Low: python34

Issue Overview: The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of...

Medium: ruby19, ruby21

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

Low: libtirpc

Issue Overview: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefdxprt was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could...

Critical: php

Issue Overview: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

Medium: kernel

Issue Overview: Missing length check of payload in net/sctp/smmakechunk.c:sctpmakechunk function allows denial of service: An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

Low: php54

Issue Overview: A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language XSL transformations using untrusted XSLT files and allowed the use of PHP functions to be...

Important: openssl11

Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...

Medium: python27

Issue Overview: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 Affected Packages: python27 Issue Correction: Run yum update python27 or yum updat...

Important: sudo

Issue Overview: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, an...

Important: nss, nss-softokn, nss-util, nspr

Issue Overview: A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the...

Important: qemu

Issue Overview: ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-14378 Affected Packages: qemu Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Medium: python27, python34, python35, python36

Issue Overview: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on th...

Medium: poppler

Issue Overview: XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in...

Important: postgresql95

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

Important: kernel

Issue Overview: CVE-2016-8645 kernel: a BUG statement can be hit in net/ipv4/tcpinput.c It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcpfastopen; set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls leading to a possible system...

Medium: kernel

Issue Overview: A use after free vulnerability was found in tcpxmitretransmitqueue and other tcp functions. Affected Packages: kernel Issue Correction: Run yum update kernel or yum update --advisory ALAS-2016-740 to update your system. New Packages: i686: kernel-devel-4.4.19-29.55.amzn1.i686...

Important: openssl

Issue Overview: A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This...

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

Medium: httpd

Issue Overview: It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make...

Medium: httpd

Issue Overview: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 HTTP Response splitting in multiple modules in Apache HTTP Server allows an...

Important: bind

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

Medium: expat

Issue Overview: In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. CVE-2021-46143 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 h...

Important: nghttp2

Issue Overview: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The...

Medium: python

Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with netwo...

Important: postgresql93, postgresql94

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...

Medium: kernel

Issue Overview: An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task...

Important: linux-firmware

Issue Overview: Speculative execution branch target injection An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ ...

Critical: dnsmasq

Issue Overview: Information leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data...

Medium: kernel

Issue Overview: The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area. CVE-2016-3961 / XSA-174 A flaw was found in the way the Linux kernel's...

Important: php54

Issue Overview: A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer...

Medium: php55

Issue Overview: Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of...

Medium: php

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the...

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

Important: golang

Issue Overview: An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with xml.NewTokenDecoder it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with...

Important: tomcat8

Issue Overview: A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled...

Important: glibc

Issue Overview: A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. CVE-2019-25013 Affected...

Important: kernel

Issue Overview: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c,...

Medium: expat

Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...

Medium: python3

Issue Overview: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or...

Medium: curl

Issue Overview: This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' with the '-O' option and '-i' command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely...

Medium: python27

Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...

Medium: python-pip

Issue Overview: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store...

Important: ruby20, ruby21, ruby24

Issue Overview: An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.CVE-2019-8322 An issue was discovered in RubyGems. Gem::GemcutterUtilitieswithresponse...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

Low: nvidia

Issue Overview: NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. CVE-2018-6260 Affected...

Medium: openssl

Issue Overview: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believe...

Important: httpd

Issue Overview: A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cau...

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

Important: sudo

Issue Overview: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege...