Important: openjpeg

Issue Overview: Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the...

Medium: kernel, nvidia

Issue Overview: The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service guest crash by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption...

Medium: kernel

Issue Overview: The rdsrecvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 recvfrom or 2 recvmsg system call on an RDS socket...

Medium: openssl

Issue Overview: A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions S/MIME messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. CVE-2012-1165 A flaw was found in the...

Medium: vim

Issue Overview: Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the...

Medium: harfbuzz

Issue Overview: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Affected Packages: harfbuzz Note: This advisory is applicable to Amazon Linux 2...

Important: thunderbird

Issue Overview: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...

Important: java-1.8.0-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: golist

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: golist Note: This advisory is applicable to Amazon Lin...

Important: python-ecdsa

Issue Overview: An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service. CVE-2019-14853 A flaw was found in all python-ecdsa...

Important: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Important: jasper

Issue Overview: A flaw was found in the Jasper tool's jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-27828 ...

Medium: vim

Issue Overview: A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utfptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into...

Important: lighttpd

Issue Overview: In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

Important: libXpm

Issue Overview: A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-44617 A flaw was found ...

Medium: httpcomponents-client

Issue Overview: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. CVE-2020-13956 Affected Packages: httpcomponents-client...

Important: libtasn1

Issue Overview: GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder. CVE-2021-46848 Affected Packages: libtasn1 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core an...

Medium: python3

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 1...

Important: kernel

Issue Overview: In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules CVE-2021-47103 A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function securityinodealloc to fail with following call to...

Important: cyrus-sasl

Issue Overview: A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges. CVE-2022-24407 Affected Packages: cyrus-sasl Note: This advisory is...

Important: libwebp

Issue Overview: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from no...

Important: postgresql95, postgresql96

Issue Overview: A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text...

Low: dnsmasq

Issue Overview: A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time...

Medium: samba

Issue Overview: A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the conten...

Medium: qt

Issue Overview: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault...

Important: http-parser

Issue Overview: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Affected Packages: http-parser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Medium: systemd

Issue Overview: A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending...

Important: nghttp2

Issue Overview: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and...

Important: mutt

Issue Overview: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.CVE-2018-14362 An issue was discovered in Mutt before 1.10.1 and NeoMutt...

Medium: mysql55

Issue Overview: Server: Charsets unspecified vulnerability CPU Jul 2017 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Charsets. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit...

Important: kernel

Issue Overview: Unsafe second checksum calculation in udp.c: The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag. This may create a kernel panic or memor...

Low: vim

Issue Overview: An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. CVE-2017-6350 An integer overflow flaw was found in the way vim handled undo files. This bug...

Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities...

Medium: libxml2

Issue Overview: A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. The...

Medium: mailman

Issue Overview: It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 It was found that mailman stored private email messages in a world-readable...

Medium: cups

Issue Overview: A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in...

Low: libjpeg-turbo

Issue Overview: A flaw in libjpeg-turbo was reported http://seclists.org/oss-sec/2014/q4/557 that could lead to a local denial of service when processing a specially-crafted JPEG issue. Affected Packages: libjpeg-turbo Issue Correction: Run yum update libjpeg-turbo or yum update --advisory...

Medium: tomcat7

Issue Overview: It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data,...

Medium: tomcat8

Issue Overview: It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data,...

Medium: ruby20

Issue Overview: The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied,...

Important: java-1.8.0-openjdk

Issue Overview: It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2014-6562 Multiple fla...

Medium: lzo

Issue Overview: An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that...

Medium: libtiff

Issue Overview: Use-after-free vulnerability in the t2preadwritepdfimage function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service crash or possible execute arbitrary code via a crafted TIFF image. The LZW decompressor in the gif2tiff tool in libtiff 4.0.3...

Medium: lighttpd

Issue Overview: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, whi...

Important: libyaml

Issue Overview: The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buff...

Medium: glibc

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the...

Important: nginx

Issue Overview: nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Affected Packages: nginx Issue Correction: Run yum update nginx or yum update --advisory ALAS-2013-249 to update your system. New...

Medium: ruby

Issue Overview: It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML...