Important: kernel

Issue Overview: An issue in the HID driver in the Linux kernel may lead to invalid memory access. CVE-2022-20565 In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in...

Medium: golang

Issue Overview: The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or...

Medium: libxml2

Issue Overview: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956 A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being...

Medium: postgresql95

Issue Overview: PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker...

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multipl...

Medium: audiofile

Issue Overview: The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. CVE-2018-13440 An issue has been discovered in...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. CVE-2020-14390 A flaw was found in the...

Medium: OpenEXR

Issue Overview: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. CVE-2020-11761 An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and...

Medium: bluez

Issue Overview: Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0556 Affected Packages: bluez Note: This advisory is applicable to Amazon Linux 2 A...

Medium: libexif

Issue Overview: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:...

Medium: libtiff

Issue Overview: TIFFCheckMalloc and TIFFCheckRealloc in tifaux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. CVE-2019-14973 tifgetimage.c in...

Medium: freerdp

Issue Overview: In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. CVE-2020-11018 In FreeRDP less than or equal to 2.0.0...

Medium: libsrtp

Issue Overview: Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service crash via vectors related to a length inconsistency in the cryptopolicysetfromprofileforrtp and srtpprotect functions. CVE-2013-2139 The encryption-processing featur...

Important: mariadb

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

Medium: e2fsprogs

Issue Overview: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability...

Medium: fontforge

Issue Overview: An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code. CVE-2020-5395...

Medium: libxslt

Issue Overview: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVE-2019-110...

Medium: spamassassin

Issue Overview: In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. CVE-2019-12420 Affected Packages: spamassassin Note: This advisory is...

Medium: openwsman

Issue Overview: Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to...

Low: libguestfs-winsupport

Issue Overview: An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute...

Medium: qt5-qtbase

Issue Overview: 2023-08-03: CVE-2020-24742 was added to this advisory. Files placed by attacker can influence the working directory and lead to malicious code execution CVE-2020-0569 Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to...

Medium: edk2

Issue Overview: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation IntelR CoreTM, IntelR CeleronR Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. CVE-2019-14558 Memory leak in...

Medium: mailman

Issue Overview: A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts. CVE-2018-0618 An issue was discovered in GN...

Low: exiv2

Issue Overview: An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format CRW images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory...

Medium: expat

Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...

Medium: SDL

Issue Overview: SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMAADPCMnibble in audio/SDLwave.c. CVE-2019-7572 SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside...

Medium: cups

Issue Overview: A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved...

Important: squid

Issue Overview: A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. CVE-2020-15810 A flaw was found ...

Important: spice-gtk

Issue Overview: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that...

Medium: NetworkManager

Issue Overview: A flaw was found in nmcli, where the command-line interface to the NetworkManager did not accept the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and an...

Medium: libssh2

Issue Overview: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive...

Low: mod_auth_openidc

Issue Overview: An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web sit...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string,...

Low: libmspack

Issue Overview: libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after...

Low: tigervnc

Issue Overview: TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process...

Medium: ImageMagick

Issue Overview: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-1000476 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability th...

Medium: ipa

Issue Overview: jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CVE-2015-9251 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is...

Low: libosinfo

Issue Overview: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing...

Low: libsndfile

Issue Overview: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alawarray in alaw.c that will lead to a denial of service. CVE-2018-19662 Affected Packages: libsndfile Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...

Medium: libcroco

Issue Overview: A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability...

Low: evince

Issue Overview: A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service...

Medium: libxml2

Issue Overview: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956 A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being...

Low: libwmf

Issue Overview: No CVE associated with this advisory Affected Packages: libwmf Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update libwmf or yum update...

Low: avahi

Issue Overview: avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service traffic amplification and may cause information leakage by obtaining potentially...

Low: doxygen

Issue Overview: Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection. CVE-2016-10245 Affected Packages: doxygen Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...

Medium: geronimo-jaxrpc

Issue Overview: Liblouis 3.5.0 has a Segmentation fault in loulogPrint in logging.c. CVE-2018-11577 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function...

Medium: openldap

Issue Overview: In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. CVE-2020-12243 Affected Packages: openldap Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Medium: freeradius

Issue Overview: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the...

Medium: samba

Issue Overview: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the...