8850 matches found
Medium: kernel
Issue Overview: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could...
Important: kernel
Issue Overview: An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be...
Medium: qemu
Issue Overview: A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ipreass routine while reassembling incoming packets, if the first fragment is bigger than the m-mdat buffer. A user or process could use this flaw to crash the QEMU...
Medium: golang
Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...
Important: kernel
Issue Overview: A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler. CVE-2020-12657 A flaw was...
Low: binutils
Issue Overview: An integer wraparound has been discovered in the Binary File Descriptor BFD library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.CVE-2018-7568 The ignoresectionsym function in elf.c ...
Medium: mysql56
Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...
Medium: ntp
Issue Overview: Ephemeral association time spoofing additional protection ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modif...
Medium: ntp
Issue Overview: The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013. CVE-2013-5211 A malicious authenticated...
Medium: php56, php70, php71
Issue Overview: Null pointer dereference due to mishandling of ldapgetdn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c...
Medium: python34, python35, python36, python27
Issue Overview: DOS via regular expression catastrophic backtracking in apop method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. CVE-2018-1060 DOS via regular...
Medium: ruby24, ruby22, ruby23
Issue Overview: Unsafe object deserialization through YAML formatted gem specifications: A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute...
Important: aws-cfn-bootstrap
Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 Affected Packages: aws-cfn-bootstrap Issue...
Medium: gnutls
Issue Overview: A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients...
Important: java-1.6.0-openjdk
Issue Overview: An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. CVE-2016-3606 Multiple denial of service flaws were found in the JAXP componen...
Medium: python26, python27, python34
Issue Overview: It was found that Python's httplib library used urllib, urllib2 and others did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values...
Medium: cacti
Issue Overview: Various cross-site scripting XSS flaws CVE-2013-5588, CVE-2014-5025, CVE-2014-5026 and various SQL injection flaws CVE-2013-5589, CVE-2015-4342, CVE-2015-4634, CVE-2015-8377, CVE-2015-8604 were discovered affecting versions of Cacti prior to 0.8.8g. Cross-site scripting XSS...
Medium: nss
Issue Overview: A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct...
Medium: nss, nss-util
Issue Overview: A flaw was found in the way the TLS protocol composes the Diffie-Hellman DH key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. CVE-2015-4000 Please note th...
Medium: file
Issue Overview: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of...
Medium: xerces-j2
Issue Overview: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application...
Important: openssl
Issue Overview: A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory...
Medium: kernel
Issue Overview: It was found that a deadlock could occur in the Out of Memory OOM killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing requestmodule to be called. A local, unprivileged user could use this flaw to cause a denial of service excessive...
Important: krb5
Issue Overview: An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests AS-REQ. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. CVE-2012-1015 A NULL pointer dereference flaw...
Important: kernel
Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 A flaw was found in the ATA over Ethernet AoE driver in the...
Important: kernel
Issue Overview: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. CVE-2023-6606 Affected Packages: kernel Note: This advisory is applicable t...
Important: nginx
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run yum update nginx or yum...
Important: tomcat7
Issue Overview: 2023-05-11: CVE-2017-12616 was added to this advisory. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted...
Medium: libxml2
Issue Overview: A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce...
Important: tomcat
Issue Overview: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. CVE-2017-12616 When using the RemoteIpFilter with...
Medium: ImageMagick
Issue Overview: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input. CVE-2022-44267 ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize...
Medium: expat
Issue Overview: In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. CVE-2021-46143 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 h...
Important: httpd24
Issue Overview: There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via...
Important: freetype
Issue Overview: Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Affected Packages: freetype Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...
Medium: nspr, nss-softokn, nss-util, nss
Issue Overview: When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services NSS library. This could lead to information disclosure. This vulnerability affects Firefox ESR 60.8, Firefox 68, and...
Critical: kernel
Issue Overview: CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernel...
Medium: openssl
Issue Overview: A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.CVE-2018-5407 If an application encounters a fata...
Low: sssd
Issue Overview: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. CVE-2018-10852...
Medium: httpd24
Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...
Important: postgresql
Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...
Critical: java-1.7.0-openjdk
Issue Overview: Unbounded memory allocation during deserialization in NamedNodeMapImpl JAXP, 8189993 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded:...
Medium: 389-ds-base
Issue Overview: Password brute-force possible for locked account due to different return codes: A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDA...
Medium: php70
Issue Overview: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...
Medium: ntp
Issue Overview: It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses...
Important: ImageMagick
Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagi...
Critical: samba
Issue Overview: Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running...
Low: kernel
Issue Overview: The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and...
Medium: kernel
Issue Overview: The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1...
Critical: php55
Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...
Medium: httpd24
Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...