9378 matches found
Amazon Linux 2 : kernel (ALAS-2018-1086)
A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...
Amazon Linux 2 : ghostscript (ALAS-2018-1088)
It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...
Important: kernel
Issue Overview: NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the Amazon Linux 2 LTS release. The advisory release date does not accurately reflect the date this was fixed. An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged...
Medium: zsh
Issue Overview: An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line.CVE-2018-0502 It was discovered that zsh does not properly validate the shebang of input files and it truncates i...
Amazon Linux AMI : kernel (ALAS-2018-1086)
A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta...
Amazon Linux AMI : kernel (ALAS-2018-1087)
NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the 2018.03 AMI release. The advisory release date does not accurately reflect the date this was fixed. The actual date of the fix being released is: 2018-04-23. An integer overflow flaw was found in the Linux kernel's...
Amazon Linux AMI : mod_perl / mod24_perl (ALAS-2018-1085)
modperl allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users...
Amazon Linux 2 : bind (ALAS-2018-1082)
A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.CVE-2018-5740 %NASLMINLEVEL 70300 C Tenable...
Amazon Linux 2 : openssh (ALAS-2018-1075)
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.CVE-2018-15473 C Tenable Network...
Amazon Linux 2 : postgresql (ALAS-2018-1080)
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...
Amazon Linux AMI : procmail (ALAS-2018-1084)
A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.CVE-2017-16844 C Tenable Network Securit...
Amazon Linux AMI : squid (ALAS-2018-1081)
The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with...
Low: openssh
Issue Overview: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.CVE-2018-15473 Affecte...
Amazon Linux AMI : bind (ALAS-2018-1082)
A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.CVE-2018-5740 C Tenable Network Security, Inc...
Amazon Linux AMI : ntp (ALAS-2018-1083)
ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for...
Amazon Linux AMI : postgresql92 (ALAS-2018-1080)
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...
Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2018-1079)
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...
Amazon Linux 2 : mariadb (ALAS-2018-1078)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
Amazon Linux 2 : qemu-kvm (ALAS-2018-1073)
A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...
Amazon Linux 2 : mutt (ALAS-2018-1077)
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.CVE-2018-14362 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-1...