Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2014/03/06 12:0 a.m.44 views

Important: gnutls

Issue Overview: It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could ...

5.8CVSS6.7AI score0.29958EPSS
Exploits1References1
Amazon
Amazon
added 2014/03/06 12:0 a.m.49 views

Medium: lighttpd

Issue Overview: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, whi...

7.6CVSS7.2AI score0.10721EPSS
Exploits1
Amazon
Amazon
added 2014/03/06 12:0 a.m.49 views

Medium: mysql51

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908 A buffer overflow flaw was found in the way the MySQL command line client tool mysql processed excessivel...

7.5CVSS7.6AI score0.06353EPSS
Exploits0References1
Amazon
Amazon
added 2014/03/06 12:0 a.m.29 views

Low: socat

Issue Overview: Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line. Affected Packages: socat Issue Correction: Run yum...

1.9CVSS6.2AI score0.00404EPSS
Exploits1
Amazon
Amazon
added 2014/03/06 12:0 a.m.37 views

Medium: graphviz-php

Issue Overview: Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Stack-based buffer overflow in the yyerror function in...

10CVSS7.7AI score0.06082EPSS
Exploits2
Amazon
Amazon
added 2014/02/26 12:0 a.m.47 views

Important: libyaml

Issue Overview: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buff...

6.8CVSS7.2AI score0.09312EPSS
Exploits0
Amazon
Amazon
added 2014/02/26 12:0 a.m.42 views

Medium: curl

Issue Overview: cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Affected Packages: curl Issue Correction: Run yum update curl or yum...

4CVSS6.9AI score0.05599EPSS
Exploits1
Amazon
Amazon
added 2014/02/26 12:0 a.m.44 views

Medium: python26

Issue Overview: Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Affected Packages: python26 Issue Correction: Run yum update...

7.5CVSS8.8AI score0.28319EPSS
Exploits7
Amazon
Amazon
added 2014/02/26 12:0 a.m.33 views

Medium: python27

Issue Overview: Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Affected Packages: python27 Issue Correction: Run yum update...

7.5CVSS8.8AI score0.28319EPSS
Exploits7
Amazon
Amazon
added 2014/02/26 12:0 a.m.36 views

Medium: openldap

Issue Overview: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the session context while it is...

4.3CVSS5.5AI score0.10913EPSS
Exploits1
Amazon
Amazon
added 2014/02/26 12:0 a.m.47 views

Medium: ruby19

Issue Overview: Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a deni...

4.3CVSS8.3AI score0.03343EPSS
Exploits0
Amazon
Amazon
added 2014/02/26 12:0 a.m.62 views

Medium: kernel

Issue Overview: The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1...

7.2CVSS6.9AI score0.006EPSS
Exploits0
Amazon
Amazon
added 2014/02/03 12:0 a.m.87 views

Medium: augeas

Issue Overview: A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content. CVE-2013-6412 Affected Packages: augea...

4.6CVSS6.3AI score0.00368EPSS
Exploits0References1
Amazon
Amazon
added 2014/02/03 12:0 a.m.38 views

Low: puppet

Issue Overview: Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. Affected Packages: puppet Issue Correction: Run yum update puppet or yum update --advisory...

2.1CVSS6.5AI score0.00428EPSS
Exploits1
Amazon
Amazon
added 2014/02/03 12:0 a.m.38 views

Medium: graphviz-php

Issue Overview: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Affected Packages: graphviz-php Issue Correction: Run yum update graphviz-php or yum update --advisory...

9.3CVSS7.6AI score0.04886EPSS
Exploits1
Amazon
Amazon
added 2014/02/03 12:0 a.m.31 views

Important: libXfont

Issue Overview: A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. CVE-2013-6462 Affected...

9.3CVSS9.7AI score0.10254EPSS
Exploits1References1
Amazon
Amazon
added 2014/02/03 12:0 a.m.36 views

Medium: graphviz

Issue Overview: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Affected Packages: graphviz Issue Correction: Run yum update graphviz or yum update --advisory ALAS-2014-28...

9.3CVSS7.6AI score0.04886EPSS
Exploits1
Amazon
Amazon
added 2014/02/03 12:0 a.m.75 views

Important: java-1.6.0-openjdk

Issue Overview: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox...

10CVSS6.4AI score0.08383EPSS
Exploits1References1
Amazon
Amazon
added 2014/02/03 12:0 a.m.46 views

Medium: bind

Issue Overview: A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to...

2.6CVSS6.8AI score0.31671EPSS
Exploits1References1
Amazon
Amazon
added 2014/01/15 12:0 a.m.16 views

Medium: ca-certificates

Issue Overview: It was found that a subordinate Certificate Authority CA mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. Affected Packages: ca-certificates Issue Correction...

6.9AI score
Exploits0References1
Amazon
Amazon
added 2014/01/15 12:0 a.m.67 views

Critical: java-1.7.0-openjdk

Issue Overview: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox...

10CVSS6.4AI score0.08383EPSS
Exploits1References1
Amazon
Amazon
added 2014/01/14 12:0 a.m.67 views

Important: openssl

Issue Overview: A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. CVE-2013-6449 It was discovered...

5.8CVSS7.8AI score0.21174EPSS
Exploits1References1
Amazon
Amazon
added 2014/01/14 12:0 a.m.50 views

Important: openjpeg

Issue Overview: Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the...

7.5CVSS8.9AI score0.05515EPSS
Exploits0References1
Amazon
Amazon
added 2014/01/14 12:0 a.m.19 views

Medium: nss

Issue Overview: It was found that a subordinate Certificate Authority CA mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. Affected Packages: nss Issue Correction: Run yum...

6.9AI score
Exploits0References1
Amazon
Amazon
added 2014/01/14 12:0 a.m.31 views

Important: pixman

Issue Overview: An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash...

5CVSS7.7AI score0.0288EPSS
Exploits0References1
Amazon
Amazon
added 2014/01/14 12:0 a.m.34 views

Medium: quagga

Issue Overview: The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update. Affected Packages: quagga Issue Correction: Run yum update quagga or yum upda...

4.3CVSS6.6AI score0.02245EPSS
Exploits0
Amazon
Amazon
added 2014/01/14 12:0 a.m.38 views

Medium: varnish

Issue Overview: Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI. varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the lo...

5CVSS6.4AI score0.03025EPSS
Exploits3
Amazon
Amazon
added 2014/01/14 12:0 a.m.41 views

Important: xorg-x11-server

Issue Overview: An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. CVE-2013-6424 Affected...

5CVSS8.2AI score0.02879EPSS
Exploits0References1
Amazon
Amazon
added 2014/01/14 12:0 a.m.27 views

Medium: munin

Issue Overview: The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data. Munin::Master::Node in Munin before 2.0.18 allows remote...

5CVSS6.7AI score0.02502EPSS
Exploits0
Amazon
Amazon
added 2014/01/14 12:0 a.m.48 views

Medium: gnupg

Issue Overview: GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE:...

2.1CVSS6.8AI score0.00451EPSS
Exploits0
Amazon
Amazon
added 2013/12/17 12:0 a.m.55 views

Medium: libjpeg-turbo

Issue Overview: An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan SOS JPEG markers or Define Huffman Table DHT JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a...

5CVSS8.3AI score0.10117EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/17 12:0 a.m.44 views

Important: nspr

Issue Overview: A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the f...

7.5CVSS8.7AI score0.04399EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/17 12:0 a.m.51 views

Important: nss

Issue Overview: A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the f...

7.5CVSS8.7AI score0.04399EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/17 12:0 a.m.44 views

Medium: subversion

Issue Overview: The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request. The...

3.5CVSS8.5AI score0.07858EPSS
Exploits0
Amazon
Amazon
added 2013/12/17 12:0 a.m.29 views

Medium: ganglia

Issue Overview: Cross-site scripting XSS vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the hostregex parameter to the default URI, which is processed by getcontext.php. Affected Packages: ganglia Issue Correction: Ru...

4.3CVSS6AI score0.02199EPSS
Exploits1
Amazon
Amazon
added 2013/12/17 12:0 a.m.79 views

Critical: php

Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...

7.5CVSS8.2AI score0.35635EPSS
Exploits8
Amazon
Amazon
added 2013/12/17 12:0 a.m.70 views

Critical: php54

Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...

7.5CVSS8.6AI score0.35635EPSS
Exploits8
Amazon
Amazon
added 2013/12/17 12:0 a.m.62 views

Critical: php55

Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...

7.5CVSS8.6AI score0.35635EPSS
Exploits8
Amazon
Amazon
added 2013/12/17 12:0 a.m.48 views

Medium: glibc

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the...

5CVSS9.1AI score0.04113EPSS
Exploits3References1
Amazon
Amazon
added 2013/12/11 12:0 a.m.42 views

Low: coreutils

Issue Overview: It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those utilities by providing long input strings. CVE-2013-0221, CVE-2013-0222, CVE-2013-0223 Affected Packages: coreutils...

4.3CVSS5.7AI score0.07238EPSS
Exploits2References1
Amazon
Amazon
added 2013/12/11 12:0 a.m.47 views

Low: xorg-x11-server

Issue Overview: A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure...

2.1CVSS6.2AI score0.00376EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/11 12:0 a.m.46 views

Medium: openmpi

Issue Overview: A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. It was discovered that librdmacm used a static port to connect to the ibacm service. A local...

6.3CVSS6.4AI score0.02112EPSS
Exploits1
Amazon
Amazon
added 2013/12/11 12:0 a.m.47 views

Medium: dracut

Issue Overview: It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information...

2.1CVSS7.7AI score0.00364EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/11 12:0 a.m.33 views

Important: 389-ds-base

Issue Overview: It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights GER search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389...

4CVSS6.7AI score0.01992EPSS
Exploits0
Amazon
Amazon
added 2013/12/11 12:0 a.m.57 views

Low: kernel

Issue Overview: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for a 1 XFSIOCATTRLISTBYHANDLE or 2...

4CVSS6.8AI score0.00575EPSS
Exploits1
Amazon
Amazon
added 2013/12/11 12:0 a.m.42 views

Low: sudo

Issue Overview: A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing...

6.9CVSS8.1AI score0.03202EPSS
Exploits8References1
Amazon
Amazon
added 2013/12/03 12:0 a.m.42 views

Medium: mod_nss

Issue Overview: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed ...

4CVSS9.3AI score0.02003EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/03 12:0 a.m.45 views

Medium: mod24_nss

Issue Overview: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed ...

4CVSS9.3AI score0.02003EPSS
Exploits0References1
Amazon
Amazon
added 2013/12/02 12:0 a.m.42 views

Medium: wireshark

Issue Overview: Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. CVE-2013-3559, CVE-2013-4083 Several denial of service flaws were found in...

7.8CVSS6.9AI score0.037EPSS
Exploits11References1
Amazon
Amazon
added 2013/12/02 12:0 a.m.73 views

Medium: kernel

Issue Overview: The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that us...

7.1CVSS6.8AI score0.09408EPSS
Exploits2
Total number of security vulnerabilities8850