Medium: python3

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 1...

Medium: systemd

Issue Overview: An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service. CVE-2022-3821 Affected Packages: systemd...

Important: kernel

Issue Overview: In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

Important: device-mapper-multipath

Issue Overview: multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to loc...

Important: libtiff

Issue Overview: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of...

Important: libksba

Issue Overview: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

Important: libtiff

Issue Overview: A flaw was found in libtiffs tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop to cause a crash or, in some cases, further exploitation. CVE-2022-2867 Affected...

Medium: zlib

Issue Overview: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader. CVE-2022-37434 Affected Packages: zlib Issue Correction: Run yum...

Medium: curl

Issue Overview: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT...

Important: rsync

Issue Overview: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated...

Important: vim

Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVE-2022-3520 Use After Free in GitHub repository vim/vim prior to 9.0.0789. CVE-2022-3591 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuff...

Low: openjpeg2

Issue Overview: A flaw was found in the opj2decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation...

Important: libksba

Issue Overview: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

Important: pcs

Issue Overview: A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. CVE-2022-30122 A flaw was found in ruby gem-rack. This flaw allows a malicious actor t...

Important: libbpf

Issue Overview: A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btfdumpnamedups of the file tools/lib/bpf/btfdump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifi...

Important: git

Issue Overview: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and targ...

Important: expat

Issue Overview: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Important: thunderbird

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...

Important: git

Issue Overview: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and targ...

Important: rubygem-nokogiri

Issue Overview: A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability...

Medium: e2fsprogs

Issue Overview: An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304 Affected Packages: e2fsprogs Note: This advisory is applicable to Amazon Linux 2 AL2...

Important: libtiff

Issue Overview: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of...

Medium: util-linux

Issue Overview: A flaw was found in the Linux kernel's util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error...

Medium: curl

Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...

Important: kernel

Issue Overview: In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

Important: python36

Issue Overview: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Affected...

Medium: kernel

Issue Overview: drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case. CVE-2022-40768 Affected Packages: kernel Note: This advisory is applicable to Amazon...

Important: kernel

Issue Overview: A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function securityinodealloc to fail with following call to function nilfsmdtdestroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the...

Important: kernel

Issue Overview: A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function securityinodealloc to fail with following call to function nilfsmdtdestroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the...

Important: dbus

Issue Overview: A flaw was found in dbus. The implementation of DBUSCOOKIESHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a /.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations...

Important: rsync

Issue Overview: A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases,...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. CVE-2022-322...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules CVE-2021-47103 A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function securityinodealloc to fail with following call to...

Important: expat

Issue Overview: A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some...

Important: libtiff

Issue Overview: A flaw was found in libtiffs tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop to cause a crash or, in some cases, further exploitation. CVE-2022-2867 libtiff's...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

Medium: dhcp

Issue Overview: An integer overflow vulnerability was found in the DHCP server. When the "optioncodehashlookup" function is called from "addoption", it increases the option's "refcount" field. However, there is not a corresponding call to "optiondereference" to decrement the "refcount" field. The...

Medium: pcre2

Issue Overview: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not full...

Important: kernel

Issue Overview: A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory i...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization SEV. CVE-2022-0171 A...

Medium: java-1.8.0-amazon-corretto

Issue Overview: 2023-05-11: CVE-2022-21618 and CVE-2022-39399 have changed status to NOT AFFECTED for this package and have been removed from this advisory. Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and iouring. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-2602 A flaw was found in hw. The unprotected alternative channel of return bran...

Medium: glibc

Issue Overview: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potential...

Important: go-rpm-macros

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang-googlecode-net

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Low: vim

Issue Overview: A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened in vim. CVE-2022-2257 A heap buffer overflow vulnerability was found in Vim's inc...

Important: golang-github-kr-pty

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Important: golang-googlecode-sqlite

Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...

Low: vim

Issue Overview: A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened in vim. CVE-2022-2257 A heap buffer overflow vulnerability was found in Vim's inc...

Medium: java-11-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...