Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2015/06/16 12:0 a.m.29 views

Medium: postgresql92

Issue Overview: Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire...

4.3CVSS9.1AI score0.08565EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.36 views

Medium: postgresql93

Issue Overview: Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire...

4.3CVSS9.1AI score0.08565EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.78 views

Medium: openssl

Issue Overview: LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient...

7.5CVSS8AI score0.9986EPSS
Exploits2
Amazon
Amazon
added 2015/06/16 12:0 a.m.46 views

Medium: ruby22

Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...

5CVSS8.3AI score0.08934EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.59 views

Medium: ruby20

Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...

5CVSS8.3AI score0.08934EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.47 views

Medium: kernel

Issue Overview: A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capnglock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid system call, among others...

6.9CVSS6AI score0.00357EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.43 views

Medium: ruby21

Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...

5CVSS8.3AI score0.08934EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.43 views

Medium: libcap-ng

Issue Overview: A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capnglock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid system call, among others...

6.9CVSS6.1AI score0.00357EPSS
Exploits0
Amazon
Amazon
added 2015/06/16 12:0 a.m.35 views

Low: e2fsprogs

Issue Overview: A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library for example, fsck to crash or, possibly, execute arbitrary code. Affected Packages: e2fsprogs Issue Correction: Run yum update...

4.6CVSS9.6AI score0.00897EPSS
Exploits0
Amazon
Amazon
added 2015/06/11 12:0 a.m.48 views

Low: libjpeg-turbo

Issue Overview: A flaw in libjpeg-turbo was reported http://seclists.org/oss-sec/2014/q4/557 that could lead to a local denial of service when processing a specially-crafted JPEG issue. Affected Packages: libjpeg-turbo Issue Correction: Run yum update libjpeg-turbo or yum update --advisory...

6.5CVSS6.8AI score0.03235EPSS
Exploits0
Amazon
Amazon
added 2015/06/11 12:0 a.m.44 views

Medium: python-pip

Issue Overview: A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. Affected Packages: python-pip Issue Correction: Run yum update python-pip or yum update...

6.8CVSS7.7AI score0.03408EPSS
Exploits0
Amazon
Amazon
added 2015/06/02 12:0 a.m.43 views

Medium: chrony

Issue Overview: As reported upstream http://chrony.tuxfamily.org/News.html: When NTP or cmdmon access was configured from chrony.conf or via authenticated cmdmon with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder e.g. 192.168.15.0/22 or...

6.5CVSS7.9AI score0.03439EPSS
Exploits0
Amazon
Amazon
added 2015/06/02 12:0 a.m.53 views

Medium: clamav

Issue Overview: ClamAV before 0.98.7 allows remote attackers to cause a denial of service infinite loop via a crafted y0da cryptor file. CVE-2015-2221 ClamAV before 0.98.7 allows remote attackers to cause a denial of service infinite loop via a crafted xz archive file. CVE-2015-2668 ClamAV before...

5CVSS6.6AI score0.03215EPSS
Exploits0
Amazon
Amazon
added 2015/06/02 12:0 a.m.90 views

Important: php56

Issue Overview: An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. CVE-2015-4021 An integer overflow flaw leading to...

7.8CVSS9AI score0.50129EPSS
Exploits6
Amazon
Amazon
added 2015/06/02 12:0 a.m.42 views

Important: 389-ds-base

Issue Overview: A flaw was found in the authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. Affected Packages: 389-ds-base Issue...

7.5CVSS7.6AI score0.02142EPSS
Exploits0
Amazon
Amazon
added 2015/06/02 12:0 a.m.78 views

Medium: php55

Issue Overview: An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. CVE-2015-4021 An integer overflow flaw leading to...

7.5CVSS9.8AI score0.50129EPSS
Exploits4
Amazon
Amazon
added 2015/06/02 12:0 a.m.65 views

Important: php54

Issue Overview: An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. CVE-2015-4021 An integer overflow flaw leading to...

7.8CVSS9AI score0.50129EPSS
Exploits6
Amazon
Amazon
added 2015/05/27 12:0 a.m.41 views

Low: pcre

Issue Overview: A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions. Affected Packages: pcre Issue Correction: Run yum update pcre or yum update --advisory...

5CVSS7.4AI score0.06505EPSS
Exploits0
Amazon
Amazon
added 2015/05/27 12:0 a.m.48 views

Medium: ruby20

Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...

5.9CVSS8.1AI score0.02815EPSS
Exploits2
Amazon
Amazon
added 2015/05/27 12:0 a.m.49 views

Medium: ruby21

Issue Overview: As discussed in an upstream announcment https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-149...

5.9CVSS8.1AI score0.02815EPSS
Exploits2
Amazon
Amazon
added 2015/05/27 12:0 a.m.41 views

Medium: ruby22

Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...

5.9CVSS8.1AI score0.02815EPSS
Exploits2
Amazon
Amazon
added 2015/05/27 12:0 a.m.52 views

Medium: ruby19

Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...

5.9CVSS8.1AI score0.02815EPSS
Exploits2
Amazon
Amazon
added 2015/05/27 12:0 a.m.42 views

Medium: ruby18

Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...

5.9CVSS8.1AI score0.02815EPSS
Exploits2
Amazon
Amazon
added 2015/05/14 12:0 a.m.42 views

Medium: tomcat6

Issue Overview: It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of...

6.4CVSS7.3AI score0.21045EPSS
Exploits0References1
Amazon
Amazon
added 2015/05/14 12:0 a.m.48 views

Medium: tomcat8

Issue Overview: It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data,...

6.4CVSS7.4AI score0.21045EPSS
Exploits1
Amazon
Amazon
added 2015/05/14 12:0 a.m.47 views

Medium: tomcat7

Issue Overview: It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data,...

6.4CVSS7.4AI score0.21045EPSS
Exploits1
Amazon
Amazon
added 2015/05/14 12:0 a.m.44 views

Medium: php

Issue Overview: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression...

6.8CVSS8.5AI score0.0837EPSS
Exploits1
Amazon
Amazon
added 2015/05/14 12:0 a.m.59 views

Medium: kernel

Issue Overview: A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a...

9.3CVSS7.5AI score0.10108EPSS
Exploits6
Amazon
Amazon
added 2015/05/07 12:0 a.m.37 views

Critical: docker

Issue Overview: The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627...

7.8CVSS6.6AI score0.00609EPSS
Exploits0
Amazon
Amazon
added 2015/05/05 12:0 a.m.42 views

Medium: krb5

Issue Overview: A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi could call the gssprocesscontexttoken function and use this flaw to crash that...

9CVSS7.7AI score0.06213EPSS
Exploits0References1
Amazon
Amazon
added 2015/05/05 12:0 a.m.51 views

Medium: xorg-x11-server

Issue Overview: A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request...

6.4CVSS6.7AI score0.04502EPSS
Exploits0References1
Amazon
Amazon
added 2015/05/05 12:0 a.m.69 views

Important: ntp

Issue Overview: The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. CVE-2015-1798 The...

4.3CVSS6.4AI score0.02219EPSS
Exploits0
Amazon
Amazon
added 2015/05/05 12:0 a.m.56 views

Important: java-1.8.0-openjdk

Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...

10CVSS6.3AI score0.07224EPSS
Exploits1References1
Amazon
Amazon
added 2015/05/05 12:0 a.m.64 views

Low: python-tornado

Issue Overview: A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate suc...

4.3CVSS6.8AI score0.04857EPSS
Exploits0
Amazon
Amazon
added 2015/04/23 12:0 a.m.57 views

Important: java-1.6.0-openjdk

Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...

10CVSS6.2AI score0.07224EPSS
Exploits1References1
Amazon
Amazon
added 2015/04/23 12:0 a.m.71 views

Important: java-1.7.0-openjdk

Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...

10CVSS6.2AI score0.07224EPSS
Exploits1References1
Amazon
Amazon
added 2015/04/22 12:0 a.m.54 views

Medium: glibc

Issue Overview: A buffer overflow flaw was found in the way glibc's gethostbynamer and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw t...

6.8CVSS9AI score0.05808EPSS
Exploits2References1
Amazon
Amazon
added 2015/04/22 12:0 a.m.50 views

Medium: curl

Issue Overview: It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to t...

9CVSS8.4AI score0.3763EPSS
Exploits0
Amazon
Amazon
added 2015/04/17 12:0 a.m.66 views

Important: php54

Issue Overview: A buffer overflow vulnerability was found in PHP's phar PHP Archive implementation. See https://bugs.php.net/bug.php?id=69324 for more details. CVE-2015-2783 A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly us...

7.5CVSS8.8AI score0.38434EPSS
Exploits5
Amazon
Amazon
added 2015/04/17 12:0 a.m.78 views

Low: php55

Issue Overview: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or...

7.5CVSS8.7AI score0.38434EPSS
Exploits3
Amazon
Amazon
added 2015/04/17 12:0 a.m.57 views

Low: php56

Issue Overview: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or...

7.5CVSS8.7AI score0.38434EPSS
Exploits3
Amazon
Amazon
added 2015/04/17 12:0 a.m.35 views

Medium: python-botocore

Issue Overview: A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. Affected Packages: python-botocore Issue Correction: Run yum update python-botocore or y...

6.8CVSS7.7AI score0.03408EPSS
Exploits0
Amazon
Amazon
added 2015/04/15 12:0 a.m.44 views

Medium: unzip

Issue Overview: A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. CVE-2014-9636 A buffer overflow flaw was...

7.8CVSS7.7AI score0.11562EPSS
Exploits0References1
Amazon
Amazon
added 2015/04/15 12:0 a.m.47 views

Medium: postgresql8

Issue Overview: An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages...

9.8CVSS8.1AI score0.05533EPSS
Exploits0References1
Amazon
Amazon
added 2015/04/15 12:0 a.m.34 views

Important: flac

Issue Overview: A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. CVE-2014-9028 A buffer over-rea...

7.5CVSS7.8AI score0.0986EPSS
Exploits0References1
Amazon
Amazon
added 2015/04/15 12:0 a.m.94 views

Important: php56

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

7.5CVSS8.8AI score0.42593EPSS
Exploits7
Amazon
Amazon
added 2015/04/15 12:0 a.m.87 views

Important: php54

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

7.5CVSS8.8AI score0.42593EPSS
Exploits7
Amazon
Amazon
added 2015/04/15 12:0 a.m.72 views

Important: php55

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

7.5CVSS8.8AI score0.42593EPSS
Exploits7
Amazon
Amazon
added 2015/04/01 12:0 a.m.30 views

Low: gpgme

Issue Overview: Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "different line lengths in a...

6.8CVSS7.9AI score0.04289EPSS
Exploits0
Amazon
Amazon
added 2015/04/01 12:0 a.m.42 views

Important: freetype

Issue Overview: Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash...

7.5CVSS8.7AI score0.0571EPSS
Exploits13References1
Total number of security vulnerabilities8850