3307 matches found
Medium: fontforge
Issue Overview: Splinefont in FontForge through 20230101 allows command injection via crafted filenames. CVE-2024-25081 Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. CVE-2024-25082 Affected Packages: fontforge Note: This advisory is...
Low: thunderbird
Issue Overview: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-012)
The version of tomcat installed on the remote host is prior to 9.0.83-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2024-012 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through...
Amazon Linux 2 : ipa (ALAS-2024-2498)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2498 advisory. A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a...
Amazon Linux 2 : edk2, --advisory ALAS2-2024-2502 (ALAS-2024-2502)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2502 advisory. A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash...
Medium: pcs
Issue Overview: A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. CVE-2024-25126 A Denia...
Amazon Linux 2 : grub2 (ALAS-2024-2499)
The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2499 advisory. A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...
Amazon Linux 2 : rust (ALAS-2024-2496)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2496 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to...
Amazon Linux 2 : c-ares (ALAS-2024-2494)
The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2494 advisory. c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as...
Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-010)
The version of libpq installed on the remote host is prior to 14.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-010 advisory. In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos...
Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2024-010)
The version of libpq installed on the remote host is prior to 12.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-010 advisory. In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos...
Amazon Linux 2 : rust (ALAS-2024-2504)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2504 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE:...
Amazon Linux 2 : squid (ALAS-2024-2500)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2500 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a...
Amazon Linux 2 : pcs (ALAS-2024-2492)
The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2492 advisory. A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content typ...
Amazon Linux 2 : ruby (ALAS-2024-2503)
The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2503 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant ...
Amazon Linux 2 : thunderbird (ALAS-2024-2497)
The version of thunderbird installed on the remote host is prior to 115.8.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2497 advisory. The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message i...
Medium: microcode_ctl
Issue Overview: Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2023-38575 Protection mechanism failure of bus lock regulator for some Intel® Processors m...
Amazon Linux 2 : microcode_ctl (ALAS-2024-2491)
The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2491 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized...
Important: engrampa
Issue Overview: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlin...
Amazon Linux 2 : engrampa (ALASMATE-DESKTOP1.X-2024-008)
The version of engrampa installed on the remote host is prior to 1.24.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-008 advisory. Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal...