8699 matches found
Medium: php
Issue Overview: Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based...
Important: edk2
Issue Overview: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
Important: webkitgtk4
Issue Overview: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-42950 A type...
Important: amazon-cloudwatch-agent
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...
Important: gstreamer1-plugins-bad-free
Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...
Medium: libtiff
Issue Overview: The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service invalid read and crash via a crafted tiff image. CVE-2016-5321 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff...
Medium: zstd
Issue Overview: In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Affected Packages: zstd Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
Important: vim
Issue Overview: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. CVE-2023-2426 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. CVE-2023-2609 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. CVE-2023-2610...
Important: python
Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...
Critical: exim
Issue Overview: Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory owned by a non-root user, a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. CVE-2020-28007 Exim 4 before 4.94....
Important: cyrus-sasl
Issue Overview: A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges. CVE-2022-24407 Affected Packages: cyrus-sasl Issue Correction: Run...
Medium: openssh
Issue Overview: A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system...
Medium: busybox
Issue Overview: A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted shell command, leading to a denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-42376 A flaw was found in BusyBox, where it did not properly...
Important: kernel
Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...
Medium: microcode_ctl
Issue Overview: A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AV...
Low: php72, php73
Issue Overview: The flaw is in pharparsezipfile of ext/phar/zip.c. When processing a PHP archive file phar, if a persistent entry is used as defined in php.ini, then memory pointed to by the actualalias pointer is freed. Directly after the free, the actualalias pointer is passed to...
Medium: openvpn
Issue Overview: This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation.CVE-2020-11810 Affected...
Important: kernel
Issue Overview: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine...
Medium: libarchive
Issue Overview: libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16.CVE-2017-14503 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0...
Medium: nss
Issue Overview: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 Libgcrypt...
Medium: python27
Issue Overview: Python 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlspli...
Medium: curl
Issue Overview: libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or...
Important: kernel
Issue Overview: NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the Amazon Linux 2 LTS release. The advisory release date does not accurately reflect the date this was fixed. An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged...
Important: java-1.7.0-openjdk
Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...
Medium: ruby20, ruby22, ruby23, ruby24
Issue Overview: Path traversal when writing to a symlinked basedir outside of the root RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Director...
Medium: tomcat80
Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...
Critical: exim
Issue Overview: Use-after-free in receivemsg function via vectors involving BDAT commands The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...
Medium: postgresql95, postgresql96
Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL...
Important: mysql56
Issue Overview: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. CVE-2016-5440 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via...
Medium: kernel
Issue Overview: Perception Point Research identified http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ a use-after-free vulnerability, representing a local privilege escalation vulnerability in the Linux kernel. Their post contains a...
Medium: libpng
Issue Overview: It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead ...
Medium: libgcrypt
Issue Overview: Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. CVE-2015-0837 Fix a side-channel attack which can potentially lead to an information leak. CVE-2014-3591 Libgcrypt before 1.5.4, as used in...
Medium: glibc
Issue Overview: An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was fou...
Low: clamav
Issue Overview: clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service crash as demonstrated by the jwplayer.js file. Affected Packages: clamav Issue Correction: Run yum update clamav or yum update --advisory ALAS-2014-457 to update your syste...
Important: squid
Issue Overview: A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. CVE-2014-3609 A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send...
Important: glibc
Issue Overview: An off-by-one heap-based buffer overflow flaw was found in glibc's internal gconvtranslitfind function. An attacker able to make an application call the iconvopen function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges ...
Low: python-simplejson
Issue Overview: It was reported http://bugs.python.org/issue21529 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report: The sole prerequisites of this attack are that the...
Medium: ImageMagick
Issue Overview: A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of t...
Medium: net-snmp
Issue Overview: A buffer overflow flaw was found in the way the decodeicmpmsg function in the ICMP-MIB implementation processed Internet Control Message Protocol ICMP message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which...
Medium: libtiff
Issue Overview: A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. CVE-2013-1960, CVE-2013-4232 Multiple buffer...
Medium: rubygems
Issue Overview: Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of...
Medium: python27
Issue Overview: The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafte...
Medium: axis
Issue Overview: Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain...
Important: mysql51
Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed below. 1. April 2012: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.htmlAppendixMSQL...
Important: openjpeg
Issue Overview: It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. CVE-2012-3535 Affected...
Important: rsync
Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming CVE-2024-12088 Placeholder CVE. Details forthcoming CVE-2024-12747 Affected Packages:...
Important: httpd
Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...
Important: java-17-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...
Medium: tomcat
Issue Overview: A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that...
Medium: microcode_ctl
Issue Overview: Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-40982 Improper access control in som...