Low: libXcursor

Issue Overview: XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.CVE-2015-9262 Affected Packages: libXcursor Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: mod24_wsgi

Issue Overview: Failure to handle errors when attempting to drop group privileges modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

Medium: postgresql93, postgresql94, postgresql95, postgresql96

Issue Overview: Uncontrolled search path element in pgdump and other client applications A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser i...

Medium: nvidia

Issue Overview: NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. CVE-2018-6247 NVIDIA Windows GPU Display Driver contains ...

Critical: python-paramiko

Issue Overview: Authentication bypass in transport.py transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authenticatio...

Medium: clamav

Issue Overview: Heap-based buffer overflow in mspack/lzxd.c: mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM...

Important: samba

Issue Overview: Use-after-free in processing SMB1 requests A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. CVE-2017-14746 Server...

Important: file

Issue Overview: An issue in file allowed an attacker to overwrite a fixed 20-byte stack buffer with a specially crafted .notes section in an ELF binary. Affected Packages: file Issue Correction: Run yum update file or yum update --advisory ALAS-2017-900 to update your system. New Packages: i686:...

Medium: cacti

Issue Overview: A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. CVE-2017-12927 The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. CVE-2017-12978 Affected Packages: cacti...

Important: aws-cfn-bootstrap

Issue Overview: New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask. The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root...

Medium: c-ares

Issue Overview: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Affected Packages: c-ares Issue Correction...

Medium: postgresql92

Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...

Medium: postgresql93, postgresql94, postgresql95

Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...

Important: 389-ds-base

Issue Overview: Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of...

Medium: sudo

Issue Overview: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw t...

Medium: mod24_nss

Issue Overview: It was found that the parsing of the NSSCipherSuite option of mod24nss, which accepts OpenSSL-style cipherstrings, is flawed. If the option is used to disable insecure ciphersuites using the common "!" syntax, it will actually enable those insecure ciphersuites. CVE-2015-5244...

Low: libunwind

Issue Overview: An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Affected Packages: libunwind Issue Correction: Run yum update libunwind or yum update --advisory ALAS-2015-600 to update your...

Medium: golang

Issue Overview: crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. Affected Packages: golang Issue Correction: Run yum update golang or yum update --advisory ALAS-2014-437 to update your system. N...

Important: pixman

Issue Overview: An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash...

Important: mysql55

Issue Overview: A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. CVE-2012-561...

Medium: python-crypto

Issue Overview: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. Affected Packages:...

Medium: puppet

Issue Overview: Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack ...

Important: libtasn1

Issue Overview: A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input such as an X.509 certificate that, when parsed by an application that uses libtasn1 such as applications using GnuTLS, could cause the application to crash...

Medium: libxml2

Issue Overview: It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization...

Medium: grub2

Issue Overview: GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Affected Packages: grub2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Medium: python3

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

Important: expat

Issue Overview: An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devmfreepercpu CVE-2024-43871 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID...

Important: qemu

Issue Overview: QEMU: sdhci: heap buffer overflow in sdhciwritedataport CVE-2024-3447 A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to...

Important: libndp

Issue Overview: A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router advertisement packet via malicious user locally. This happens as libndp was not validating correctly the route length information and hence leading to ...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

Medium: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. CVE-2023-42956 A logic issue was addressed with improved validation. This issue is fixed ...

Medium: krb5

Issue Overview: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Affected Packages: krb5 Note: This advisory is applicable to...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

Medium: libuv

Issue Overview: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...

Low: pam

Issue Overview: A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in...

Medium: tomcat8

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...

Medium: libX11

Issue Overview: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. CVE-2023-43786 Affected Packages: libX11 Issue Correction: Run yum update...

Important: python27

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

Medium: libXpm

Issue Overview: libX11: integer overflow in XCreateImage leading to a heap overflow. CVE-2023-43787 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by:...

Important: java-1.8.0-openjdk

Issue Overview: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service. CVE-2022-40433 Affected Packages: java-1.8.0-openjdk Note: This advisory is applicable to Amazon Linux 2...

Medium: wireshark

Issue Overview: BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVE-2023-4511 BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet...

Medium: mutt

Issue Overview: Null pointer dereference when viewing a specially crafted email in Mutt 1.5.2 1.5.2 2.2.12 CVE-2023-4875 Affected Packages: mutt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being...

Medium: cups

Issue Overview: An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. CVE-2023-32360 Affected Packages: cups Issue...

Important: ghostscript

Issue Overview: Buffer Overflow vulnerability in cljmediasize function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impacts via opening of crafted PDF document. CVE-2020-21890 Affected Packages: ghostscript Note: This...