Low: ImageMagick

Issue Overview: A flaw was found in ImageMagick, where a division by zero in WaveImage of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability...

Medium: hsqldb

Issue Overview: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. CVE-2023-1183 Affected Packages: hsqldb...

Medium: kernel

Issue Overview: The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Affected Packages: kernel Note: This advisory...

Medium: kernel

Issue Overview: The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Affected Packages: kernel Note: This advisory...

Medium: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible...

Important: php

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: hsqldb

Issue Overview: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. CVE-2023-1183 Affected Packages: hsqldb...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

Important: tigervnc

Issue Overview: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X...

Important: less

Issue Overview: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation als...

Medium: ghostscript

Issue Overview: An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit th...

Medium: ghostscript

Issue Overview: An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit th...

Important: kernel

Issue Overview: An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

Important: java-1.8.0-amazon-corretto

Issue Overview: There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS CVE-2023-52656 In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section CVE-2024-26816 In the Linux kernel,...

Low: bcc

Issue Overview: If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Medium: uriparser

Issue Overview: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an...

Important: tigervnc

Issue Overview: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X...

Medium: golist

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: fdupes

Issue Overview: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. CVE-2022-48682 Affected Packages: fdupes Issue Correction: Run dnf update fdupes --releasever 2023.4.20240528 to update your system. New Packages: aarch64: ...

Important: less

Issue Overview: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation als...

Important: php8.2

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

Important: php8.2

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

Low: bpftrace

Issue Overview: If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Important: less

Issue Overview: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation als...

Medium: oci-add-hooks

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: libreswan

Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Low: bcc

Issue Overview: If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

Low: bpftrace

Issue Overview: If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Important: libtiff

Issue Overview: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

Important: libtiff

Issue Overview: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

Medium: amazon-ecr-credential-helper

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: fdupes

Issue Overview: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. CVE-2022-48682 Affected Packages: fdupes Issue Correction: Run dnf update fdupes --releasever 2023.4.20240528 or dnf update --advisory ALAS2023-2024-633 --releasever...

Low: bcc

Issue Overview: If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Medium: ghostscript

Issue Overview: An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releasever 2023.4.20240528 to upda...

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: libreswan

Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...

Medium: ghostscript

Issue Overview: An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. CVE-2023-52722 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releasever 2023.4.20240528 or dnf...

Medium: oci-add-hooks

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...