Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

Amazon Linux 2 : transfig (ALAS-2020-1398)

The version of transfig installed on the remote host is prior to 3.2.7b-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1398 advisory. readcolordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. CVE-2019-19797 makearrow in arrow.c in Xfig...

Medium: transfig

Issue Overview: readcolordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. CVE-2019-19797 makearrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. CVE-2019-19746 Affected Packages: transfi...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2020-1345)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0.50. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1345 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking...

Amazon Linux 2 : sqlite (ALAS-2020-1394)

The version of sqlite installed on the remote host is prior to 3.7.17-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1394 advisory. Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corrupti...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1396)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1396 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Support...

Amazon Linux AMI : openssl (ALAS-2020-1344)

The version of openssl installed on the remote host is prior to 1.0.2k-16.151. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1344 advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

Medium: qt5-qtbase

Issue Overview: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.CVE-2018-19870 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML...

Amazon Linux 2 : apache-commons-beanutils (ALAS-2020-1395)

The version of apache-commons-beanutils installed on the remote host is prior to 1.8.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1395 advisory. In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the abilit...

Amazon Linux AMI : libarchive (ALAS-2020-1343)

The version of libarchive installed on the remote host is prior to 3.1.2-14.15. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1343 advisory. archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain...

Important: apache-commons-beanutils

Issue Overview: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the...

Amazon Linux 2 : thunderbird (ALAS-2020-1393)

The version of thunderbird installed on the remote host is prior to 68.4.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1393 advisory. When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace...

Amazon Linux AMI : python27, python35, python36 (ALAS-2020-1342)

The version of python27 installed on the remote host is prior to 2.7.16-1.131. The version of python35 installed on the remote host is prior to 3.5.7-1.25. The version of python36 installed on the remote host is prior to 3.6.10-1.16. It is, therefore, affected by a vulnerability as referenced in...

Important: thunderbird

Issue Overview: When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR tag from the clipboard into...

Amazon Linux 2 : kernel (ALAS-2020-1392)

The version of kernel installed on the remote host is prior to 4.14.165-131.185. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1392 advisory. 2024-05-09: CVE-2019-19965 was added to this advisory. A flaw was found in the Linux kernel. The cryptoreport...

Amazon Linux AMI : spamassassin (ALAS-2020-1341)

The version of spamassassin installed on the remote host is prior to 3.4.3-2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1341 advisory. In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA...

Amazon Linux 2 : systemd (ALAS-2020-1388)

The version of systemd installed on the remote host is prior to 219-57. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1388 advisory. A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus...

Amazon Linux 2 : python-pip (ALAS-2020-1389)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1389 advisory. In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles...

Amazon Linux 2 : python-reportlab (ALAS-2020-1390)

The version of python-reportlab installed on the remote host is prior to 2.5-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1390 advisory. ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted X...

Amazon Linux AMI : python-pip (ALAS-2020-1340)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1340 advisory. In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles...