8850 matches found
Medium: java-11-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...
Important: kernel
Issue Overview: A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF...
Medium: systemd
Issue Overview: It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the...
Medium: python27, python36, python38
Issue Overview: A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer...
Medium: poppler
Issue Overview: The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image files. CVE-2019-11459 Poppler befo...
Medium: bind
Issue Overview: "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit du...
Medium: libjpeg-turbo
Issue Overview: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file.CVE-2016-3616 A divide by zero vulnerability has been discovered in libjpeg-turbo in allocsarray function o...
Important: kernel
Issue Overview: An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostne...
Low: curl
Issue Overview: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 Affected Packages: curl Issue Correction: Run yum update curl or yum...
Important: python
Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...
Critical: kernel
Issue Overview: An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upo...
Low: nginx
Issue Overview: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially...
Medium: bash
Issue Overview: popd controlled free: A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.CVE-2016-9401 Arbitrary code execution via malicious...
Critical: kernel
Issue Overview: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The...
Medium: kernel
Issue Overview: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a...
Important: libtiff
Issue Overview: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. CVE-2014-9655,...
Important: mysql55
Issue Overview: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a clien...
Critical: java-1.8.0-openjdk
Issue Overview: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610 Multiple denial of service...
Medium: openssh
Issue Overview: An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the loc...
Critical: bind
Issue Overview: An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this...
Medium: postgresql93
Issue Overview: A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. CVE-2015-0243 A flaw was found in wa...
Critical: java-1.7.0-openjdk
Issue Overview: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. CVE-2014-6601 Multiple improper permission check issues were discovered in...
Medium: tomcat6
Issue Overview: It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker...
Medium: kernel
Issue Overview: The ip6routeadd function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service memory consumption via a flood of ICMPv6 Router Advertisement packets. drivers/vhost/net.c in...
Critical: php
Issue Overview: It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. Affected Packages: php Issue Correction: Run yum...
Medium: python3-jinja2
Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...
Important: docker
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run yum update docker or yum update --advisory ALAS-2023-1881 to update your system. New Packages: src: docker-20.10.13-3.amzn1.src x8664: ...
Important: tomcat8
Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...
Important: cni-plugins
Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
Medium: amazon-cloudwatch-agent
Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...
Important: squid
Issue Overview: An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker...
Important: java-11-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficul...
Medium: curl
Issue Overview: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT...
Medium: aws-kinesis-agent
Issue Overview: A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can...
Medium: httpd24
Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to syste...
Important: postgresql
Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 A flaw was found in postgresq...
Medium: ruby20
Issue Overview: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy whi...
Important: libxml2
Issue Overview: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library...
Important: java-11-amazon-corretto
Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network acces...
Medium: microcode_ctl
Issue Overview: A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker...
Important: icu
Issue Overview: An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp. CVE-2020-10531 Affected Packages: icu Note: This advisory ...
Medium: php54-pecl-imagick, php55-pecl-imagick, php56-pecl-imagick, php70-pecl-imagick, php71-pecl-imagick, php72-pecl-imagick
Issue Overview: In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party...
Important: kernel
Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...
Important: glibc
Issue Overview: Fragmentation attacks possible when EDNS0 is enabled The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP...
Important: php71
Issue Overview: Stack-based buffer under-read in ext/standard/httpfopenwrapper.c:phpstreamurlwraphttpex function when parsing HTTP response allows denial of service: In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read...
Important: httpd24, httpd
Issue Overview: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remot...
Medium: kernel
Issue Overview: An integer overflow vulnerability was found in xtalloctableinfo, which on 32-bit systems can lead to small structure allocation and a copyfromuser based heap corruption. CVE-2016-3135 In the marksourcechains function net/ipv4/netfilter/iptables.c it is possible for a user-supplied...
Medium: foomatic
Issue Overview: It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. CVE-2015-8560 It was discovered that the...
Low: nmap
Issue Overview: The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. Affected Packages:...
Medium: kernel
Issue Overview: When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes Denial of Service, or in-guest information leaks. CVE-2016-31...