9382 matches found
Amazon Linux AMI : golang (ALAS-2019-1172)
Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks. CVE-2019-6486 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazo...
Amazon Linux AMI : httpd24 (ALAS-2019-1166)
In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modssl handled client...
Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go
Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. Twitter: @vulsen DEMO Abstract For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for...
Amazon Linux 2 : kernel (ALAS-2019-1167)
In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system.CVE-2019-8912 C Tenable Network Security,...
Amazon Linux 2 : libXcursor (ALAS-2019-1173)
XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.CVE-2015-9262 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Amazon Linux 2 : golang (ALAS-2019-1172)
Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks.CVE-2019-6486 Note: This CVE is also fixed in golang-1.11.3-2.amzn2.0.2 in the golang1.11 extras repository. C Tenable Network...
Amazon Linux 2 : libwmf (ALAS-2019-1174)
The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected.CVE-2019-6978 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security...
Amazon Linux 2 : kernel (ALAS-2019-1165)
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...
Amazon Linux 2 : bind (ALAS-2019-1170)
Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most...
Amazon Linux 2 : perl (ALAS-2019-1166)
Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations.CVE-2018-18311 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory ALAS-2019-1166. include'compat.inc'; if...
Amazon Linux 2 : polkit (ALAS-2019-1171)
A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.CVE-2019-61...
Amazon Linux 2 : python3 (ALAS-2019-1169)
A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...
Medium: python3
Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...
Medium: golang
Issue Overview: Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks.CVE-2019-6486 Note: This CVE is also fixed in golang-1.11.3-2.amzn2.0.2 in the golang1.11 extras repository...
Low: libXcursor
Issue Overview: XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.CVE-2015-9262 Affected Packages: libXcursor Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Low: libwmf
Issue Overview: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected.CVE-2019-6978 Affected Packages: libwmf Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...
Important: kernel
Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system.CVE-2019-8912 Affected...
Important: perl
Issue Overview: Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations.CVE-2018-18311 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Amazon Linux 2 : systemd (ALAS-2019-1164)
It was found that busprocessobject in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the...
Amazon Linux 2 : curl (ALAS-2019-1162)
libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM serv...