8699 matches found
Medium: squid
Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error page...
Medium: libguestfs-winsupport
Issue Overview: An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. CVE-2022-30783 A crafted NTFS image can cause heap exhaustion in ntfsgetattributevalue in NTFS-3G...
Important: cacti
Issue Overview: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution ...
Important: tomcat8
Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Medium: libX11
Issue Overview: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 libX11: integer overflow in XCreateImage leading to a heap overflow. CVE-2023-43787 Affected Packages: libX11 Issue Correction: Run yum update libX11 or yum update --advisory ALAS-2023-1859 to update your system...
Medium: nasm
Issue Overview: A Use After Free vulnerability in function newToken in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. CVE-2020-18780 A Segmentation Fault issue discovered in in ieeesegment function in outieee.c in nasm 2.14.03 and 2.15 allows...
Low: libarchive
Issue Overview: No CVE associated with this advisory Affected Packages: libarchive Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update libarchive or yum upda...
Medium: gsl
Issue Overview: A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application...
Medium: kernel
Issue Overview: A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
Important: rust
Issue Overview: Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files...
Medium: qemu
Issue Overview: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values...
Medium: mod24_security
Issue Overview: In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase. CVE-2022-48279...
Important: nss
Issue Overview: firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 Affected Packages: nss Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction...
Important: bcel
Issue Overview: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllab...
Medium: postgresql95
Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...
Important: golist
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Medium: java-11-amazon-corretto
Issue Overview: Enhance DTLS performance: DTLS does not avail itself of the HelloVerifyRequest message which opens opportunities for DoS. CVE-2023-21835 Better Banking of Sounds: JARSoundbankReader can load classes from remote URLs. CVE-2023-21843 Affected Packages: java-11-amazon-corretto Note:...
Medium: dhcp
Issue Overview: An integer overflow vulnerability was found in the DHCP server. When the "optioncodehashlookup" function is called from "addoption", it increases the option's "refcount" field. However, there is not a corresponding call to "optiondereference" to decrement the "refcount" field. The...
Medium: zsh
Issue Overview: A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...
Medium: openldap
Issue Overview: A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. CVE-2020-36225 Affected Packages: openldap Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FA...
Medium: nvidia
Issue Overview: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer nvlddmkm.sys or nvidia.ko where improper access control may lead to denial of service, information disclosure, or data corruption. CVE-2021-1076 Affected Packages: nvidia Issue...
Medium: cups
Issue Overview: A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved...
Low: unzip
Issue Overview: Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Affected Packages: unzip Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Medium: python-pillow
Issue Overview: An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to...
Important: thunderbird
Issue Overview: By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or...
Low: lua53
Issue Overview: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31. CVE-2020-24370 Affected Packages: lua53 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Low: file
Issue Overview: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360 Affected Packages: file Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Important: exim
Issue Overview: Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. CVE-2020-12783 Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory ALAS-2020-1380 to...
Important: git
Issue Overview: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. CVE-2020-5260...
Critical: openslp
Issue Overview: A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger th...
Medium: file
Issue Overview: cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write.CVE-2019-18218 Affected Packages: file Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...
Medium: rsyslog
Issue Overview: A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash.CVE-2018-16881 Affected Packages: rsyslog Note: This advisory is applicable to Amazon Linux 2 AL...
Medium: libevent
Issue Overview: Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the 1 evbufferad...
Important: dovecot
Issue Overview: In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.CVE-2019-11500 Affected Packages:...
Medium: perl-Archive-Tar
Issue Overview: It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl...
Low: blktrace
Issue Overview: blktrace aka Block IO Tracing 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the devmapread function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted...
Low: mod_http2
Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...
Low: setup
Issue Overview: Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell...
Important: ruby
Issue Overview: An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a...
Medium: glibc
Issue Overview: A buffer overflow has been discovered in the GNU C Library aka glibc or libc6 in the mempcpyavx512novzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.CVE-2018-11237 Affected...
Medium: xerces-c
Issue Overview: A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data.CVE-2016-4463 Affected Packages: xerces-c Note: Thi...
Medium: wget
Issue Overview: A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.CVE-2018-0494 Affected Packages: wget Issue Correction: Run yum update wget or yum update --advisory ALAS-2018-1040 to updat...
Important: procps-ng
Issue Overview: Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in...
Important: pcs
Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...
Medium: memcached
Issue Overview: It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. It was discovered that the memcached connections...
Important: quagga
Issue Overview: Infinite loop issue triggered by invalid OPEN message allows denial-of-service An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it...
Medium: mysql56
Issue Overview: Server: Charsets unspecified vulnerability CPU Jul 2017: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Charsets. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit...
Medium: curl
Issue Overview: FILE buffer read out of bounds CVE-2017-1000099 TFTP sends more than buffer size CVE-2017-1000100 URL globbing out of bounds read CVE-2017-1000101 Affected Packages: curl Issue Correction: Run yum update curl or yum update --advisory ALAS-2017-889 to update your system. New...
Medium: libnl3
Issue Overview: Integer overflow in nlmsgreserve: An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such a...
Medium: openjpeg
Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-716...