8699 matches found
Important: exim
Issue Overview: Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some...
Medium: libXpm
Issue Overview: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVE-2023-43786 libX11: integer overflow in XCreateImage leading to a heap...
Important: kernel
Issue Overview: A flaw in the Linux Kernel found in the GFS2 file system. On corrupted gfs2 file systems the evict code can try to reference the journal descriptor structure, jdesc, after it has been freed and set to NULL. It can lead to null pointer dereference when gfs2transbegin being called a...
Medium: ghostscript
Issue Overview: A divide by zero issue discovered in epsprintpage in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. CVE-2020-21710 Affected Packages: ghostscript Issue Correction: Run yum update ghostscript or...
Medium: libtiff
Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE-2023-0800 LibTIFF 4.4.0 has an...
Medium: php55-pecl-imagick
Issue Overview: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-1000476 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability th...
Medium: php71-pecl-imagick
Issue Overview: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-1000476 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability th...
Medium: compat-libtiff3
Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE-2023-0800 LibTIFF 4.4.0 has an...
Medium: ghostscript
Issue Overview: A buffer overflow flaw was found in base/gdevdevn.c:1973 in devnpcxwriterle in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. CVE-2023-38559 Affected Packages: ghostscript Issue Correctio...
Important: kernel
Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter...
Medium: python-rsa
Issue Overview: A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality. CVE-2020-2565...
Medium: qemu
Issue Overview: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles o...
Low: wireshark
Issue Overview: Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark...
Important: privoxy
Issue Overview: A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunkedbodyiscomplete leading to denial of service. CVE-2021-20275 A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...
Medium: openjpeg
Issue Overview: A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG. CVE-2021-3575 Affected Packages: openjpeg Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Important: xorg-x11-server
Issue Overview: A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw...
Medium: protobuf
Issue Overview: A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory. CVE-2021-22570 Affect...
Critical: nss-softokn
Issue Overview: NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using...
Medium: ant
Issue Overview: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats...
Important: expat
Issue Overview: A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some...
Important: rsync
Issue Overview: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated...
Important: dbus
Issue Overview: A flaw was found in dbus. The implementation of DBUSCOOKIESHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a /.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations...
Important: golang-github-godbus-dbus
Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...
Medium: gnupg2
Issue Overview: A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control. CVE-2022-34903 Affected Packages: gnupg2 Note: This advisory is applicable to...
Critical: thunderbird
Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executin...
Important: exiv2
Issue Overview: A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and...
Medium: curl
Issue Overview: A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to...
Important: subversion
Issue Overview: A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. CVE-2020-17525 Affected...
Important: ImageMagick
Issue Overview: A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
Important: dovecot
Issue Overview: A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. In Dovecot...
Medium: freerdp
Issue Overview: In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. CVE-2020-11018 In FreeRDP less than or equal to 2.0.0...
Medium: OpenEXR
Issue Overview: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. CVE-2020-11761 An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and...
Medium: golang
Issue Overview: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. A flaw was found Go's net/http package. Servers using ReverseProxy fro...
Medium: dovecot
Issue Overview: In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. CVE-2019-7524 It was discovered that...
Medium: json-c
Issue Overview: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762 Affected Packages: json-c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Low: tcpdump
Issue Overview: In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization. CVE-2018-19519 Affected Packages: tcpdump Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Low: zziplib
Issue Overview: An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service attack.CVE-2018-16548 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address whe...
Medium: opensc
Issue Overview: Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified...
Low: glib2
Issue Overview: No CVE associated with this advisory Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update glib2 or yum update...
Low: kernel
Issue Overview: A flaw was found in the Linux kernel in the hiddebugeventsread function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user "root" to achieve an out-of-bounds write and thus receiving user space buffer corruption. CVE-2018-9516 Affected...
Important: python-jinja2
Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Ru...
Important: 389-ds-base
Issue Overview: It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus...
Medium: mod_auth_mellon, mod24_auth_mellon
Issue Overview: Cross-site session transfer vulnerability: It was found that modauthmellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server...
Important: mercurial
Issue Overview: Python debugger accessible to authorized users: A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted...
Important: policycoreutils
Issue Overview: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox. Affected...
Important: python-twisted-web
Issue Overview: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP...
Low: mod24_nss
Issue Overview: It was reported that +CIPHER operator in OpenSSL changes the order of a cipher. Instead of returning an error as NSS does not support cipher ordering, it returned the result of processing up to that point, which could result in requested ciphers not being enabled. Affected Package...
Low: e2fsprogs
Issue Overview: A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library for example, fsck to crash or, possibly, execute arbitrary code. Affected Packages: e2fsprogs Issue Correction: Run yum update...
Medium: python-botocore
Issue Overview: A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. Affected Packages: python-botocore Issue Correction: Run yum update python-botocore or y...
Medium: puppet
Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...