9396 matches found
Amazon Linux AMI : tomcat7 (ALAS-2013-191)
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...
Amazon Linux AMI : ca-certificates (ALAS-2011-03)
This update includes the latest updates to the root Certificate Authority list from Mozilla. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed ...
Amazon Linux AMI : glibc (ALAS-2012-120)
Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation strtod, strtof, and strtold. If an application used such a function on attacker controlled input, it could cause the application to crash o...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)
Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...
Amazon Linux AMI : nss (ALAS-2012-108)
A flaw was found in the way the ASN.1 Abstract Syntax Notation One decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially crafted...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-183)
Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384 Multiple improper permission check issues were...
Amazon Linux AMI : quagga (ALAS-2012-70)
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service daemon crash via a Link State Update aka LS Update packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the...
Amazon Linux AMI : postgresql9 (ALAS-2013-178)
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...
Amazon Linux AMI : postgresql8 (ALAS-2012-82)
The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by a SQL command. This SQL command might then be executed by a privileged user during later restore of the...
Amazon Linux AMI : fetchmail (ALAS-2012-132)
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to 1 cause a denial of service crash and delayed delivery of inbound mail via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or 2 obtain sensitive informati...
Amazon Linux AMI : freetype (ALAS-2012-66)
Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Amazon Linux AMI : httpd (ALAS-2012-46)
It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...
Amazon Linux AMI : bind (ALAS-2013-158)
A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones RPZ. If a remote attacker sent a specially crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by...
Amazon Linux AMI : glibc (ALAS-2012-57)
An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such...
Amazon Linux AMI : cups (ALAS-2013-170)
It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the...
Amazon Linux AMI : openssl (ALAS-2012-72)
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...
Amazon Linux AMI : kernel (ALAS-2012-45)
The journalunmapbuffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the Delay and Unwritten buffer head states, which allows local users to cause a denial of service system crash by leveraging the presence of an ext4 filesystem that was mounted with ...
Amazon Linux AMI : cacti (ALAS-2011-23)
The release notes for Cacti 0.8.7h indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2011-23...
Amazon Linux AMI : nginx (ALAS-2011-30)
Heap-based buffer overflow in compression-pointer processing in core/ngxresolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service daemon crash or possibly have unspecified other impact via a long response. C Tenable Network Security, Inc. The descriptive text and...
Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2013-169)
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...