Important: kernel

Issue Overview: The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code. CVE-2017-18232 The xfsbmapextentstobtree function in fs/xfs/libxfs/xfsbmap.c i...

Low: gettext

Issue Overview: An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt. CVE-2018-18751 Affected Packages: gettext Note: This advisory is applicable to...

Medium: evolution-data-server, evolution-ews

Issue Overview: It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. CVE-2019-3890 Affected...

Medium: poppler

Issue Overview: An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. CVE-2019-10871 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.CVE-2018-21009 The JPXStream::init...

Medium: gnome-shell

Issue Overview: It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. CVE-2019-3820 Affected...

Medium: golang

Issue Overview: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CVE-2020-15586 Affected Packages: golang Note: This advisory is...

Medium: ruby20

Issue Overview: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. CVE-2018-16396 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4...

Important: libxml2

Issue Overview: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library...

Medium: keepalived

Issue Overview: keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data...

Medium: python, python3

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

Medium: dnsmasq

Issue Overview: A flaw was found in the default configuration of dnsmasq, as shipped with Fedora and Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq ...

Medium: python-rsa

Issue Overview: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior...

Medium: python27, python34, python35, python36

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

Medium: python26

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

Important: qemu-kvm

Issue Overview: tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. CVE-2019-9824 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in...

Important: nghttp2

Issue Overview: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The...

Important: git

Issue Overview: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260GHSA-qm7j-c969-7j4q. The fix for that bug still left the door open for an exploit where some credentia...

Low: doxygen

Issue Overview: Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection. CVE-2016-10245 Affected Packages: doxygen Issue Correction: Run yum update doxygen or yum update --advisory ALAS-2020-1412 to...

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Medium: curl

Issue Overview: This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' with the '-O' option and '-i' command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely...

Important: tomcat8

Issue Overview: The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead...

Medium: openvpn

Issue Overview: This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation.CVE-2020-11810 Affected...

Medium: mysql56

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

Important: libxml2

Issue Overview: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library...

Important: qemu

Issue Overview: In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code. CVE-2020-8608 Affected Packages: qemu Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Important: kernel

Issue Overview: An issue where a provided address with accessok is not checked was discovered in i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory...

Important: thunderbird

Issue Overview: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR 68.10, Firefox 78, and Thunderbird 68.10.0. CVE-2020-12418 When processing callbacks that occurred during...

Medium: mailman

Issue Overview: Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2018-0618 An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be...

Low: taglib

Issue Overview: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file. CVE-2018-11439 Affected Packages: taglib Note: This advisory is applicable to Amazon Linux 2...

Medium: microcode_ctl

Issue Overview: A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker...

Medium: qt

Issue Overview: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault...

Important: thunderbird

Issue Overview: Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request,...

Medium: net-snmp

Issue Overview: snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2018-18066 Affected Packages: net-snmp...

Medium: poppler

Issue Overview: The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image files. CVE-2019-11459 Poppler befo...

Important: qemu-kvm

Issue Overview: In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code. CVE-2020-8608 tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMUIRC. This can...

Medium: advancecomp

Issue Overview: In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read. CVE-2019-9210 Affected Packages:...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network acces...

Medium: ntp

Issue Overview: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be ...

Important: kernel

Issue Overview: An issue where a provided address with accessok is not checked was discovered in i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory...

Medium: samba

Issue Overview: A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker...

Medium: libexif

Issue Overview: An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. CVE-2020-13112 Affected Packages: libexif Issue Correction: Run yum update libexif or yum...

Medium: patch

Issue Overview: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVE-2019-13636 Affected Packages: patch Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for t...

Medium: lftp

Issue Overview: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled...

Medium: librabbitmq

Issue Overview: An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could return a malicious frame header that leads to a smaller targetsize...

Medium: cairo

Issue Overview: The fillxrgb32lerpopaquespans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a negative span length. CVE-2016-3190 Affected Packages: cairo Issue Correction: Run yum upda...

Low: file

Issue Overview: The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360 Affected Packages: file Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: transmission

Issue Overview: Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file. CVE-2018-10756 Affected Packages: transmission Issue Correction: Run yum update...

Medium: texlive

Issue Overview: An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips...

Medium: openssl11

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...