Amazon Linux AMI : python-pip (ALAS-2020-1340)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1340 advisory. In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles...

Amazon Linux AMI : kernel (ALAS-2020-1338)

The version of kernel installed on the remote host is prior to 4.14.165-102.185. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1338 advisory. 2024-05-09: CVE-2019-19965 was added to this advisory. A flaw was found in the Linux kernel. The cryptoreport...

Important: libarchive

Issue Overview: archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol. CVE-2019-18408 Affected Packages: libarchive Note: This advisory is applicable to Amazon Linux 2 AL2 Co...

Medium: python-pip

Issue Overview: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. The cryptoreport function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. CVE-2019-19062 ...

Medium: systemd

Issue Overview: A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending...

Amazon Linux 2 : thunderbird (ALAS-2020-1386)

The version of thunderbird installed on the remote host is prior to 68.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1386 advisory. The plain text serializer used a fixed-size array for the number of Under certain conditions, when checking the Resis...

Amazon Linux 2 : 389-ds-base (ALAS-2020-1381)

The version of 389-ds-base installed on the remote host is prior to 1.3.9.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1381 advisory. A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values...

Amazon Linux 2 : golang, --advisory ALAS2-2020-1383 (ALAS-2020-1383)

The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1383 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...

Amazon Linux 2 : tcpdump (ALAS-2020-1385)

The version of tcpdump installed on the remote host is prior to 4.9.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1385 advisory. In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because...

Amazon Linux 2 : nss (ALAS-2020-1384)

The version of nss installed on the remote host is prior to 3.44.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1384 advisory. A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this...

Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia pronounced as shown here helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to...

Amazon Linux AMI : 389-ds-base (ALAS-2020-1334)

The version of 389-ds-base installed on the remote host is prior to 1.3.9.1-12.65. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1334 advisory. 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By...

Amazon Linux AMI : tomcat8 (ALAS-2020-1337)

The version of tomcat8 installed on the remote host is prior to 8.5.50-1.82. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1337 advisory. When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle...

Amazon Linux AMI : clamav (ALAS-2020-1335)

The version of clamav installed on the remote host is prior to 0.101.5-1.42. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1335 advisory. A vulnerability in the email parsing module Clam AntiVirus ClamAV Software versions 0.102.0, 0.101.4 and prior could allow an...

Amazon Linux AMI : golang (ALAS-2020-1336)

The version of golang installed on the remote host is prior to 1.13.4-1.57. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1336 advisory. It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header...

Low: golang

Issue Overview: No CVE associated with this advisory Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update golang or yum update...

Important: thunderbird

Issue Overview: The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3...

Amazon Linux AMI : mod_auth_mellon, mod24_auth_mellon (ALAS-2020-1331)

The version of mod24authmellon installed on the remote host is prior to 0.14.0-2.9. The version of modauthmellon installed on the remote host is prior to 0.13.1-1.6. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1331 advisory. modauthmellon through 0.14.2 has an Ope...

Amazon Linux AMI : mysql56 (ALAS-2020-1332)

The version of mysql56 installed on the remote host is prior to 5.6.46-1.35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1332 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Information Schema. Supported versions that are...