Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 53348 in total

Amazon Linux AMI: Security patch for python-simplejson (ALAS-2014-374) (CVE-2014-4616) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.

Quoting the upstream bug report:

The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scans...

Amazon Linux AMI: Security patch for ImageMagick (ALAS-2014-336) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick.

A buffer overflow flaw ...

Amazon Linux AMI: Security patch for chrony (ALAS-2014-366) (CVE-2014-0021) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was reported that the cmdmon protocol implemented in chrony was found to be vulnerable to DDoS attacks using traffic amplification. By default, commands are allowed only from localhost, but it's possible to configure chronyd to allow commands from any address. This could allow a remote attacker to cause a DoS, which could cause excess...

RHSA-2014:1307: nss security update Vulnerability

  • Severity: 4
  • Published: September 25, 2014

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) i...

Amazon Linux AMI: Security patch for lzo (ALAS-2014-373) (CVE-2014-4607) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code. (C...

Amazon Linux AMI: Security patch for perl-Capture-Tiny (ALAS-2014-358) (CVE-2014-1875) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was found [1] that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files:

./lib/Capture/Tiny.pm: $stash->{flag_files}{$which} = scalar tmpnam();

This module makes use of the mktemp() function when called in the scalar context, which creates s...

Sun Patch: SunOS 5.9: bash patch Vulnerability

  • Severity: 10
  • Published: September 25, 2014

From Sun Patch 149079-01

Sun has released a security patch addressing the following issues:

19678459 problem with bash 19682871 problem with bash

Amazon Linux AMI: Security patch for python27 (ALAS-2014-380) (CVE-2014-4616) Vulnerability

  • Severity: 4
  • Published: September 25, 2014

It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.

Quoting the upstream bug report:

The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scans...