8699 matches found
Medium: tigervnc
Issue Overview: A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of...
Medium: openssh
Issue Overview: It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh1 coupled with "fail open" behavior in...
Important: mod24_wsgi
Issue Overview: It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system...
Medium: mod24_security
Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...
Important: postgresql8
Issue Overview: Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with...
Medium: graphviz
Issue Overview: Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Stack-based buffer overflow in the yyerror function in...
Medium: graphviz
Issue Overview: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Affected Packages: graphviz Issue Correction: Run yum update graphviz or yum update --advisory ALAS-2014-28...
Low: augeas
Issue Overview: Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user for example, an application running as root that is updating files in a...
Medium: haproxy
Issue Overview: HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values,...
Important: bind
Issue Overview: A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. CVE-2012-5166 Affected Packages: bind Issue Correction: Run yum...
Medium: munin
Issue Overview: Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart plugin. Affected Packages: munin Issue Correction:...
Important: libtiff
Issue Overview: libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute...
Low: xorg-x11-server
Issue Overview: A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. CVE-2011-4028 A race condition was found ...
Medium: nginx
Issue Overview: Heap-based buffer overflow in compression-pointer processing in core/ngxresolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service daemon crash or possibly have unspecified other impact via a long response. Affected Packages: nginx Issue Correction: Run...
Medium: puppet
Issue Overview: Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cowfilerange failed CVE-2024-57976 In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dupmmap failures and uprobe registering...
Important: emacs
Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missi...
Important: golang
Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...
Medium: edk2
Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem...
Medium: microcode_ctl
Issue Overview: Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2023-38575 Protection mechanism failure of bus lock regulator for some Intel® Processors m...
Medium: woodstox-core
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...
Important: cacti
Issue Overview: Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the "Settings/Utilities" permission can se...
Medium: thunderbird
Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...
Important: ImageMagick
Issue Overview: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service segmentation fault or possibly execute arbitrary code via vectors involving the offset variable. CVE-2016-5841 ImageMagick 7.0.7-12 Q16, a CPU exhaustion...
Medium: java-11-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...
Medium: sudo
Issue Overview: Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Medium: ImageMagick
Issue Overview: A vulnerability was found in ImageMagick where heap use-after-free was found in coders/bmp.c. CVE-2023-5341 Affected Packages: ImageMagick Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Important: libssh2
Issue Overview: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CVE-2020-22218 Affected Packages: libssh2 Issue Correction: Run yum update libssh2 or yum update --advisory ALAS-2023-1834 to update your system. New Packages:...
Medium: exempi
Issue Overview: Buffer Overflow vulnerability in function ID3Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. CVE-2020-18651 Affected Packages: exempi Note: This advisory is...
Medium: krb5
Issue Overview: lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the...
Medium: libjpeg-turbo
Issue Overview: The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the getwordrgbrow function in...
Medium: avahi
Issue Overview: A reachable assertion was found in avahidnspacketappendrecord. CVE-2023-38469 A reachable assertion was found in avahiescapelabel. CVE-2023-38470 A reachable assertion was found in dbussethostname. CVE-2023-38471 Affected Packages: avahi Issue Correction: Run yum update avahi or y...
Medium: tomcat
Issue Overview: The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be...
Medium: wireshark
Issue Overview: VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVE-2023-2856 XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted...
Medium: scipy
Issue Overview: A use-after-free issue was discovered in PyFindObjects function in SciPy versions prior to 1.8.0. CVE-2023-29824 Affected Packages: scipy Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Medium: compat-libtiff3
Issue Overview: Memory leak in memory leak in tiffcrop.c. CVE-2023-3576 Affected Packages: compat-libtiff3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum updat...
Important: iperf3
Issue Overview: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. CVE-2023-38403 Affected Packages: iperf3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core...
Medium: python3-requests
Issue Overview: A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the...
Important: squid
Issue Overview: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. CVE-2016-10003 Affected Packages:...
Medium: qemu
Issue Overview: A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on t...
Medium: apache-commons-io
Issue Overview: In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus...
Important: perl
Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31484 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Important: nss
Issue Overview: firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 Affected Packages: nss Issue Correction: Run yum update nss or yum update --advisory ALAS-2023-1736 to update your system. New Packages: i686: nss-sysinit-3.53.1-7.88.amzn1.i686 ...
Important: ghostscript
Issue Overview: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than ful...
Important: emacs
Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggest...
Important: xorg-x11-server
Issue Overview: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems...
Medium: rust
Issue Overview: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To reco rd when an extraction is successful, Cargo writes "ok" to the...
Important: libbpf
Issue Overview: A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btfdumpnamedups of the file tools/lib/bpf/btfdump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifi...
Important: expat
Issue Overview: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...