Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2013/06/11 12:0 a.m.46 views

Important: gnutls

Issue Overview: It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS...

5CVSS7AI score0.0644EPSS
Exploits1References1
Amazon
Amazon
added 2013/06/11 12:0 a.m.25 views

Low: openvpn

Issue Overview: The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the C...

2.6CVSS6.4AI score0.02813EPSS
Exploits1
Amazon
Amazon
added 2013/06/11 12:0 a.m.53 views

Important: tomcat6

Issue Overview: The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a...

6.9CVSS8AI score0.00372EPSS
Exploits1
Amazon
Amazon
added 2013/06/11 12:0 a.m.52 views

Medium: kernel

Issue Overview: Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service system crash or possibly execute arbitrary code via crafted firmware that specifies a lo...

6.2CVSS6.7AI score0.01039EPSS
Exploits3
Amazon
Amazon
added 2013/06/11 12:0 a.m.43 views

Medium: mesa

Issue Overview: An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the...

6.8CVSS7.5AI score0.02687EPSS
Exploits0References1
Amazon
Amazon
added 2013/05/24 12:0 a.m.62 views

Medium: httpd24

Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...

5.1CVSS8.5AI score0.24886EPSS
Exploits4References1
Amazon
Amazon
added 2013/05/24 12:0 a.m.40 views

Low: tomcat7

Issue Overview: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for...

2.6CVSS6.5AI score0.06501EPSS
Exploits2
Amazon
Amazon
added 2013/05/24 12:0 a.m.46 views

Medium: ruby19

Issue Overview: lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby19 Issue Correction: Run yum...

5CVSS8.5AI score0.06617EPSS
Exploits0
Amazon
Amazon
added 2013/05/24 12:0 a.m.34 views

Important: openswan

Issue Overview: A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled "oe=yes" in "/etc/ipsec.conf" and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records such as by...

6.8CVSS7.6AI score0.02406EPSS
Exploits0References1
Amazon
Amazon
added 2013/05/24 12:0 a.m.154 views

Medium: httpd

Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...

5.1CVSS8.5AI score0.24886EPSS
Exploits4References1
Amazon
Amazon
added 2013/05/14 12:0 a.m.59 views

Medium: nginx

Issue Overview: http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy...

7.5CVSS6.6AI score0.87475EPSS
Exploits18
Amazon
Amazon
added 2013/05/14 12:0 a.m.77 views

Medium: kernel

Issue Overview: The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call. Affected Packages: kernel Issue Correction: Run yum update kernel or yum...

8.4CVSS7.3AI score0.47709EPSS
Exploits15
Amazon
Amazon
added 2013/05/13 12:0 a.m.41 views

Medium: libxml2

Issue Overview: libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear...

4.3CVSS7.5AI score0.02972EPSS
Exploits0
Amazon
Amazon
added 2013/04/25 12:0 a.m.45 views

Important: mysql51

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. Affected Packages: mysql51 Issue Correction: Run yum update mysql51 or yum update --advisory ALAS-2013-186 to update your system. New...

6.5CVSS7.5AI score0.13175EPSS
Exploits2References1
Amazon
Amazon
added 2013/04/25 12:0 a.m.80 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check...

10CVSS8.7AI score0.86963EPSS
Exploits15References1
Amazon
Amazon
added 2013/04/25 12:0 a.m.46 views

Important: mysql55

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. Affected Packages: mysql55 Issue Correction: Run yum update mysql55 or yum update --advisory ALAS-2013-187 to update your system. New...

6.5CVSS7.5AI score0.13175EPSS
Exploits2References1
Amazon
Amazon
added 2013/04/18 12:0 a.m.65 views

Critical: java-1.7.0-openjdk

Issue Overview: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check...

10CVSS8.7AI score0.86963EPSS
Exploits21References1
Amazon
Amazon
added 2013/04/18 12:0 a.m.37 views

Low: 389-ds-base

Issue Overview: It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access ...

2.6CVSS6.5AI score0.02096EPSS
Exploits0References1
Amazon
Amazon
added 2013/04/18 12:0 a.m.44 views

Medium: krb5

Issue Overview: A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS Ticket-granting Server requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. CVE-2013-1416 Affected Packages: krb5 Issue...

4CVSS6.4AI score0.02921EPSS
Exploits0References1
Amazon
Amazon
added 2013/04/11 12:0 a.m.40 views

Medium: puppet

Issue Overview: The 1 template and 2 inlinetemplate functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog...

9CVSS7.6AI score0.04927EPSS
Exploits0
Amazon
Amazon
added 2013/04/11 12:0 a.m.42 views

Medium: subversion

Issue Overview: A NULL pointer dereference flaw was found in the way the moddavsvn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. CVE-2013-1849 A flaw was found in the way the moddavsvn module handl...

5CVSS8.8AI score0.51442EPSS
Exploits0References1
Amazon
Amazon
added 2013/04/11 12:0 a.m.47 views

Medium: lighttpd

Issue Overview: The httprequestsplitvalue function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service infinite loop via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header. Affected Packages:...

5CVSS6.7AI score0.12038EPSS
Exploits7
Amazon
Amazon
added 2013/04/04 12:0 a.m.52 views

Critical: postgresql9

Issue Overview: Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, v...

8.5CVSS9.2AI score0.54312EPSS
Exploits4
Amazon
Amazon
added 2013/04/04 12:0 a.m.51 views

Medium: perl

Issue Overview: A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the...

7.5CVSS9.6AI score0.61604EPSS
Exploits14References1
Amazon
Amazon
added 2013/04/04 12:0 a.m.36 views

Important: bind

Issue Overview: A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. CVE-2013-2266 Affected Packages: bind Iss...

7.8CVSS7AI score0.42851EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/26 12:0 a.m.48 views

Medium: httpd24

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...

4.3CVSS7.8AI score0.22913EPSS
Exploits3
Amazon
Amazon
added 2013/03/26 12:0 a.m.126 views

Medium: httpd

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...

4.3CVSS7.8AI score0.22913EPSS
Exploits3
Amazon
Amazon
added 2013/03/14 12:0 a.m.49 views

Medium: jakarta-commons-httpclient

Issue Overview: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate th...

5.8CVSS7.5AI score0.09254EPSS
Exploits0References1
Amazon
Amazon
added 2013/03/14 12:0 a.m.50 views

Medium: ruby

Issue Overview: It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML...

5CVSS8.7AI score0.06617EPSS
Exploits2References1
Amazon
Amazon
added 2013/03/14 12:0 a.m.42 views

Medium: gnutls

Issue Overview: It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding...

4CVSS6.8AI score0.0644EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/14 12:0 a.m.60 views

Important: java-1.6.0-openjdk

Issue Overview: An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges...

10CVSS10AI score0.85882EPSS
Exploits10References1
Amazon
Amazon
added 2013/03/14 12:0 a.m.37 views

Medium: cups

Issue Overview: It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary...

7.2CVSS8.7AI score0.02128EPSS
Exploits2References1
Amazon
Amazon
added 2013/03/14 12:0 a.m.79 views

Important: java-1.7.0-openjdk

Issue Overview: An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges...

10CVSS10AI score0.85882EPSS
Exploits10References1
Amazon
Amazon
added 2013/03/14 12:0 a.m.62 views

Medium: openssl

Issue Overview: It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS...

5CVSS7.8AI score0.35584EPSS
Exploits2References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.46 views

Medium: openssh

Issue Overview: Due to the way the pamsshagentauth PAM module was built, the glibc's error function was called rather than the intended error function in pamsshagentauth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application...

6.2CVSS7.2AI score0.00437EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.50 views

Medium: axis

Issue Overview: Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain...

5.8CVSS7.7AI score0.05722EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.47 views

Low: dhcp

Issue Overview: A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. CVE-2012-3955 Affected Packages:...

7.1CVSS6.5AI score0.21653EPSS
Exploits0References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.49 views

Medium: bind

Issue Overview: A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones RPZ. If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not...

7.1CVSS7.5AI score0.12036EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.53 views

Medium: dnsmasq

Issue Overview: It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of...

5CVSS8.7AI score0.05028EPSS
Exploits0References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.43 views

Medium: gdb

Issue Overview: GDB tried to auto-load certain files such as GDB scripts, Python scripts, and a thread debugging library from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that...

6.9CVSS8.2AI score0.0036EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.63 views

Medium: kernel

Issue Overview: It was found that a deadlock could occur in the Out of Memory OOM killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing requestmodule to be called. A local, unprivileged user could use this flaw to cause a denial of service excessive...

6.9CVSS6.6AI score0.01434EPSS
Exploits3References2
Amazon
Amazon
added 2013/03/02 12:0 a.m.44 views

Medium: pam

Issue Overview: A stack-based buffer overflow flaw was found in the way the pamenv module parsed users' "/.pamenvironment" files. If an application's PAM configuration contained "userreadenv=1" this is not the default, a local attacker could use this flaw to crash the application or, possibly,...

4.6CVSS6.8AI score0.00696EPSS
Exploits0References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.74 views

Important: java-1.6.0-openjdk

Issue Overview: An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2013-1486 It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protoc...

10CVSS7.2AI score0.35584EPSS
Exploits1References1
Amazon
Amazon
added 2013/03/02 12:0 a.m.40 views

Important: java-1.7.0-openjdk

Issue Overview: Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486, CVE-2013-1484 An improper permission check issue was discover...

10CVSS7.4AI score0.35584EPSS
Exploits1References1
Amazon
Amazon
added 2013/02/17 12:0 a.m.92 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple flaws were found in the way image parsers in the 2D an...

10CVSS8.8AI score0.08087EPSS
Exploits1References1
Amazon
Amazon
added 2013/02/17 12:0 a.m.81 views

Important: java-1.7.0-openjdk

Issue Overview: Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,...

10CVSS8.8AI score0.89987EPSS
Exploits10References1
Amazon
Amazon
added 2013/02/04 12:0 a.m.50 views

Medium: kernel, nvidia

Issue Overview: The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service guest crash by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption...

4.9CVSS6AI score0.00366EPSS
Exploits0
Amazon
Amazon
added 2013/02/04 12:0 a.m.46 views

Medium: php-ZendFramework

Issue Overview: The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via a...

5CVSS9.7AI score0.01705EPSS
Exploits0
Amazon
Amazon
added 2013/02/03 12:0 a.m.19 views

Important: nss

Issue Overview: It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL,...

7.1AI score
Exploits0References1
Amazon
Amazon
added 2013/02/03 12:0 a.m.43 views

Important: freetype

Issue Overview: A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format BDF fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute...

4.3CVSS7.4AI score0.03857EPSS
Exploits0References1
Total number of security vulnerabilities8850