9394 matches found
Amazon Linux AMI : librabbitmq (ALAS-2020-1394)
The version of librabbitmq installed on the remote host is prior to 0.1-0.2.hgfb6fca832fd2.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1394 advisory. An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflo...
Amazon Linux AMI : cairo (ALAS-2020-1392)
The version of cairo installed on the remote host is prior to 1.12.14-6.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1392 advisory. The fillxrgb32lerpopaquespans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denia...
Amazon Linux AMI : poppler (ALAS-2020-1398)
The version of poppler installed on the remote host is prior to 0.26.5-42.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1398 advisory. The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through...
Amazon Linux AMI : kernel (ALAS-2020-1382)
The version of kernel installed on the remote host is prior to 4.14.177-107.254. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1382 advisory. A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw...
Amazon Linux 2 : lftp (ALAS-2020-1453)
The version of lftp installed on the remote host is prior to 4.4.8-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1453 advisory. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of...
Amazon Linux AMI : libexif (ALAS-2020-1393)
The version of libexif installed on the remote host is prior to 0.6.21-6.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1393 advisory. An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information...
Amazon Linux 2 : advancecomp (ALAS-2020-1450)
The version of advancecomp installed on the remote host is prior to 1.15-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1450 advisory. In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which...
Amazon Linux AMI : mailman (ALAS-2020-1395)
The version of mailman installed on the remote host is prior to 2.1.15-30.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1395 advisory. Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject...
Amazon Linux 2 : patch (ALAS-2020-1457)
The version of patch installed on the remote host is prior to 2.7.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1457 advisory. In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...
Amazon Linux AMI : php72, php73 (ALAS-2020-1397)
The version of php72 installed on the remote host is prior to 7.2.31-1.23. The version of php73 installed on the remote host is prior to 7.3.19-1.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1397 advisory. In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18...
Amazon Linux 2 : file (ALAS-2020-1452)
The version of file installed on the remote host is prior to 5.11-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1452 advisory. The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds rea...
Amazon Linux 2 : curl (ALAS-2020-1451)
The version of curl installed on the remote host is prior to 7.61.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1451 advisory. command line arguments lead to local file overwrite CVE-2020-8177 Tenable has extracted the preceding description block directly fro...
Amazon Linux AMI : squid (ALAS-2020-1386)
The version of squid installed on the remote host is prior to 3.5.20-15.39. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1386 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gai...
Amazon Linux 2 : qt (ALAS-2020-1458)
The version of qt installed on the remote host is prior to 4.8.5-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1458 advisory. An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...
Amazon Linux 2 : ntp (ALAS-2020-1455)
The version of ntp installed on the remote host is prior to 4.2.6p5-29. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1455 advisory. ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or...
Amazon Linux 2 : net-snmp (ALAS-2020-1454)
The version of net-snmp installed on the remote host is prior to 5.7.2-48. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1454 advisory. snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticate...
Medium: patch
Issue Overview: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVE-2019-13636 Affected Packages: patch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for t...
Medium: openssl11
Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...
Medium: advancecomp
Issue Overview: In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read. CVE-2019-9210 Affected Packages:...
Medium: lftp
Issue Overview: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled...