1272 matches found
Amazon Linux AMI : ImageMagick (ALAS-2023-1844)
The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1.29. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1844 advisory. A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to sizet in svg, mvg...
Amazon Linux AMI : mutt (ALAS-2023-1836)
The version of mutt installed on the remote host is prior to 1.5.20-7.20091214hg736b6a.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1836 advisory. Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 1.5.2 2.2.12 CVE-2023-4875...
Amazon Linux AMI : gsl (ALAS-2023-1851)
The version of gsl installed on the remote host is prior to 1.13-4.4. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1851 advisory. A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2....
Amazon Linux AMI : busybox (ALAS-2023-1832)
The version of busybox installed on the remote host is prior to 1.34.1-1.16. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1832 advisory. There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this...
Amazon Linux AMI : libtiff (ALAS-2023-1830)
The version of libtiff installed on the remote host is prior to 4.0.3-35.45. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1830 advisory. LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a...
Amazon Linux AMI : vim (ALAS-2023-1826)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1826 advisory. vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service DoS via the exbufferall method. CVE-2021-3236 Integer Overflow or Wraparound in GitHub...
Amazon Linux AMI : ghostscript (ALAS-2023-1835)
The version of ghostscript installed on the remote host is prior to 8.70-24.30. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1835 advisory. Buffer Overflow vulnerability in cljmediasize function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attacke...
Amazon Linux AMI : libtiff (ALAS-2023-1829)
The version of libtiff installed on the remote host is prior to 4.0.3-35.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1829 advisory. LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a...
Amazon Linux AMI : libssh2 (ALAS-2023-1834)
The version of libssh2 installed on the remote host is prior to 1.4.2-3.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1834 advisory. An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory...
Amazon Linux AMI : kernel (ALAS-2023-1827)
The version of kernel installed on the remote host is prior to 4.14.322-170.535. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1827 advisory. A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c...
Amazon Linux AMI : cups (ALAS-2023-1828)
The version of cups installed on the remote host is prior to 1.4.2-67.24. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1828 advisory. An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey...
Amazon Linux AMI : ruby20 (ALAS-2023-1824)
The version of ruby20 installed on the remote host is prior to 2.0.0.648-2.42. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1824 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. ...
Amazon Linux AMI : krb5 (ALAS-2023-1818)
It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1818 advisory. lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because...
Amazon Linux AMI : clamav (ALAS-2023-1820)
The version of clamav installed on the remote host is prior to 0.103.9-1.55. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1820 advisory. A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated,...
Amazon Linux AMI : python38 (ALAS-2023-1816)
The version of python38 installed on the remote host is prior to 3.8.5-1.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1816 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It...
Amazon Linux AMI : ca-certificates (ALAS-2023-1817)
The version of ca-certificates installed on the remote host is prior to 2018.2.22-65.1.31. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1817 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while...
Amazon Linux AMI : amazon-ssm-agent (ALAS-2023-1825)
The version of amazon-ssm-agent installed on the remote host is prior to 3.2.1377.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1825 advisory. The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker t...
Advisory ROSA-SA-2023-2223
Software: nss 3.53.1 OS: ROSA Virtualization 2.1 packageevrstring: nss-3.53.1-17.rv3.1c.src.rpm CVE-ID: CVE-2020-12403 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A bug was discovered in the way CHACHA20-POLY1305 is implemented in NSS in versions prior to 3.55. When using a Chacha20 consisting of...
Amazon Linux AMI : php70-pecl-imagick (ALAS-2023-1813)
The version of php70-pecl-imagick installed on the remote host is prior to 3.4.4-1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1813 advisory. ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c...
Amazon Linux AMI : php54-pecl-imagick (ALAS-2023-1810)
The version of php54-pecl-imagick installed on the remote host is prior to 3.4.4-2.11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1810 advisory. ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds....