8850 matches found
Important: kernel
Issue Overview: Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy functions against spectre-v1. CVE-2023-0458 Use After Free vulnerability in Linux kernel traffic control index filter tcindex allow...
Medium: pcs
Issue Overview: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data...
Important: log4j-cve-2021-44228-hotpatch
Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-13 will now explicitly mimic the permissions of the JVM attempting to be updated. Affected Packages: log4j-cve-2021-44228-hotpatch Issue Correction: Run yum update log4j-cve-2021-44228-hotpatch or yu...
Medium: glibc
Issue Overview: In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 A flaw was found in glibc. If an attacker provides the iconv function with invalid...
Medium: python3
Issue Overview: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or...
Medium: curl
Issue Overview: This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' with the '-O' option and '-i' command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely...
Important: java-1.8.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network...
Important: tomcat8
Issue Overview: The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O,...
Important: java-11-amazon-corretto
Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Important: kernel
Issue Overview: A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rdstcp kernel module loaded either through autoload via local process running listen, or manual loading could possibly cause a use after free UAF in which an attacker who is able to...
Important: qemu-kvm
Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...
Medium: php56
Issue Overview: A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or,...
Important: java-1.8.0-openjdk
Issue Overview: Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-473...
Medium: php
Issue Overview: It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been...
Important: unbound
Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...
Important: python
Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Important: oniguruma
Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly i...
Important: vim
Issue Overview: vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service DoS via the exbufferall method. CVE-2021-3236 Use After Free in GitHub repository vim/vim prior to 9.0.1840. CVE-2023-4733 Integer Overflow or Wraparound in GitHub repository...
Medium: openssl11
Issue Overview: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers...
Important: sudo
Issue Overview: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege...
Important: krb5
Issue Overview: Integer overflow vulnerabilities in PAC parsing CVE-2022-42898 Affected Packages: krb5 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update kr...
Medium: microcode_ctl
Issue Overview: Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 A flaw was found in hw. Processor optimization removal or modification...
Important: kernel
Issue Overview: A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...
Medium: mysql56
Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...
Medium: expat
Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...
Important: openssl
Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...
Medium: libxml2
Issue Overview: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956 A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being...
Important: tomcat8
Issue Overview: The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead...
Important: qemu-kvm
Issue Overview: tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. CVE-2019-9824 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in...
Low: python-urllib3
Issue Overview: No CVE associated with this advisory Affected Packages: python-urllib3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-urllib3 or...
Medium: tomcat8
Issue Overview: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack ...
Critical: exim
Issue Overview: Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command.CVE-2019-16928 Affected Packages: exim Issue Correction: Run yum update exim or yu...
Medium: 389-ds-base
Issue Overview: 1693612: 389-ds-base: DoS via hanging secured connections It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to...
Medium: curl
Issue Overview: The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and...
Important: tomcat7
Issue Overview: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener Affected Packages: tomcat7 Issue Correction: Run yum update tomcat7 or yum update...
Medium: kernel
Issue Overview: An integer overflow flaw was found in the i915gemdoexecbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. CVE-2012-2384, Moderate A memory leak flaw was...
Important: golang
Issue Overview: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to...
Medium: curl
Issue Overview: A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. CVE-2023-23914 A flaw was fou...
Medium: zlib
Issue Overview: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader. CVE-2022-37434 Affected Packages: zlib Note: This advisory is...
Important: kernel
Issue Overview: A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space. CVE-2022-0854 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user...
Important: kernel
Issue Overview: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in mutexlock in kernel/locking/mutex.c. This is related to mutexcanspinonowner in kernel/locking/mutex.c,...
Medium: python34, python35, python36
Issue Overview: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or...
Important: kernel
Issue Overview: A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIP...
Important: java-1.8.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Medium: php70
Issue Overview: ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted...
Important: openssl
Issue Overview: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available...
Medium: python26
Issue Overview: An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. It was discovered that multiple Python...
Medium: php55
Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...
Important: java-1.6.0-openjdk
Issue Overview: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check...
Important: java-1.7.0-openjdk
Issue Overview: Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,...