8850 matches found
Medium: kernel
Issue Overview: The dotkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a 1 tkill or 2 tgkill system call. The...
Medium: python-pip
Issue Overview: A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interfac...
Medium: mysql-connector-java
Issue Overview: Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
Medium: babel
Issue Overview: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution. CVE-2021-42771 Affected Packages: babel Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Medium: glibc
Issue Overview: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potential...
Medium: golang
Issue Overview: A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. CVE-2021-36221 Affected Packages: golang Issue...
Medium: curl
Issue Overview: A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPTCONNECTONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to...
Medium: python35
Issue Overview: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of...
Medium: mysql57
Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multipl...
Medium: python34, python35
Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Pyth...
Medium: gnome-shell
Issue Overview: It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. CVE-2019-3820 Affected...
Medium: python-virtualenv
Issue Overview: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...
Medium: php72
Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
Important: python34
Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...
Medium: httpd
Issue Overview: A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A...
Low: curl
Issue Overview: curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used ...
Critical: kernel
Issue Overview: Fixes for L1Terminal Fault security issues: L1 Terminal Fault-OS/ SMM: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a...
Medium: openssl
Issue Overview: bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...
Important: microcode_ctl
Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...
Medium: php56
Issue Overview: Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326. All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream...
Important: java-1.7.0-openjdk
Issue Overview: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Ja...
Important: php55
Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...
Medium: libxml2
Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2,...
Important: httpd
Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...
Important: kernel
Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...
Medium: golang
Issue Overview: Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. CVE-2022-23772 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This...
Medium: postgresql
Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...
Medium: libxml2
Issue Overview: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Affected Packages: libxml2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...
Important: python-pillow
Issue Overview: A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or...
Important: java-11-amazon-corretto
Issue Overview: There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to...
Low: httpd24
Issue Overview: No CVE associated with this advisory Affected Packages: httpd24 Issue Correction: Run yum update httpd24 or yum update --advisory ALAS-2020-1418 to update your system. New Packages: i686: mod24proxyhtml-2.4.46-1.90.amzn1.i686 httpd24-tools-2.4.46-1.90.amzn1.i686 ...
Important: tomcat
Issue Overview: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and ...
Important: telnet
Issue Overview: utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. CVE-2020-10188 Affected Packages: telnet Issue Correction: Run yum upda...
Important: openssl
Issue Overview: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a grou...
Medium: java-11-amazon-corretto
Issue Overview: OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because...
Medium: openssl
Issue Overview: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 A denial of service flaw was found in the way...
Critical: mysql56
Issue Overview: A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...
Medium: tomcat7
Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...
Medium: openssl
Issue Overview: A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. CVE-2015-3194...
Important: java-1.6.0-openjdk
Issue Overview: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883,...
Critical: glibc
Issue Overview: A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code...
Critical: java-1.7.0-openjdk
Issue Overview: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discover...
Critical: php54
Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...
Medium: glibc
Issue Overview: Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation strtod, strtof, and strtold. If an application used such a function on attacker controlled input, it could cause the...
Important: httpd
Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...
Important: python-lxml
Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...
Medium: java-1.8.0-openjdk
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...
Important: krb5
Issue Overview: Integer overflow vulnerabilities in PAC parsing CVE-2022-42898 Affected Packages: krb5 Issue Correction: Run yum update krb5 or yum update --advisory ALAS-2023-1667 to update your system. New Packages: i686: krb5-server-ldap-1.15.1-46.49.amzn1.i686 ...
Important: python38
Issue Overview: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Affected...
Important: kernel
Issue Overview: An out-of-bounds write flaw was found in the Linux kernels framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUTVSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system...