Low: gdb

Issue Overview: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. CVE-2023-39128 GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

Medium: python-pip

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python-pip Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-014)

The version of python38 installed on the remote host is prior to 3.8.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2024-014 advisory. The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2024-072 (ALASKERNEL-5.10-2024-072)

The version of kernel installed on the remote host is prior to 5.10.227-219.884. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-072 advisory. In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release...

Amazon Linux 2 : qt5-qtwebsockets (ALAS-2024-2661)

The version of qt5-qtwebsockets installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2661 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Amazon Linux 2 : qt5-qtx11extras (ALAS-2024-2660)

The version of qt5-qtx11extras installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2660 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Amazon Linux 2 : qt5-qtxmlpatterns (ALAS-2024-2674)

The version of qt5-qtxmlpatterns installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2674 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Medium: cups-filters

Issue Overview: CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source,...

Amazon Linux 2 : qt5-qtgraphicaleffects (ALAS-2024-2672)

The version of qt5-qtgraphicaleffects installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2672 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6...

Amazon Linux 2 : qt5-qtserialport (ALAS-2024-2665)

The version of qt5-qtserialport installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2665 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Amazon Linux 2 : pcp (ALAS-2024-2657)

The version of pcp installed on the remote host is prior to 4.3.2-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2657 advisory. A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has access to a compromised PCP...

Amazon Linux 2 : qt5 (ALAS-2024-2675)

The version of qt5 installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2675 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x...

Amazon Linux 2 : qt5-qtconnectivity (ALAS-2024-2673)

The version of qt5-qtconnectivity installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2673 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Amazon Linux 2 : kernel (ALAS-2024-2658)

The version of kernel installed on the remote host is prior to 4.14.353-270.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2658 advisory. In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver AP...

Amazon Linux 2 : qt5-qt3d (ALAS-2024-2659)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2659 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7...

Amazon Linux 2 : qt5-qtmultimedia (ALAS-2024-2669)

The version of qt5-qtmultimedia installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2669 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Medium: pcp

Issue Overview: A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with...

Medium: python38

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

Medium: OpenIPMI

Issue Overview: openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator CVE-2024-42934 Affected Packages: OpenIPMI Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extra...

Medium: unbound

Issue Overview: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying...