It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass...

8.3CVSS7.8AI score0.06905EPSS
Exploits0
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•21 views

Medium: transmission

Issue Overview: Transmission relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a D...

8.8CVSS9.3AI score0.11926EPSS
Exploits1
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•78 views

Medium: php56, php70, php71

Issue Overview: Reflected XSS in .phar 404 page An issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Denial of Service DoS via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gdgifin.c Th...

6.1CVSS6.8AI score0.79949EPSS
Exploits1
Amazon
Amazon
•added 2018/02/07 12:0 a.m.•83 views

Important: qemu-kvm

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

5.6CVSS7.3AI score0.74041EPSS
Exploits8
Total number of security vulnerabilities8850