Amazon Linux 2 : gstreamer1-plugins-base (ALAS-2024-2592)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2592 advisory. GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows...

Amazon Linux 2 : krb5 (ALAS-2024-2595)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2595 advisory. krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wi...

Amazon Linux 2 : gstreamer-plugins-base (ALAS-2024-2593)

The version of gstreamer-plugins-base installed on the remote host is prior to 0.10.36-18. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2593 advisory. GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-046)

The version of kernel installed on the remote host is prior to 5.15.162-107.160. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-046 advisory. 2024-08-27: CVE-2024-42096 was added to this advisory. 2024-08-27: CVE-2024-42070 was added to this...

Amazon Linux 2 : libreswan (ALAS-2024-2596)

The version of libreswan installed on the remote host is prior to 3.25-4.8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2596 advisory. The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. Wh...

Amazon Linux 2 : ghostscript (ALAS-2024-2597)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2597 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2024-039 (ALASECS-2024-039)

The version of ecs-init installed on the remote host is prior to 1.84.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-039 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

Amazon Linux 2 : mariadb (ALASMARIADB10.5-2024-006)

The version of mariadb installed on the remote host is prior to 10.5.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MARIADB10.5-2024-006 advisory. MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11....

Important: audiofile

Issue Overview: Buffer overflow in the afReadFrames function in audiofile aka libaudiofile and Audio File Library allows user-assisted remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted audio file, as demonstrated by...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Medium: mariadb

Issue Overview: MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

Medium: libreswan

Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...

Important: gstreamer-plugins-base

Issue Overview: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Amazon Linux 2 : kernel, --advisory ALAS2-2024-2588 (ALAS-2024-2588)

The version of kernel installed on the remote host is prior to 4.14.344-262.563. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2588 advisory. kernel: Type confusion in picknextrtentity, which can result in memory corruption. CVE-2023-1077 In the Linux...

Amazon Linux 2 : thunderbird (ALAS-2024-2583)

The version of thunderbird installed on the remote host is prior to 115.12.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2583 advisory. Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of...

Amazon Linux 2 : R (ALASR3.4-2024-001)

The version of R installed on the remote host is prior to 3.4.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2R3.4-2024-001 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not...

Amazon Linux 2 : harfbuzz (ALAS-2024-2587)

The version of harfbuzz installed on the remote host is prior to 1.7.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2587 advisory. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the proces...

Amazon Linux 2 : pki-core (ALAS-2024-2586)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2586 advisory. A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an...

Amazon Linux 2 : kernel (ALAS-2024-2584)

The version of kernel installed on the remote host is prior to 4.14.345-262.561. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2584 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for...