Medium: openssl

Issue Overview: The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the...

Medium: expat

Issue Overview: In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. CVE-2021-46143 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 h...

Medium: httpd24

Issue Overview: An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests. CVE-2022-26377 An out-of-bounds read vulnerability was found in the modisapi module of httpd. The...

Important: zlib

Issue Overview: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated...

Important: kernel

Issue Overview: A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege CAPSYSADMIN or CAPSYSRAWIO to create issues with confidentiality. CVE-2022-0494 An information...

Important: golang

Issue Overview: A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrit...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: Versions of the Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3-5 are affected by a race condition that could lead to a local privilege escalation. The Apache Log4j Hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 o...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: Versions of the Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3-5 are affected by a race condition that could lead to a local privilege escalation. The Apache Log4j Hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 o...

Important: aide

Issue Overview: A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large 16k extended file attributes or ACL. CVE-2021-45417 Affected Packages: aide Iss...

Important: rubygem-nokogiri, rubygem18-nokogiri

Issue Overview: Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue. CVE-2022-24836 Affected Packages: rubygem-nokogiri, rubygem18-nokogiri Issue Correction: Run yum update rubygem-nokogiri or yum update --advisory...

Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Medium: containerd

Issue Overview: A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to...

Medium: containerd

Issue Overview: A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to...

Medium: kernel-livepatch-5.10.102-99.473, kernel-livepatch-5.10.106-102.504, kernel-livepatch-5.10.109-104.500, kernel-livepatch-5.10.112-108.499

Issue Overview: iouring: always use original task when preparing req identity CVE-2022-1786 Affected Packages: kernel-livepatch-5.10.102-99.473, kernel-livepatch-5.10.106-102.504, kernel-livepatch-5.10.109-104.500, kernel-livepatch-5.10.112-108.499 Issue Correction: Please ensure you have live...

Important: gzip

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO CVE-2021-47435 A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local...

Medium: python27

Issue Overview: In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. Wh...

Medium: expat

Issue Overview: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 Affected Packages: expat Issue Correction: Run yum update expat or y...

Medium: git

Issue Overview: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be...

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

Important: python-twisted-conch

Issue Overview: An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server. CVE-2022-21716 Affected Packages: python-twisted-conc...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO CVE-2021-47435 A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. CVE-2022-1015 A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause...

Medium: containerd

Issue Overview: A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to...

Important: kernel

Issue Overview: A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space. CVE-2022-0854 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user...

Important: vim

Issue Overview: A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. CVE-2022-0261 A fl...

Medium: libtiff

Issue Overview: A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy function within the TIFFReadDirectory in tifdirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service...

Critical: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executin...

Medium: openssl

Issue Overview: The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the...

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

Medium: vim

Issue Overview: A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. CVE-2022-0393 A flaw was found in vim. Th...

Medium: microcode_ctl

Issue Overview: A flaw was found in hw. Processor optimization removal or modification of security-critical code for some IntelR processors may potentially allow an authenticated user to enable information disclosure via local access. CVE-2022-21151 A flaw was found in hw. Incomplete cleanup in...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO CVE-2021-47435 A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read...

Medium: python

Issue Overview: In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. Wh...

Critical: xmlrpc-c

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

Critical: openldap

Issue Overview: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of...

Critical: openldap

Issue Overview: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of...

Critical: xmlrpc-c

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

Critical: maven-shared-utils

Issue Overview: org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

Medium: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. CVE-2022-1011 A vulnerability was found in the...

Medium: curl

Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...

Medium: containerd, docker

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

Important: httpd24

Issue Overview: A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. CVE-2022-22719 A flaw was found in...

Important: golang

Issue Overview: An out of bounds read vulnerability was found in golang. When using the archive/zip standard library stdlib and an unexpected file is parsed, it can cause golang to attempt to read outside of a slice array causing a panic in the runtime. A potential attacker can use this...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily...

Important: aws-nitro-enclaves-acm

Issue Overview: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve...

Medium: expat

Issue Overview: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 Affected Packages: expat Note: This advisory is applicable to Amazon...

Low: grub2

Issue Overview: A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted...

Medium: docker, containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...