Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

Medium: vim

Issue Overview: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory...

Important: kernel-livepatch-4.14.328-248.540

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

Low: libpq

Issue Overview: No CVE associated with this advisory Affected Packages: libpq Note: This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 A use-after-free flaw was found in the netfilter subsystem of...

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. CVE-2023-42883 The issue was addresse...

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

Important: wireshark

Issue Overview: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVE-2024-0208 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Medium: qt5-qtbase

Issue Overview: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Affected Packages: qt5-qtbase...

Low: traceroute

Issue Overview: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVE-2023-46316 Affected Packages: traceroute Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

Important: kernel

Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...

Low: java-1.8.0-amazon-corretto

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-amazon-corretto Note: This advisory is applicable to Amazon Linux 2 - Corretto8 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2...

Medium: dmidecode

Issue Overview: Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630 Affected Packages: dmidecode Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...

Medium: ncurses

Issue Overview: NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component ncwrapentry. CVE-2023-50495 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Medium: libXpm

Issue Overview: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVE-2023-43786 Affected Packages: libXpm Note: This advisory is applicable ...

Medium: ecs-init

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to...

Medium: haproxy2

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...

Medium: avahi

Issue Overview: A reachable assertion was found in avahirdataparse. CVE-2023-38472 Affected Packages: avahi Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum upda...