Medium: edk2

Issue Overview: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12182 Stack overflow in XHCI for EDK II may allow an unauthenticated...

Medium: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with...

Important: golang

Issue Overview: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume...

Important: freeradius

Issue Overview: FreeRADIUS mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and...

Low: mod_http2

Issue Overview: In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections.CVE-2018-17189...

Important: kernel

Issue Overview: A kernel memory leak was found in the kernelreadfile function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service DoS.CVE-2019-8980 A flaw was found in mmap in the Linux kernel allowing the process to map a...

Medium: java-1.8.0-openjdk, java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other...

Low: dhcp

Issue Overview: Command injection vulnerability in the DHCP client NetworkManager integration script A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network abl...

Medium: nghttp2

Issue Overview: nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 Affected Packages: nghttp2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum updat...

Medium: stunnel, amazon-efs-utils

Issue Overview: This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost. This update adds t...

Critical: libvorbis

Issue Overview: Vorbis audio processing out of bounds write: An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code. CVE-2018-5146 Affected Packages:...

Medium: clamav

Issue Overview: Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

Low: tomcat7

Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

Important: ghostscript

Issue Overview: It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection...

Medium: cacti

Issue Overview: PHP Object Injection Vulnerabilities CVE-2014-4000 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2017-817 to update your system. New Packages: noarch: cacti-1.0.4-1.14.amzn1.noarch src: cacti-1.0.4-1.14.amzn1.src Additional...

Low: krb5

Issue Overview: A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modifyprincipal...

Medium: mysql55

Issue Overview: The following security-related issues were fixed: CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3243 Server: Charsets unspecified vulnerability CVE-2017-3244 Server: DML unspecified vulnerability CVE-2017-3258 Server: DDL unspecified vulnerability CVE-2017-331...

Medium: 389-ds-base

Issue Overview: CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many...

Medium: libgcrypt, gnupg

Issue Overview: A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes. Affected Packages: libgcrypt, gnupg Issue Correction: Run yum update libgcrypt or yum updat...

Medium: golang

Issue Overview: An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability. Affected Packages: golang Issue...

Medium: postgresql8

Issue Overview: A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. CVE-2015-5288 Affected Packages: postgresql8 Issue Correction: Run yum update postgresql8 o...

Medium: tigervnc

Issue Overview: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client. A NULL pointer dereference flaw was...

Medium: ruby21

Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...

Medium: libcap-ng

Issue Overview: A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capnglock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid system call, among others...

Medium: python-pip

Issue Overview: A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. Affected Packages: python-pip Issue Correction: Run yum update python-pip or yum update...

Medium: chrony

Issue Overview: As reported upstream http://chrony.tuxfamily.org/News.html: When NTP or cmdmon access was configured from chrony.conf or via authenticated cmdmon with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder e.g. 192.168.15.0/22 or...

Medium: tomcat6

Issue Overview: It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of...

Medium: krb5

Issue Overview: A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi could call the gssprocesscontexttoken function and use this flaw to crash that...

Important: freetype

Issue Overview: Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash...

Medium: lua

Issue Overview: Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a large number of fixed arguments. Affected Packages: lua Issue Correctio...

Important: gnutls

Issue Overview: It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could ...

Low: coreutils

Issue Overview: It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those utilities by providing long input strings. CVE-2013-0221, CVE-2013-0222, CVE-2013-0223 Affected Packages: coreutils...

Low: sudo

Issue Overview: A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing...

Medium: wireshark

Issue Overview: Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. CVE-2013-3559, CVE-2013-4083 Several denial of service flaws were found in...

Medium: gnutls

Issue Overview: It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding...

Important: freetype

Issue Overview: A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format BDF fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute...

Important: mysql55

Issue Overview: sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp...

Important: openssl098e

Issue Overview: Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO...

Medium: glibc

Issue Overview: An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit th...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount CVE-2024-49960 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key CVE-2024-53179 In the Linux kernel,...

Medium: poppler

Issue Overview: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers t...

Important: golang

Issue Overview: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the...

Important: ghostscript

Issue Overview: Buffer Overflow vulnerability in cljmediasize function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impacts via opening of crafted PDF document. CVE-2020-21890 Affected Packages: ghostscript Issue...

Important: kernel

Issue Overview: A use-after-free flaw was found in nftables cross-table in the net/netfilter/nftablesapi.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation...

Medium: mod_security

Issue Overview: In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase. CVE-2022-48279...

Medium: dnsmasq

Issue Overview: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. CVE-2023-28450 Affected Packages: dnsmasq Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

Medium: microcode_ctl

Issue Overview: Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. CVE-2022-21216 Incorrect default permissions in some...

Medium: protobuf

Issue Overview: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...

Low: dnsmasq

Issue Overview: A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time...