Medium: poppler

Issue Overview: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers t...

Medium: libxml2

Issue Overview: Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615 Affected Packages: libxml2 Note...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...

Medium: sox

Issue Overview: A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsxreadwbuf in formatsi.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. CVE-2021-23159 A vulnerability was found in SoX, where a...

Important: cri-tools

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send...

Medium: qemu

Issue Overview: There is a vulnerability in the lsi53c895a device which affects the latest version of qemu. The carefully designed PoC can repeatedly trigger DMA writes but does not limit the addresses written to the DMA, resulting in reentrancy issues and eventually overflow. CVE-2023-0330...

Important: bind

Issue Overview: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

Important: mod_security

Issue Overview: In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase. CVE-2022-48279...

Important: xmlrpc

Issue Overview: An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintain...

Medium: libwebp

Issue Overview: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2020-36330 A flaw was found in libwebp in versions...

Medium: python-twisted-web

Issue Overview: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowi...

Low: ghostscript

Issue Overview: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVE-2019-25059 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: libsndfile

Issue Overview: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read...

Low: cifs-utils

Issue Overview: A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. CVE-2022-29869 Affected...

Important: xorg-x11-server

Issue Overview: A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw...

Critical: nss-util

Issue Overview: NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using...

Important: libbpf

Issue Overview: A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btfdumpnamedups of the file tools/lib/bpf/btfdump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifi...

Important: expat

Issue Overview: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Important: systemd

Issue Overview: It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies...

Medium: expat

Issue Overview: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 Affected Packages: expat Issue Correction: Run yum update expat or y...

Important: cyrus-imapd

Issue Overview: A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this...

Medium: glib2

Issue Overview: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation. CVE-2021-27218 Affected Packages: glib2...

Medium: containerd

Issue Overview: A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file or widen access...

Medium: nss

Issue Overview: A flaw was found in the way NSS handled CCS ChangeCipherSpec messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system...

Medium: bind

Issue Overview: Incremental zone transfers IXFR provide a way of transferring changed portions of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for...

Medium: openldap

Issue Overview: A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this...

Important: php-pear

Issue Overview: Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193 Affected Packages: php-pear Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Important: libX11

Issue Overview: An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to...

Important: xorg-x11-server

Issue Overview: A flaw was found in X.Org Server. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14345 A flaw was found i...

Medium: mailman

Issue Overview: A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts. CVE-2018-0618 An issue was discovered in GN...

Low: evince

Issue Overview: A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service...

Medium: libssh2

Issue Overview: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive...

Medium: e2fsprogs

Issue Overview: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability...

Medium: ntp

Issue Overview: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be ...

Medium: json-c

Issue Overview: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762 Affected Packages: json-c Issue Correction: Run yum update json-c or yum update --advisory ALAS-2020-1381 to update your system. New...

Important: zsh

Issue Overview: In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

Medium: mod_auth_mellon

Issue Overview: modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. CVE-2019-13038 Affected Packages: modauthmellon Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit thi...

Important: SDL

Issue Overview: A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow a...

Low: ntp

Issue Overview: The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code...

Low: compat-libtiff3

Issue Overview: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tifprint.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. This affects an earlier part of the TIFFPrintDirectory function that w...

Important: pacemaker

Issue Overview: A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. CVE-2018-16878 A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. CVE-2019-38...

Important: freerdp

Issue Overview: FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nscrledecode that results in a memory corruption and possibly even a remote code execution.CVE-2018-8788 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a...

Medium: bind

Issue Overview: To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when...

Important: systemd

Issue Overview: It was found that busprocessobject in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the...

Important: NetworkManager

Issue Overview: It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim'...

Important: slf4j

Issue Overview: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution: An XML deserialization vulnerability was discovered in slf4j's EventData which accepts anXML serialized string and can lead to arbitrary code execution. CVE-2018-8088 Affected Packages:...

Important: curl

Issue Overview: HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and...

Medium: sssd

Issue Overview: Unsanitized input when searching in local cache database It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for...

Medium: samba

Issue Overview: Server memory information leak over SMB1: An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serve...

Important: aws-cfn-bootstrap

Issue Overview: The default umask value is set to 022 to address a privilege escalation security vulnerability. Affected Packages: aws-cfn-bootstrap Issue Correction: Run yum update aws-cfn-bootstrap or yum update --advisory ALAS-2017-895 to update your system. 1. Run yum update aws-cfn-bootstrap...