Medium: python3

Issue Overview: An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Affected Packages: python3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindexsetparms CVE-2022-50396 Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy...

Medium: audiofile

Issue Overview: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn...

Important: nss

Issue Overview: firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 Affected Packages: nss Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction...

Important: kernel

Issue Overview: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L...

Low: vim

Issue Overview: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1127 Affected Packages: vim Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run...

Important: aws-nitro-enclaves-cli

Issue Overview: Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 ...

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

Low: ghostscript

Issue Overview: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVE-2019-25059 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Important: sssd

Issue Overview: A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented...

Important: kernel

Issue Overview: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 A...

Important: bind

Issue Overview: A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a...

Medium: openjpeg

Issue Overview: A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG. CVE-2021-3575 Affected Packages: openjpeg Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: gstreamer1-plugins-base

Issue Overview: A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability. CVE-2021-3522 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

Important: kernel

Issue Overview: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM L0 advertising eIBRS support to L1. An attacker at L...

Medium: xdg-utils

Issue Overview: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches...

Important: kernel

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

Important: lighttpd

Issue Overview: In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

Important: xorg-x11-server

Issue Overview: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X...

Important: kernel

Issue Overview: Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy functions against spectre-v1. CVE-2023-0458 Use After Free vulnerability in Linux kernel traffic control index filter tcindex allow...

Important: kernel

Issue Overview: Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

Important: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. CVE-2023-0288 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. CVE-2023-0433 Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. CVE-2023-0512 Divide By Zero in GitHub...

Important: httpd24

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

Important: python-lxml

Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...

Medium: freeradius

Issue Overview: When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

Important: kernel-livepatch-5.10.162-141.675

Issue Overview: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. CVE-2023-0179 Affected...

Medium: git

Issue Overview: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git...

Important: kernel-livepatch-5.10.155-138.670

Issue Overview: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. CVE-2023-0179 Affected...

Important: kernel-livepatch-5.10.157-139.675

Issue Overview: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. CVE-2023-0179 Affected...

Important: batik

Issue Overview: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

Important: cifs-utils

Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 Affected Packages: cifs-utils Issue Correction: Run yum update cifs-utils or yum update --advisory...

Medium: ImageMagick

Issue Overview: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file,...

Medium: freeradius

Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...

Important: thunderbird

Issue Overview: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted messa...

Important: batik

Issue Overview: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

Medium: git

Issue Overview: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git...

Medium: curl

Issue Overview: A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. CVE-2023-23914 A flaw was fou...

Medium: ImageMagick

Issue Overview: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file,...

Important: sudo

Issue Overview: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege...

Medium: qt5-qtsvg

Issue Overview: Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and QPathClipper::intersect. CVE-2021-45930 Affected Packages: qt5-qtsvg Note: This advisory is applicable to Amazon Lin...

Medium: cpio

Issue Overview: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the ...

Low: cifs-utils

Issue Overview: A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. CVE-2022-29869 Affected...

Medium: qt5-qtbase

Issue Overview: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke. CVE-2021-38593 Affected Packages: qt5-qtbase Note: This advisory is applicable to Amazon Linux 2 AL2 Core repositor...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

Medium: python2-setuptools

Issue Overview: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Affected Packages:...

Medium: protobuf

Issue Overview: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...