3307 matches found
Amazon Linux 2 : golang (ALAS-2018-1011)
Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows 'go get' remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git...
Amazon Linux 2 : krb5 (ALAS-2018-1010)
Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate...
Amazon Linux 2 : libvncserver (ALAS-2018-1012)
Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly...
Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1007)
Unbounded memory allocation during deserialization in NamedNodeMapImpl JAXP, 8189993 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit:...
Medium: ntp
Issue Overview: Ephemeral association time spoofing additional protection ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modif...
Low: libvpx
Issue Overview: Denial of service DoS in vpx/src/vpximage.c file A vulnerability in the Android media framework libvpx related to odd frame width.CVE-2017-13194 Affected Packages: libvpx Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Medium: krb5
Issue Overview: Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to...
Medium: libvncserver
Issue Overview: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or...
Amazon Linux 2 : pcs (ALAS-2018-1005)
Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
Amazon Linux 2 : openssl (ALAS-2018-1004)
bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...
Amazon Linux 2 : PackageKit (ALAS-2018-1006)
Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable...
Important: pcs
Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...
Medium: PackageKit
Issue Overview: Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install...
Medium: openssl
Issue Overview: bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...
Amazon Linux 2 : curl (ALAS-2018-995)
FTP path trickery leads to NIL byte out of bounds write : It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location,...
Amazon Linux 2 : kernel (ALAS-2018-994)
Race condition in the storeintwithrestart function in cpu/mcheck/mce.c : A race condition in the storeintwithrestart function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service panic by leveraging root access to write to the checkinterval file ...
Amazon Linux 2 : slf4j (ALAS-2018-999)
Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution : An XML deserialization vulnerability was discovered in slf4j's EventData which accepts anXML serialized string and can lead to arbitrary code execution. CVE-2018-8088 C Tenable Network Security, Inc. T...
Amazon Linux 2 : librelp (ALAS-2018-998)
Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c : rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote...
Medium: curl
Issue Overview: FTP path trickery leads to NIL byte out of bounds write: It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an...
Important: slf4j
Issue Overview: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution: An XML deserialization vulnerability was discovered in slf4j's EventData which accepts anXML serialized string and can lead to arbitrary code execution. CVE-2018-8088 Affected Packages:...