Medium: httpd

Issue Overview: An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. CVE-2022-26377 An out-of-bounds read vulnerability was found in the modisapi module of httpd. The...

Important: wget

Issue Overview: A buffer overflow vulnerability was found in GNU Wget. An attacker may be able to cause a denial-of-service DoS or may execute an arbitrary code. CVE-2019-5953 Affected Packages: wget Issue Correction: Run yum update wget or yum update --advisory ALAS-2019-1194 to update your...

Critical: cacti

Issue Overview: A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a polleritem configured with a POLLERACTIONSCRIPTPHP action is present. This updated cacti package adds a feature allowing an...

Medium: kernel

Issue Overview: In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. CVE-2019-20096 An issue was discovered in the Linux kernel before 5.0.10. SMB2negotiate in fs/cifs/smb2pdu.c has an out-of-bounds...

Medium: libjpeg-turbo

Issue Overview: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file.CVE-2016-3616 libjpeg 9c has a large loop because readpixel in rdtarga.c mishandles EOF.CVE-2018-11813 An...

Medium: kernel

Issue Overview: A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptracegetdebugreg" commit...

Low: libXcursor

Issue Overview: XcursorThemeInherits in library.c in libXcursor allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. CVE-2015-9262 Affected Packages: libXcursor Issue Correction: Run yum update libXcursor or yum update --advisory...

Critical: aws-kinesis-agent

Issue Overview: Amazon Kinesis Agent versions within Amazon Linux 2 AL2 prior to aws-kinesis-agent-2.0.4-1 included a version of Apache Log4j affected by CVE-2021-44228 and CVE-2021-45046. The Amazon Kinesis Agent has been updated to aws-kinesis-agent-2.0.4-1 within Amazon Linux 2 that mitigates...

Medium: kernel

Issue Overview: It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.CVE-2018-15594 A buffer overflow due to a...

Important: golang

Issue Overview: In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPAT...

Important: openssh

Issue Overview: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into...

Low: curl

Issue Overview: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. In order to mimic the Linux capabilities of the target process, Amazon Linu...

Medium: python35

Issue Overview: An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed b...

Important: vim

Issue Overview: It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 Affected Packages: vim Issue Correction: Run yum update vim o...

Important: sudo

Issue Overview: When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy...

Medium: ruby20

Issue Overview: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy whi...

Medium: php-ZendFramework

Issue Overview: The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses, as discussed in http://framework.zend.com/security/advisory/ZF2014-04. Affected Packages: php-ZendFramework...

Important: kernel

Issue Overview: A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. CVE-2023-1838...

Important: tomcat8

Issue Overview: When the default servlet in Apache Tomcat returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. CVE-2018-11784 The HTTP/2...

Important: java-11-amazon-corretto

Issue Overview: Further information about this update can be found in the Corretto 11 change log https://github.com/corretto/corretto-11/blob/develop/CHANGELOG.md Affected Packages: java-11-amazon-corretto Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Medium: docker

Issue Overview: A command injection flaw was discovered in Docker during the docker build command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch/git checkout commands that are executed by Docker and to execute...

Medium: libtiff

Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service out-of-bounds read via a crafted tif file. CVE-2016-9532 A flaw was found in libtiff. Due to a memory allocation failure in...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfrsp and l2capparseconfreq functions. An attacker with physical access within the range of standard Bluetooth transmission c...

Important: perl

Issue Overview: Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18311 Affected Packages: perl Issue Correction: Run yum update perl or yum update --advisory ALAS-2019-1180 to update your system. New Packages: i686: ...

Important: kernel

Issue Overview: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. CVE-2020-14356 A flaw was found in the Lin...

Medium: kernel

Issue Overview: A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to...

Low: php72

Issue Overview: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead...

Important: kernel

Issue Overview: - Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12126 - Microarchitectural Fill Buffer Data Sampling MFBDS CVE-2018-12130 - Microarchitectural Load Port Data Sampling MLPDS CVE-2018-12127 - Microarchitectural Data Sampling Uncacheable Memory MDSUM CVE-2019-11091...

Important: java-17-amazon-corretto

Issue Overview: Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. CVE-2022-21541 computeNextExponential sometimes returns negative numbers...

Important: httpd

Issue Overview: A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. CVE-2022-22719 A flaw was found in...

Important: httpd

Issue Overview: A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. CVE-2021-33193 A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threa...

Important: patch

Issue Overview: doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerab...

Medium: httpd

Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...

Important: httpd

Issue Overview: A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service. CVE-2021-31618 Affected Packages: httpd Note: This advisory is applicable t...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-13 will now explicitly mimic the permissions of the JVM attempting to be updated. Affected Packages: log4j-cve-2021-44228-hotpatch Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: mysql56

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

Critical: kernel

Issue Overview: Exploitable memory corruption due to UFO to non-UFO path switch CVE-2017-1000112 heap out-of-bounds in AFPACKET sockets CVE-2017-1000111 The mqnotify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a...

Important: http-parser

Issue Overview: A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.j...

Medium: php71, php72, php73

Issue Overview: An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling...

Medium: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other...

Medium: httpd

Issue Overview: Apache HTTP Request Parsing Whitespace Defects It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or...

Low: kernel

Issue Overview: A flaw was found in the Linux kernel in the hiddebugeventsread function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user "root" to achieve an out-of-bounds write and thus receiving user space buffer corruption.CVE-2018-9516 Note: The...

Medium: httpd

Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw was found in HTTPd. In some Apache HTTP Server versions, unprivileged local users can stop HTTPd on Windows. The highest threat from this vulnerability is to syste...

Important: httpd

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest...

Important: httpd

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

Important: sudo

Issue Overview: When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy...

Medium: httpd24

Issue Overview: A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/...

Important: httpd

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...