Lucene search
K
AmazonRecent

8850 matches found

Amazon
Amazon
added 2012/07/05 12:0 a.m.45 views

Low: mysql51

Issue Overview: A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatical...

3.5CVSS6.4AI score0.02094EPSS
Exploits1References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.28 views

Medium: net-snmp

Issue Overview: An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base MIB subtree handled by the "extend" directive in...

3.5CVSS6.6AI score0.02167EPSS
Exploits0References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.37 views

Medium: postgresql8

Issue Overview: A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string w...

4.3CVSS9.1AI score0.05734EPSS
Exploits1References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.52 views

Medium: php

Issue Overview: Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based...

7.5CVSS9.8AI score0.42481EPSS
Exploits1
Amazon
Amazon
added 2012/07/05 12:0 a.m.78 views

Low: busybox

Issue Overview: A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or,...

7.5CVSS8.1AI score0.05422EPSS
Exploits2References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.52 views

Medium: openldap

Issue Overview: A denial of service flaw was found in the way the OpenLDAP server daemon slapd processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd,...

2.6CVSS5.5AI score0.03691EPSS
Exploits1References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.39 views

Low: python26

Issue Overview: A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting da...

5CVSS8.2AI score0.0562EPSS
Exploits7References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.30 views

Low: php-pecl-apc

Issue Overview: A cross-site scripting XSS flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack...

4.3CVSS6AI score0.01919EPSS
Exploits0References1
Amazon
Amazon
added 2012/07/05 12:0 a.m.56 views

Medium: kernel

Issue Overview: A flaw was found in the way the Linux kernel's Event Poll epoll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. A malicious Network File System version 4 NFSv4 server could return a crafted reply to a...

4.9CVSS6.2AI score0.00795EPSS
Exploits1References1
Amazon
Amazon
added 2012/06/19 12:0 a.m.28 views

Low: quagga

Issue Overview: The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN...

2.9CVSS8.9AI score0.01056EPSS
Exploits0
Amazon
Amazon
added 2012/06/19 12:0 a.m.39 views

Medium: postgresql9

Issue Overview: The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain...

4.3CVSS9.3AI score0.05734EPSS
Exploits0
Amazon
Amazon
added 2012/06/19 12:0 a.m.53 views

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711, CVE-2012-1719 It was...

10CVSS9.7AI score0.93688EPSS
Exploits9References1
Amazon
Amazon
added 2012/06/19 12:0 a.m.43 views

Medium: expat

Issue Overview: A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. T...

5CVSS7.2AI score0.05724EPSS
Exploits0References1
Amazon
Amazon
added 2012/06/11 12:0 a.m.14 views

Medium: socat

Issue Overview: Heap-based buffer overflow in the xioscanreadline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. Affected Packages: socat Issue Correction: Run yum update socat or yum...

6.2CVSS7.8AI score0.00455EPSS
Exploits0
Amazon
Amazon
added 2012/06/11 12:0 a.m.30 views

Medium: python-crypto

Issue Overview: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. Affected Packages:...

4.3CVSS8.1AI score0.02727EPSS
Exploits2
Amazon
Amazon
added 2012/06/10 12:0 a.m.49 views

Medium: kernel

Issue Overview: It was found that the datalen parameter of the sockallocsendpskb function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their...

7.2CVSS6.5AI score0.00583EPSS
Exploits2References1
Amazon
Amazon
added 2012/06/10 12:0 a.m.42 views

Important: bind

Issue Overview: A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of...

8.5CVSS7.1AI score0.13538EPSS
Exploits2References1
Amazon
Amazon
added 2012/06/10 12:0 a.m.49 views

Medium: openssl

Issue Overview: An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS Datagram Transport Layer Security application data record lengths when using a block cipher in CBC cipher-block chaining mode. A malicious DTLS client or server could use this flaw ...

6.8CVSS9AI score0.28154EPSS
Exploits0References1
Amazon
Amazon
added 2012/05/23 12:0 a.m.38 views

Medium: postgresql8

Issue Overview: The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later...

6.8CVSS8.3AI score0.03625EPSS
Exploits1References1
Amazon
Amazon
added 2012/05/21 12:0 a.m.40 views

Medium: python27

Issue Overview: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of dat...

5CVSS7.9AI score0.0562EPSS
Exploits2
Amazon
Amazon
added 2012/05/21 12:0 a.m.41 views

Medium: python26

Issue Overview: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of dat...

5CVSS7.9AI score0.0562EPSS
Exploits2
Amazon
Amazon
added 2012/05/21 12:0 a.m.37 views

Medium: rubygems

Issue Overview: RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Affected Packages: rubygems Issue Correction: Run yum update rubygems or yum update --advisory...

5.8CVSS6.6AI score0.02477EPSS
Exploits0
Amazon
Amazon
added 2012/05/21 12:0 a.m.41 views

Low: kernel

Issue Overview: The rioioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. Affected Packages: kernel Issue Correction: Run yum...

1.2CVSS6.4AI score0.00556EPSS
Exploits1
Amazon
Amazon
added 2012/05/09 12:0 a.m.57 views

Critical: php

Issue Overview: A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and argument...

9.8CVSS10AI score0.99998EPSS
Exploits42References1
Amazon
Amazon
added 2012/05/08 12:0 a.m.41 views

Medium: ImageMagick

Issue Overview: A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code...

8.8CVSS7.6AI score0.03816EPSS
Exploits1References1
Amazon
Amazon
added 2012/05/08 12:0 a.m.32 views

Medium: puppet

Issue Overview: Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack ...

2.1CVSS6.6AI score0.0147EPSS
Exploits0
Amazon
Amazon
added 2012/05/08 12:0 a.m.31 views

Important: nginx

Issue Overview: Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4...

6.8CVSS7.9AI score0.09629EPSS
Exploits1
Amazon
Amazon
added 2012/05/02 12:0 a.m.35 views

Important: openssl

Issue Overview: Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO...

7.5CVSS8.9AI score0.48298EPSS
Exploits8References1
Amazon
Amazon
added 2012/05/02 12:0 a.m.42 views

Important: openssl098e

Issue Overview: Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO...

7.5CVSS8.9AI score0.48298EPSS
Exploits8References1
Amazon
Amazon
added 2012/04/30 12:0 a.m.36 views

Medium: wireshark

Issue Overview: Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could...

4.3CVSS7.9AI score0.0859EPSS
Exploits1References1
Amazon
Amazon
added 2012/04/30 12:0 a.m.28 views

Medium: quagga

Issue Overview: Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service daemon crash via a Link State Update aka LS Update packet containing a network-LSA link-state advertisement for which the data-structure length is...

3.3CVSS9.3AI score0.01316EPSS
Exploits0
Amazon
Amazon
added 2012/04/30 12:0 a.m.30 views

Important: freetype

Issue Overview: Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. Affected Packages: freetype Issue Correction: Run yum update freetype or...

10CVSS6.7AI score0.05637EPSS
Exploits0References1
Amazon
Amazon
added 2012/04/30 12:0 a.m.65 views

Medium: libpng

Issue Overview: A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the...

6.8CVSS9.3AI score0.06593EPSS
Exploits0References1
Amazon
Amazon
added 2012/04/30 12:0 a.m.28 views

Important: libtiff

Issue Overview: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application...

6.8CVSS9.4AI score0.06918EPSS
Exploits0References1
Amazon
Amazon
added 2012/04/30 12:0 a.m.25 views

Low: perl-YAML-LibYAML

Issue Overview: Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML aka YAML-LibYAML and perl-YAML-LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service process crash via format string specifiers in a 1 YAML stream to the Loa...

5CVSS6.9AI score0.02426EPSS
Exploits0
Amazon
Amazon
added 2012/04/30 12:0 a.m.33 views

Medium: nvidia

Issue Overview: The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. Affected Packages: nvidia Issue Correction: Run yum update nvidia or yum update --advisory ALAS-2012-67 to update your system. New...

4.6CVSS6.6AI score0.00725EPSS
Exploits0
Amazon
Amazon
added 2012/04/05 12:0 a.m.20 views

Low: iproute

Issue Overview: iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script. Affected Packages: iproute Issue Correction: Run yum update iproute or yum update --advisory ALAS-2012-64 to update...

3.3CVSS6.5AI score0.00352EPSS
Exploits0
Amazon
Amazon
added 2012/04/05 12:0 a.m.49 views

Medium: openssl

Issue Overview: A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions S/MIME messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. CVE-2012-1165 A flaw was found in the...

5CVSS8.8AI score0.13075EPSS
Exploits0References1
Amazon
Amazon
added 2012/04/05 12:0 a.m.31 views

Important: libtasn1

Issue Overview: A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input such as an X.509 certificate that, when parsed by an application that uses libtasn1 such as applications using GnuTLS, could cause the application to crash...

5CVSS7.9AI score0.0446EPSS
Exploits1References1
Amazon
Amazon
added 2012/04/05 12:0 a.m.37 views

Medium: nginx

Issue Overview: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Affected Packages: nginx Issue Correction: Run yum updat...

5CVSS6.4AI score0.10417EPSS
Exploits1
Amazon
Amazon
added 2012/04/05 12:0 a.m.48 views

Important: rpm

Issue Overview: Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library such as the rpm...

6.8CVSS8.4AI score0.04779EPSS
Exploits0References1
Amazon
Amazon
added 2012/04/05 12:0 a.m.32 views

Important: gnutls

Issue Overview: A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. CVE-2012-1573 A boundary error was found in the gnutlssessiongetdata...

5CVSS8.6AI score0.04202EPSS
Exploits1References1
Amazon
Amazon
added 2012/03/23 12:0 a.m.43 views

Medium: glibc

Issue Overview: An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit th...

6.8CVSS9.7AI score0.02717EPSS
Exploits5References1
Amazon
Amazon
added 2012/03/23 12:0 a.m.33 views

Medium: libpng

Issue Overview: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with t...

8.8CVSS9.9AI score0.03567EPSS
Exploits0References1
Amazon
Amazon
added 2012/03/23 12:0 a.m.51 views

Medium: kernel

Issue Overview: The ExecShield feature does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. Affected...

1.9CVSS6.7AI score0.00358EPSS
Exploits1
Amazon
Amazon
added 2012/03/16 12:0 a.m.75 views

Medium: kernel

Issue Overview: A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk...

7.8CVSS6.3AI score0.20492EPSS
Exploits14References1
Amazon
Amazon
added 2012/03/15 12:0 a.m.24 views

Medium: systemtap

Issue Overview: An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kern...

5.4CVSS6.3AI score0.0035EPSS
Exploits0References1
Amazon
Amazon
added 2012/03/15 12:0 a.m.39 views

Medium: puppet

Issue Overview: Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. The changeuser method in...

6.9CVSS6.8AI score0.00384EPSS
Exploits0
Amazon
Amazon
added 2012/03/04 12:0 a.m.29 views

Medium: libxml2

Issue Overview: It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization...

5CVSS9.3AI score0.03167EPSS
Exploits0References1
Amazon
Amazon
added 2012/03/04 12:0 a.m.43 views

Medium: texlive

Issue Overview: TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics AFM files. If a specially-crafted...

7.6CVSS7.8AI score0.1427EPSS
Exploits0References1
Total number of security vulnerabilities8850