Download
| Alert*
|
oval:org.secpod.oval:def:1600870
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer hand ... oval:org.secpod.oval:def:1601220 An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. A NULL po ... oval:org.secpod.oval:def:1601227 The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. oval:org.secpod.oval:def:1600932 A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. oval:org.secpod.oval:def:1600841 Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cA stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus ... oval:org.secpod.oval:def:1600895 It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of ... oval:org.secpod.oval:def:1601334 A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after ... oval:org.secpod.oval:def:1601359 TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by ... oval:org.secpod.oval:def:1601252 Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service via a Link State Update packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header ... oval:org.secpod.oval:def:1601251 Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user ru ... oval:org.secpod.oval:def:1601271 A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. Two memory leak flaws ... oval:org.secpod.oval:def:1600738 A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory oval:org.secpod.oval:def:1601231 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support.A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbi ... oval:org.secpod.oval:def:1601222 Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the ... oval:org.secpod.oval:def:1200123 A buffer overflow flaw was found in the way t1utils processed, for example, certain PFB files. An attacker could use this flaw to potentially execute arbitrary code by tricking a user into processing a specially crafted PFB file with t1utils. oval:org.secpod.oval:def:1200150 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client.A NULL pointer dereference flaw was found in TigerVNC"s X ... oval:org.secpod.oval:def:1600878 Failure to handle errors when attempting to drop group privilegesmod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors oval:org.secpod.oval:def:1601340 Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service via format string specifiers in a YAML stream to the Load function, YAML node to the load_node function, YAML mapping to the ... oval:org.secpod.oval:def:1601281 Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application oval:org.secpod.oval:def:1601223 Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to m ... oval:org.secpod.oval:def:1600983 NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector oval:org.secpod.oval:def:1600462 A possible heap overflow was discovered in the EscapeParenthesis function .Various issues were found in the processing of SVG files in GraphicsMagick .The TIFF reader had a bug pertaining to use of TIFFGetField when a "count" value is returned. The bug caused a heap read overflow which could allow ... oval:org.secpod.oval:def:1601345 A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default oval:org.secpod.oval:def:1601219 A use-after-free flaw was found in the way Openswan"s pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. oval:org.secpod.oval:def:1601301 The release notes for Cacti 0.8.7i indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. oval:org.secpod.oval:def:1601232 The release notes for Cacti 0.8.7h indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. oval:org.secpod.oval:def:1600873 This is an update fixeing dec64table OOB read in b64decode. oval:org.secpod.oval:def:1600874 This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost.This update adds the OCSPaia option to ... oval:org.secpod.oval:def:1600471 It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AMI derived from a pr ... oval:org.secpod.oval:def:1601348 It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. oval:org.secpod.oval:def:1600743 A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450 , where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system oval:org.secpod.oval:def:1600766 New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon"s umask. oval:org.secpod.oval:def:1600769 The default umask value is set to 022 to address a privilege escalation security vulnerability. oval:org.secpod.oval:def:1600385 As reported upstream, various classes in the functor collection are serialization and use reflection, which could result in arbitrary code execution if objects from untrusted sources are de-serialized. oval:org.secpod.oval:def:1601235 This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure .It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA"s root certificate from the ca-certificates package, ren ... oval:org.secpod.oval:def:1601221 It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Dig ... oval:org.secpod.oval:def:1601010 Due to a problem with the configuration of kernels 3.10.34-37 and 3.10.34-38 and their interaction with the authentication modules stack, the sshd daemon which is part of the openssh package will no longer allow remote logins following a restart of the sshd service.There are two permanant fixes for ... oval:org.secpod.oval:def:1200001 Amazon Linux AMI is installed oval:org.secpod.oval:def:1200181 An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which is ... oval:org.secpod.oval:def:1601307 The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering capability TLV in an OPEN message. oval:org.secpod.oval:def:1601240 A NULL pointer dereference flaw was found in the way Openswan"s pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. oval:org.secpod.oval:def:1200124 A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user"s system. oval:org.secpod.oval:def:1600902 It was discovered that Ant#039;s unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant. oval:org.secpod.oval:def:1600858 Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext:lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data ... oval:org.secpod.oval:def:1600885 Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation can result in code execution. This attack appear to be exploitable via a patch file processed via th ... oval:org.secpod.oval:def:1601363 Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a ... oval:org.secpod.oval:def:1601336 A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in "/etc/dhcp/dhcpd.conf". A remote attacker could use this flaw to crash dhcpd oval:org.secpod.oval:def:1601258 Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.The change_user method in the SUIDManager in P ... oval:org.secpod.oval:def:1601244 A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request oval:org.secpod.oval:def:1601246 Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP or Berkeley Database back end. A remote attacker could use these flaws to crash the KDC oval:org.secpod.oval:def:1601274 Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than ... oval:org.secpod.oval:def:1601275 An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests . A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administ ... oval:org.secpod.oval:def:1600741 possible OP-TEE Bleichenbacher attack:The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public ... oval:org.secpod.oval:def:1600322 The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request. oval:org.secpod.oval:def:1600339 ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service via an invalid length field in a UDP IPv4 packet. oval:org.secpod.oval:def:1601233 The Net::HTTPS module in libwww-perl before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof server ... oval:org.secpod.oval:def:1601225 Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. An input sanitization flaw was found in the X.Org Render extension. A malicious, auth ... oval:org.secpod.oval:def:1601310 Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. oval:org.secpod.oval:def:1601332 The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. oval:org.secpod.oval:def:1601319 Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. oval:org.secpod.oval:def:1200161 A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal"s long-term key. This ciphertext could be used to conduct an off-line dictionary attack ag ... oval:org.secpod.oval:def:1601024 A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on ... oval:org.secpod.oval:def:1600819 Unsanitized input when searching in local cache databaseIt was found that sssd#039;s sysdb_search_user_by_upn_res function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given us ... oval:org.secpod.oval:def:1600830 Double free in csnmp_read_table function in snmp.c:The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash oval:org.secpod.oval:def:1600393 A double-free bug was discovered in pngcrush"s handling of the sPLT chunk. A malicious PNG could crash the pngcrush process oval:org.secpod.oval:def:1600838 Heap-based buffer overflow in mspack/lzxd.c:mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file.The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remo ... oval:org.secpod.oval:def:1601299 A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of t ... oval:org.secpod.oval:def:1601261 Multiple cross-site scripting vulnerabilities in config.c in config.cgi in Nagios 3.2.3 and Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an command action or a hosts action. oval:org.secpod.oval:def:1601349 Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. oval:org.secpod.oval:def:1200000 A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. oval:org.secpod.oval:def:1601247 A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. oval:org.secpod.oval:def:1601309 PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. oval:org.secpod.oval:def:1600953 It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service. oval:org.secpod.oval:def:1601277 A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw ... oval:org.secpod.oval:def:1601326 This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full ... oval:org.secpod.oval:def:1601290 A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts ... oval:org.secpod.oval:def:1600849 It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. oval:org.secpod.oval:def:1600411 A heap-based buffer overflow flaw was found in the tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim"s system oval:org.secpod.oval:def:1601249 Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service or possibly have unspecified other impact via a long response. oval:org.secpod.oval:def:1600811 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ... oval:org.secpod.oval:def:1600812 Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the inv ... oval:org.secpod.oval:def:1601324 A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response oval:org.secpod.oval:def:1600805 include/global_session.php in Cacti 1.1.25 has XSS related to the URI or the refresh page oval:org.secpod.oval:def:1600860 Heap-based buffer overflow in mspack/lzxd.cmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file. Out-of-bounds access in the PDF parser A VMSF_DELTA memory corruption was ... oval:org.secpod.oval:def:1600940 A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. oval:org.secpod.oval:def:1601330 Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MP4 file. oval:org.secpod.oval:def:1601328 It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. ... oval:org.secpod.oval:def:1601262 RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. oval:org.secpod.oval:def:1600989 do_bid_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printf and file_vprintf. do_core_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360 . do_core_note in readelf.c in libm ... oval:org.secpod.oval:def:1601308 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the appli ... oval:org.secpod.oval:def:1601351 Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. in a node name. ... oval:org.secpod.oval:def:1600311 The template and inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. oval:org.secpod.oval:def:1600754 FILE buffer read out of bounds TFTP sends more than buffer size URL globbing out of bounds read oval:org.secpod.oval:def:1600975 _XcursorThemeInherits in library.c in libXcursor allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow oval:org.secpod.oval:def:1601362 Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. oval:org.secpod.oval:def:1600931 A denial of service flaw was discovered in bind versions that include the "deny-answer-aliases" feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition. oval:org.secpod.oval:def:1600865 Authentication bypass in transport.pytransport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed befor ... oval:org.secpod.oval:def:1600804 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution oval:org.secpod.oval:def:1601265 It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in ... oval:org.secpod.oval:def:1601054 It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one. oval:org.secpod.oval:def:1601114 FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation oval:org.secpod.oval:def:1600951 There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack.The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service via a crafted PDF file, a ... oval:org.secpod.oval:def:1601306 A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the pri ... oval:org.secpod.oval:def:1601026 Exim allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker oval:org.secpod.oval:def:1601305 Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrenc ... oval:org.secpod.oval:def:1601325 Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrenc ... oval:org.secpod.oval:def:1600976 set_file_metadata in xattr.c in GNU Wget stores a file#039;s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This also applies ... oval:org.secpod.oval:def:1600993 A buffer overflow vulnerability was found in GNU Wget. An attacker may be able to cause a denial-of-service or may execute an arbitrary code oval:org.secpod.oval:def:1600992 A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine oval:org.secpod.oval:def:1600966 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. oval:org.secpod.oval:def:1601373 An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex oval:org.secpod.oval:def:1600833 Mishandling layers of tree objectsGit through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its ... oval:org.secpod.oval:def:1600881 Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attackerAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP se ... oval:org.secpod.oval:def:1600863 Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of serviceIn PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing ... oval:org.secpod.oval:def:1600861 Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service:In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsin ... oval:org.secpod.oval:def:1601295 A denial of service flaw was found in the way the OpenLDAP server daemon processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to cras ... oval:org.secpod.oval:def:1600424 Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r character in conjunction with multiple Content-Length headers in an HTTP request oval:org.secpod.oval:def:1601250 An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past.All OpenSSL users should upgrade to these updated packages, which con ... oval:org.secpod.oval:def:1600802 Arbitrary code execution during go get or go get -d:Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git r ... oval:org.secpod.oval:def:1600956 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one chara ... oval:org.secpod.oval:def:1600964 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module if the 'http2' option of the 'listen' directive is used in a configuration f ... oval:org.secpod.oval:def:1600832 Transmission relies on X-Transmission-Session-Id for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack oval:org.secpod.oval:def:1600848 Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely oval:org.secpod.oval:def:1600840 Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ... oval:org.secpod.oval:def:1600930 The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an ... oval:org.secpod.oval:def:1600868 Buffer overflow in dhclient possibly allowing code execution triggered by malicious serverAn out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client mach ... oval:org.secpod.oval:def:1600864 Vorbis audio processing out of bounds write:An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code oval:org.secpod.oval:def:1600893 A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains. oval:org.secpod.oval:def:1600854 Unsafe object deserialization through YAML formatted gem specifications:A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in th ... oval:org.secpod.oval:def:1600822 Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ... oval:org.secpod.oval:def:1600818 Use-after-free in receive_msg function via vectors involving BDAT commandsThe receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving BDAT commands. Infinite loop and stack exhaus ... oval:org.secpod.oval:def:1601370 A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server cou ... oval:org.secpod.oval:def:1600843 Out-of-bounds read in code handling HTTP/2 trailers:libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTT ... oval:org.secpod.oval:def:1600871 FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ... oval:org.secpod.oval:def:1600808 IMAP FETCH response out of bounds read:A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application oval:org.secpod.oval:def:1600950 curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently ... oval:org.secpod.oval:def:1601282 A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1 , could cause the application to crash oval:org.secpod.oval:def:1600320 Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service vi ... oval:org.secpod.oval:def:1600304 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service via multiple request that are refused based on the sourceport, lowport, range, or tcpwrap restrictions. oval:org.secpod.oval:def:1200047 A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running i ... oval:org.secpod.oval:def:1200065 Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse ... oval:org.secpod.oval:def:1200165 Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. oval:org.secpod.oval:def:1200080 Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. oval:org.secpod.oval:def:1200049 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." oval:org.secpod.oval:def:1200033 Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a full pathname or .. in an archive. oval:org.secpod.oval:def:1601285 A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server manag ... oval:org.secpod.oval:def:1600381 A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response. oval:org.secpod.oval:def:1200097 ClamAV before 0.98.7 allows remote attackers to cause a denial of service via a crafted y0da cryptor file. ClamAV before 0.98.7 allows remote attackers to cause a denial of service via a crafted xz archive file. ClamAV before 0.98.7 allows remote attackers to cause a denial of service via a craft ... oval:org.secpod.oval:def:1200155 Upstream reported a vulnerability in the Zend\Mail component in Zend Framework 2, specifically in how it handles headers. Headers are not correctly filtered for newlines, allowing the ability to send additional, unrelated headers and to bypass additional headers by emitting the header/body separator ... oval:org.secpod.oval:def:1200035 It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system. oval:org.secpod.oval:def:1200074 A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. oval:org.secpod.oval:def:1200009 A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. oval:org.secpod.oval:def:1200017 As discussed upstream, libcurl can wrongly send HTTP credentials when re-using connections. Also discussed upstream, libcurl can get tricked by a malicious SMB server to send off data it did not intend to oval:org.secpod.oval:def:1200026 RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in ... oval:org.secpod.oval:def:1200060 RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in ... oval:org.secpod.oval:def:1200054 RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in ... oval:org.secpod.oval:def:1200073 As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers and Double Content-length headers in a request does not generate a 400 error, the second Content-length is i ... oval:org.secpod.oval:def:1601074 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.In Apache Subversion versions up to and including 1.9.10 ... oval:org.secpod.oval:def:1200016 Ganglia-web auth can be bypassed using boolean serialization . oval:org.secpod.oval:def:1200069 Cross-site scripting vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. oval:org.secpod.oval:def:1600356 It was found that python-rsa is vulnerable to Bleichenbacher"06 attack, allowing attacker to fake signatures for any public key with low exponent oval:org.secpod.oval:def:1600335 The remove_chunked_transfer_coding function allows remote attackers to cause a denial of service via crafted chunk-encoded content. The client_host function in parsers.c allows remote attackers to cause a denial of service via an empty HTTP Host header oval:org.secpod.oval:def:1600347 The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015 oval:org.secpod.oval:def:1600359 It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, whi ... oval:org.secpod.oval:def:1600329 An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop ... oval:org.secpod.oval:def:1600478 A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when opened. oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. oval:org.secpod.oval:def:1600409 SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter oval:org.secpod.oval:def:1600371 It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuratio ... oval:org.secpod.oval:def:1600451 It was discovered that lighttpd class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. oval:org.secpod.oval:def:1600042 The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. oval:org.secpod.oval:def:1600043 The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service via crafted multigraph data.Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service via a plugin that uses "multigraph" as a ... oval:org.secpod.oval:def:1600049 A virtual host confusion issue was found in nginx, allowing HTTPS connections for one origin to be redirected to the virtual host of a different origin. This leads to a variety of issues, such as cookie theft and session hijacking. It could be triggered from a cross-site scripting flaw, tricking a u ... oval:org.secpod.oval:def:1600046 Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service via a long server name in the PROXY-CONNECT address in the command line. oval:org.secpod.oval:def:1600033 libcurl wrongly allows cookies to be set for TLDs, thus making them much broader then they are supposed to be allowed to. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.By not detecting and rejecting domain names for partial literal ... oval:org.secpod.oval:def:1600034 clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service as demonstrated by the jwplayer.js file. oval:org.secpod.oval:def:1600032 A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the user ... oval:org.secpod.oval:def:1600036 Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container"s processes, potent ... oval:org.secpod.oval:def:1600066 It was discovered that perltidy"s make_temporary_filename function insecurely created temporary files via the use of the tmpnam function. A local attacker could use this flaw to perform a symbolic link attack. oval:org.secpod.oval:def:1600067 Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XcupGetReservedColormapEntries, XcupStoreColors, XdbeGetVisualInfo, XeviGetVisualInfo, XShapeGetRectangles, and XSyncListS ... oval:org.secpod.oval:def:1600065 Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. oval:org.secpod.oval:def:1600068 A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash oval:org.secpod.oval:def:1600069 It was reported that the cmdmon protocol implemented in chrony was found to be vulnerable to DDoS attacks using traffic amplification. By default, commands are allowed only from localhost, but it"s possible to configure chronyd to allow commands from any address. This could allow a remote attacker t ... oval:org.secpod.oval:def:1600056 It was reported that Python built-in _json module have a flaw , which allows a local user to read current process" arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring ... oval:org.secpod.oval:def:1600050 Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Multiple d ... oval:org.secpod.oval:def:1600086 The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. oval:org.secpod.oval:def:1600085 Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which trigg ... oval:org.secpod.oval:def:1600081 The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.Heap-based buffer ov ... oval:org.secpod.oval:def:1600074 Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image file. oval:org.secpod.oval:def:1600072 It was reported that Python built-in _json module have a flaw , which allows a local user to read current process" arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring ... oval:org.secpod.oval:def:1600079 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hija ... oval:org.secpod.oval:def:1600099 The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service via crafted multigraph data. Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service via a plugin that uses "multigraph" as ... oval:org.secpod.oval:def:1600097 Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service via an invalid salt or, when FIPS-140 is enabled, a DES or MD5 encr ... oval:org.secpod.oval:def:1600095 An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, ... oval:org.secpod.oval:def:48373 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:48371 The autofs service should be disabled if possible. oval:org.secpod.oval:def:48372 Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately. oval:org.secpod.oval:def:48370 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:48377 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:48378 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:48375 The nfs service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48376 The rpcsvcgssd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48382 The vsftpd service should be disabled if possible. oval:org.secpod.oval:def:48380 The named service should be disabled if possible. oval:org.secpod.oval:def:48389 The httpd service should be disabled if possible. oval:org.secpod.oval:def:48395 Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48393 Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48394 Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48391 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:48392 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:48399 Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48397 Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48398 Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48328 The saslauthd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48329 The smartd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48330 The sysstat service should be disabled if possible. oval:org.secpod.oval:def:48335 The atd service should be disabled if possible. oval:org.secpod.oval:def:48336 The sshd service should be disabled if possible. oval:org.secpod.oval:def:48333 The crond service should be enabled if possible. oval:org.secpod.oval:def:48339 The avahi-daemon service should be disabled if possible. oval:org.secpod.oval:def:48340 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:48341 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate. oval:org.secpod.oval:def:48348 The dhcpd service should be disabled if possible. oval:org.secpod.oval:def:48346 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ... oval:org.secpod.oval:def:48347 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ... oval:org.secpod.oval:def:48344 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48345 The cups service should be disabled if possible. oval:org.secpod.oval:def:48342 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:48351 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:48352 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:48350 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48358 The postfix service should be enabled if possible. oval:org.secpod.oval:def:48355 The ntpd service should be enable or disable as appropriate. oval:org.secpod.oval:def:48354 DHCP configuration should be static for all interfaces. oval:org.secpod.oval:def:48362 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:48368 The netfs service should be disabled if possible. oval:org.secpod.oval:def:48369 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate. oval:org.secpod.oval:def:48366 The rpcgssd service should be disabled if possible. oval:org.secpod.oval:def:48367 The rpcidmapd service should be disabled if possible. oval:org.secpod.oval:def:48365 The nfslock service should be disabled if possible. oval:org.secpod.oval:def:48409 mod_ssl package installation should be configured appropriately. oval:org.secpod.oval:def:48408 Restrict Web Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48405 Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48406 Restrict Root Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48412 Directory permissions for /etc/httpd/conf/ should be set as appropriate. oval:org.secpod.oval:def:48413 The /etc/httpd/conf/* files should have the appropriate permissions. oval:org.secpod.oval:def:48411 Directory permissions for /var/log/httpd should be set appropriately. oval:org.secpod.oval:def:48426 The snmpd service should be disabled if possible. oval:org.secpod.oval:def:48423 The squid service should be disabled if possible. oval:org.secpod.oval:def:48421 The Samba (SMB) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48428 Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48440 Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately. oval:org.secpod.oval:def:48447 The SELinux state should be set appropriately. oval:org.secpod.oval:def:48448 Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48446 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". oval:org.secpod.oval:def:48403 The HTTPD Proxy Module Support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48404 Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48401 Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48402 Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48400 Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:1600000 Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2 ... oval:org.secpod.oval:def:1600008 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escal ... oval:org.secpod.oval:def:1600003 The Zend_Ldap class in Zend before 1.12.9 and Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. The 1.12.9, 2.2.8, and 2.3.3 releases of the Zend Fra ... oval:org.secpod.oval:def:1600022 Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory. oval:org.secpod.oval:def:1600023 Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service vi ... oval:org.secpod.oval:def:1600020 Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. oval:org.secpod.oval:def:1600027 The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses, as discussed in http://framework.zend.com/security/advisory/ZF2014-04. oval:org.secpod.oval:def:1600024 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. oval:org.secpod.oval:def:1600017 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. oval:org.secpod.oval:def:1600013 It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, w ... oval:org.secpod.oval:def:48495 The yum-updatesd service should be disabled oval:org.secpod.oval:def:48492 Verify which group owns the /boot/grub/menu.lst file. oval:org.secpod.oval:def:48499 The abrtd service should be disabled if possible. oval:org.secpod.oval:def:48496 The '/boot/grub/menu.lst' file should be owned by appropriate User. oval:org.secpod.oval:def:48459 The ability for users to perform interactive startups should be disabled. oval:org.secpod.oval:def:48452 Configure the system to notify users of last logon/access using pam_lastlog. oval:org.secpod.oval:def:48461 The pcscd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48462 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. oval:org.secpod.oval:def:48466 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:48478 The bluetooth service should be disabled if possible. oval:org.secpod.oval:def:48480 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. oval:org.secpod.oval:def:48537 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48542 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:48543 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:48500 Ensure all yum repositories utilize signature checking. oval:org.secpod.oval:def:48513 The file /etc/pam.d/system-auth should not contain the nullok option oval:org.secpod.oval:def:48512 System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately. oval:org.secpod.oval:def:48520 File permissions for '/boot/grub/menu.lst' should be set appropriate. oval:org.secpod.oval:def:1600287 Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service via a crafte ... oval:org.secpod.oval:def:1600282 Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. oval:org.secpod.oval:def:1600289 Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited ut ... oval:org.secpod.oval:def:1600275 The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child ... oval:org.secpod.oval:def:1600274 Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point val ... oval:org.secpod.oval:def:1600271 nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. oval:org.secpod.oval:def:1600272 A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones . If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default oval:org.secpod.oval:def:1600278 Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. oval:org.secpod.oval:def:1600293 Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. oval:org.secpod.oval:def:1600204 java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications i ... oval:org.secpod.oval:def:1600205 Due to the way the pam_ssh_agent_auth PAM module was built, the glibc"s error function was called rather than the intended error function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_a ... oval:org.secpod.oval:def:1600200 Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the drp_action parameter to cdef.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, graph_templates.php, graphs.php, host.php, or host_t ... oval:org.secpod.oval:def:1600201 DL and Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. oval:org.secpod.oval:def:1600220 A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure oval:org.secpod.oval:def:1600227 This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. oval:org.secpod.oval:def:1600210 A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbin ... oval:org.secpod.oval:def:1600218 The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header. oval:org.secpod.oval:def:1600215 Cross-site scripting vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. oval:org.secpod.oval:def:1600211 Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point val ... oval:org.secpod.oval:def:1600244 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. oval:org.secpod.oval:def:1600245 http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service and obtain sensitive information from worker process memory via a crafted proxy response, a similar vu ... oval:org.secpod.oval:def:1600230 It was found that a Certificate Authority mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signi ... oval:org.secpod.oval:def:1600235 snmp.php and rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Multiple SQL injection vulnerabilities in api_poller.php and utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL comman ... oval:org.secpod.oval:def:1600236 It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outs ... oval:org.secpod.oval:def:1600265 Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash. oval:org.secpod.oval:def:1600262 It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the "@" character. An attacker able to submit search queries to the 389 Directory Server could caus ... oval:org.secpod.oval:def:1600261 This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. oval:org.secpod.oval:def:1600268 This update fixes several vulnerabilities in the MySQL database server. oval:org.secpod.oval:def:1600269 A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request oval:org.secpod.oval:def:1600254 A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd"s configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash oval:org.secpod.oval:def:1600252 Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user could have been tricked into overwriting arbitrary files or leaking information via a symbolic ... oval:org.secpod.oval:def:1600257 scipy: weave /tmp and current directory issues oval:org.secpod.oval:def:1600258 The Zend_Feed_Rss and Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service via an XML External Entity attack. oval:org.secpod.oval:def:1600255 The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service via a certain COPY, DELETE, or MOVE request against a revision root. oval:org.secpod.oval:def:1600154 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. oval:org.secpod.oval:def:1600153 Cross-site request forgery vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that modify binary files, modify configurations, or add arbitrary users. Cross-site scripting vulnera ... oval:org.secpod.oval:def:1600157 Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. oval:org.secpod.oval:def:1600187 A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running Ima ... oval:org.secpod.oval:def:1600188 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service via a small control channel packet. oval:org.secpod.oval:def:1600186 The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging ... oval:org.secpod.oval:def:1600181 It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. oval:org.secpod.oval:def:1600173 Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. oval:org.secpod.oval:def:1600171 Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. oval:org.secpod.oval:def:48294 Audit rules about the Information on the Use of Privileged Commands are enabled oval:org.secpod.oval:def:48291 Audit rules should be configured to log successful and unsuccessful logon and logout events. oval:org.secpod.oval:def:48298 The xinetd service should be disabled if possible. oval:org.secpod.oval:def:1600198 The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. oval:org.secpod.oval:def:1600199 Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. oval:org.secpod.oval:def:1600197 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. in the PAM_RUSER value to the get_ruser function or PAM_TTY value to the check_tty funtion, whic ... oval:org.secpod.oval:def:1600194 The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. oval:org.secpod.oval:def:48253 The rsyslog service should be enabled if possible. oval:org.secpod.oval:def:48259 Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ... oval:org.secpod.oval:def:48261 Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately. oval:org.secpod.oval:def:48262 The auditd service should be enabled if possible. oval:org.secpod.oval:def:48260 Check if SplitHosts line in logwatch.conf is set appropriately. oval:org.secpod.oval:def:48272 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. oval:org.secpod.oval:def:48276 System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately. oval:org.secpod.oval:def:48239 The RPC IPv6 Support should be configured appropriately based rpc services. oval:org.secpod.oval:def:48242 Manually configure addresses for IPv6 oval:org.secpod.oval:def:48246 The iptables service should be enabled if possible. oval:org.secpod.oval:def:48243 Enable privacy extensions for IPv6 oval:org.secpod.oval:def:48244 Define default gateways for IPv6 traffic oval:org.secpod.oval:def:48304 The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system. oval:org.secpod.oval:def:48302 The rsh service should be disabled if possible. oval:org.secpod.oval:def:48303 The rlogin service should be disabled if possible. oval:org.secpod.oval:def:48301 The rexec service should be disabled if possible. oval:org.secpod.oval:def:48309 The TFTP daemon should use secure mode. oval:org.secpod.oval:def:48306 The ypbind service should be disabled if possible. oval:org.secpod.oval:def:48307 The tftp service should be disabled if possible. oval:org.secpod.oval:def:48315 The irqbalance service should be enabled if possible. oval:org.secpod.oval:def:48316 The kdump service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48313 The cgred service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48314 The cpuspeed service should be disabled if possible. oval:org.secpod.oval:def:48311 The certmonger service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48312 The cgconfig service should be disabled if possible. oval:org.secpod.oval:def:48310 The acpid service should be disabled if possible. oval:org.secpod.oval:def:48319 The netconsole service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48317 The mdmonitor service should be disabled if possible. oval:org.secpod.oval:def:48318 The messagebus service should be disabled if possible. oval:org.secpod.oval:def:48326 The rdisc service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48327 The rhnsd service should be disabled if possible. oval:org.secpod.oval:def:48324 The Apache qpidd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48325 The quota_nld service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48322 The portreserve service should be disabled if possible. oval:org.secpod.oval:def:48323 The psacct service should be enabled if possible. oval:org.secpod.oval:def:48320 The ntpdate service should be disabled if possible. oval:org.secpod.oval:def:48321 The oddjobd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:1600100 f2py insecurely uses a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py. oval:org.secpod.oval:def:1600105 Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. oval:org.secpod.oval:def:1600106 A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content oval:org.secpod.oval:def:1600104 It was found that mod_wsgi did not properly drop privileges if the call to setuid failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi i ... oval:org.secpod.oval:def:1600121 Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename ... oval:org.secpod.oval:def:1600127 Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. in the host name, related to request_check_hostname.SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows r ... oval:org.secpod.oval:def:1600128 Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. oval:org.secpod.oval:def:1600125 Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2 ... oval:org.secpod.oval:def:1600126 A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. oval:org.secpod.oval:def:1600110 It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. oval:org.secpod.oval:def:1600111 It was found that mod_wsgi did not properly drop privileges if the call to setuid failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi i ... oval:org.secpod.oval:def:1600117 Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a long URI in an authentication header.The M ... oval:org.secpod.oval:def:1600114 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. oval:org.secpod.oval:def:1600142 It was found [1] that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files:./lib/Capture/Tiny.pm: $stash- oval:org.secpod.oval:def:1600149 The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP, and LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015 . oval:org.secpod.oval:def:1600132 Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse ... oval:org.secpod.oval:def:1600135 A buffer overflow flaw affecting ImageMagick and GraphicsMagic when handling PSD images was reported. oval:org.secpod.oval:def:1600999 To provide fine-grained controls over the ability to use Dynamic DNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update reques ... oval:org.secpod.oval:def:1601045 It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter. oval:org.secpod.oval:def:1600846 Denial of service in vpx/src/vpx_image.c fileA vulnerability in the Android media framework related to odd frame width oval:org.secpod.oval:def:1601372 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user oval:org.secpod.oval:def:1600971 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decom ... oval:org.secpod.oval:def:1600941 Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used. oval:org.secpod.oval:def:1601470 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65 oval:org.secpod.oval:def:1601343 A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially-crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default oval:org.secpod.oval:def:1601256 This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed below.April 2012July 2012October 2012 oval:org.secpod.oval:def:1600045 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1600035 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1600091 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1600195 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1600139 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1601011 A flaw was found in Exim versions 4.87 to 4.91 before release 1.20 . Improper validation of recipient address in deliver_message function in /src/deliver.c may lead to remote command execution oval:org.secpod.oval:def:1601302 A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead ... oval:org.secpod.oval:def:1601331 Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. oval:org.secpod.oval:def:1601323 Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to cause a denial of service via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or obtain sensitive information from memory via an NTLM Type 2 message with ... oval:org.secpod.oval:def:1601356 A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user ... oval:org.secpod.oval:def:1601248 Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running t ... oval:org.secpod.oval:def:1601279 Integer signedness error in the base64_decode function in the HTTP authentication functionality in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service via crafted base64 input that triggers an out-of-bounds read with a negative index. oval:org.secpod.oval:def:1601268 It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine , or bypass Java sandbox restrictions. It was discovered that ... oval:org.secpod.oval:def:1601294 It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding ... oval:org.secpod.oval:def:1601289 A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application oval:org.secpod.oval:def:1600927 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600960 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600914 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1600889 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1600887 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ... oval:org.secpod.oval:def:1600814 Vulnerability in the MySQL Server component of Oracle MySQL . Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete ... oval:org.secpod.oval:def:1600882 Improper write operations in readonly mode allow for zero-length file creationThe process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1601321 Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certa ... oval:org.secpod.oval:def:1600900 A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ... oval:org.secpod.oval:def:1600888 Unenforced configuration allows for apparently valid certifications actually signed by signing subkeysGnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with acc ... oval:org.secpod.oval:def:1600850 Cross-site session transfer vulnerability:It was found that mod_auth_mellon was vulnerable to a cross-site session transfer attack. An attacker with access to one web site on a server could use the same session to get access to a different site running on the same server oval:org.secpod.oval:def:1600372 It was found that the parsing of the NSSCipherSuite option of mod24_nss, which accepts OpenSSL-style cipherstrings, is flawed. If the option is used to disable insecure ciphersuites using the common "!" syntax, it will actually enable those insecure ciphersuites oval:org.secpod.oval:def:1600845 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1600890 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1600815 Vulnerability in the MySQL Server component of Oracle MySQL . Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete ... oval:org.secpod.oval:def:1601521 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using ... oval:org.secpod.oval:def:1601534 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping oval:org.secpod.oval:def:1601468 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability oval:org.secpod.oval:def:1600869 Uncontrolled search path element in pg_dump and other client applicationsA flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database oval:org.secpod.oval:def:1600709 Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables ... oval:org.secpod.oval:def:1600707 Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables ... oval:org.secpod.oval:def:1600982 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1600991 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1601530 The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.In order to mimic the Linux capabilities of the target process, Amazon Linux 1 customers need t ... oval:org.secpod.oval:def:1601556 Versions of the Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3-5 are affected by a race condition that could lead to a local privilege escalation.The Apache Log4j Hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046, it ... oval:org.secpod.oval:def:1200032 As reported upstream:When NTP or cmdmon access was configured with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder , the new setting was written to an incorrect location, possibly outside the allocated array. An attacker that has the command ... oval:org.secpod.oval:def:1601009 NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the 2018.03 AMI release. The advisory release date does not accurately reflect the date this was fixed. The actual date of the fix being released is: 2018-04-23.An integer overflow flaw was found in the Linux kernel's creat ... oval:org.secpod.oval:def:1600939 A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.A race condition was found in the way 38 ... oval:org.secpod.oval:def:1600907 A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal ... oval:org.secpod.oval:def:1600801 Hash character matches all IPs:A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource oval:org.secpod.oval:def:1600891 Command injection vulnerability in the DHCP client NetworkManager integration scriptA command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network able to spoof DHCP resp ... oval:org.secpod.oval:def:1600866 Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c:It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass ... oval:org.secpod.oval:def:1200058 A flaw was found in the authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. oval:org.secpod.oval:def:1600417 It was reported that +CIPHER operator in OpenSSL changes the order of a cipher. Instead of returning an error , it returned the result of processing up to that point, which could result in requested ciphers not being enabled. oval:org.secpod.oval:def:1600753 Information leak when SSSD is used for authentication against remote server:A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine ... oval:org.secpod.oval:def:1600375 It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. oval:org.secpod.oval:def:1200125 It was reported that nsSSL3Ciphers preference is not enforced server side, this allows for a potential downgrade attack to take place. oval:org.secpod.oval:def:1200011 An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. oval:org.secpod.oval:def:1200090 An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the "cn=changelog" LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive informati ... oval:org.secpod.oval:def:1200162 Multiple heap-based buffer overflows in the status_handler function in engine-gpgsm.c and engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." oval:org.secpod.oval:def:1600193 It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive ... oval:org.secpod.oval:def:1600019 A cross-site scripting flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/ ... oval:org.secpod.oval:def:1600011 The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The make_nonce, generate_nonce, and generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, ... oval:org.secpod.oval:def:1600044 It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This could ... oval:org.secpod.oval:def:1601311 iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by configure or examples/dhcp-client-script. oval:org.secpod.oval:def:1601259 An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Addition ... oval:org.secpod.oval:def:1600090 An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, exec ... oval:org.secpod.oval:def:1600231 It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those utilities by providing long input strings oval:org.secpod.oval:def:1600243 nagios.upgrade_to_v3.sh allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. oval:org.secpod.oval:def:1600052 Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for a getsockopt system call, related to the do_ip_vs_get_ctl function, or a setsock ... oval:org.secpod.oval:def:1200141 A denial of service flaw was found in the way Python"s SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, re ... oval:org.secpod.oval:def:1600073 Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. oval:org.secpod.oval:def:1601317 An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such f ... oval:org.secpod.oval:def:1600286 It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplif ... oval:org.secpod.oval:def:1600240 GDB tried to auto-load certain files from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user"s privileges when GDB was run in a directory that has untrusted content. With this update, GDB no longer auto-loads files from the curr ... oval:org.secpod.oval:def:1601296 A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the ... oval:org.secpod.oval:def:1601260 It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to ... oval:org.secpod.oval:def:1600295 It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information oval:org.secpod.oval:def:1601314 The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to Avahi or NetworkManager. oval:org.secpod.oval:def:1601298 A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they a ... oval:org.secpod.oval:def:1601266 It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code oval:org.secpod.oval:def:1601272 Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting a string to a numeric representation . If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:1601255 An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the a ... oval:org.secpod.oval:def:1601300 The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to a partition block device or an LVM volume. oval:org.secpod.oval:def:1601267 The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service by leveraging the presence of an ext4 filesystem that was mounted with a journal. oval:org.secpod.oval:def:1601284 A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with ... oval:org.secpod.oval:def:1601338 It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security negotiation with OpenLDAP clients oval:org.secpod.oval:def:1601367 Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtif ... oval:org.secpod.oval:def:1601273 A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client oval:org.secpod.oval:def:1601245 IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system"s networking, preventing legitimate users from accessing its services. A signedness issue was found in the Linux kernel"s CIFS implementation. A malicious CIFS server could send a specially-crafte ... oval:org.secpod.oval:def:1601278 Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. oval:org.secpod.oval:def:1601335 It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. oval:org.secpod.oval:def:1601243 Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code oval:org.secpod.oval:def:1601238 A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program ... oval:org.secpod.oval:def:1601286 A cross-site scripting flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack oval:org.secpod.oval:def:1600348 The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. oval:org.secpod.oval:def:1600920 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600929 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600925 OpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:1600948 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1601002 An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. An out-of-bounds heap read condition may occur when scanning PE files that have been packed using Aspack ... oval:org.secpod.oval:def:1601645 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust stor ... oval:org.secpod.oval:def:1600687 PHP Object Injection Vulnerabilities oval:org.secpod.oval:def:1600691 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user oval:org.secpod.oval:def:1600764 Buffer overflow in ModifiablePixelBuffer::fillRectA buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. VNC server can crash when TLS handshake termin ... oval:org.secpod.oval:def:1600721 Unsafe YAML deserialization:Versions of Puppet prior to 4.10.1 will deserialize data off the wire with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire ... oval:org.secpod.oval:def:1600724 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL charac ... oval:org.secpod.oval:def:1600749 spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. Cross-site scripting vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or ... oval:org.secpod.oval:def:1600781 A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user oval:org.secpod.oval:def:1600772 A shell command injection flaw related to the handling of quot;sshquot; URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a quot;checkoutquot; or quot;updatequot; action on ... oval:org.secpod.oval:def:1600785 An issue in file allowed an attacker to overwrite a fixed 20-byte stack buffer with a specially crafted .notes section in an ELF binary. oval:org.secpod.oval:def:1600508 A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. oval:org.secpod.oval:def:1600082 Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service via a small number of arguments to a function with a large number of fixed arguments. oval:org.secpod.oval:def:1600686 An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability oval:org.secpod.oval:def:1601707 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes oval:org.secpod.oval:def:1601065 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.A vulnerability was found in sssd where, if a user was configured ... oval:org.secpod.oval:def:1600842 Improper fetch cleanup sequencing in the resolver can cause named to crash:A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting ... oval:org.secpod.oval:def:1600368 It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to exe ... oval:org.secpod.oval:def:72932 Ensure ip6tables in enabled and running oval:org.secpod.oval:def:72877 The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivil ... oval:org.secpod.oval:def:48361 Protect against unnecessary release of information. oval:org.secpod.oval:def:48268 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:72864 If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate. oval:org.secpod.oval:def:72853 SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into ... oval:org.secpod.oval:def:72847 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:72909 All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:48517 The RPM package telnet should be installed. oval:org.secpod.oval:def:48254 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:72850 iptables allows configuration of the IPv4 tables in the linux kernel and the rules stored within them. Most firewall configuration utilities operate as a front end to iptables. oval:org.secpod.oval:def:48271 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:48457 The default umask for all users should be set correctly oval:org.secpod.oval:def:48238 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:48357 Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately. oval:org.secpod.oval:def:48425 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:48343 Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately. oval:org.secpod.oval:def:48445 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:48539 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72886 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. oval:org.secpod.oval:def:48458 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:48250 The kernel module tipc should be disabled. oval:org.secpod.oval:def:48486 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:48407 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:48385 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:48419 Configure Dovecot to Use the SSL Key file should be configured appropriately. oval:org.secpod.oval:def:48530 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:48270 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:48279 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72851 Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub boot parameters. Rationale: SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are not overridden. oval:org.secpod.oval:def:72858 To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartups to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:48387 Restrict Access to Anonymous Users should be configured appropriately. oval:org.secpod.oval:def:72917 Ensure root is the only UID 0 account oval:org.secpod.oval:def:48494 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:48460 The RPM package screen should be installed. oval:org.secpod.oval:def:48305 The RPM package ypserv should be removed. oval:org.secpod.oval:def:48475 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:48533 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:48349 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:72943 Ensure mounting of FAT filesystems is limited oval:org.secpod.oval:def:48390 The RPM package httpd should be removed. oval:org.secpod.oval:def:48255 rsyslogd should reject remote messages oval:org.secpod.oval:def:48281 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48267 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:48469 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:48528 The password minimum length should be set appropriately. oval:org.secpod.oval:def:48451 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:72848 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. oval:org.secpod.oval:def:48516 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:48493 The kernel module dccp should be disabled. oval:org.secpod.oval:def:72930 Ensure cron daemon is enabled and running oval:org.secpod.oval:def:48433 The RPM package rsh should be installed. oval:org.secpod.oval:def:48420 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48285 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72942 Ensure only strong MAC algorithms are used oval:org.secpod.oval:def:48535 All password hashes should be shadowed. oval:org.secpod.oval:def:48519 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:48485 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48379 Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:48434 The RPM package ypbind should be installed. oval:org.secpod.oval:def:48541 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:72856 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:48290 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48247 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:72859 When usePAM is set to yes, PAM runs through account and session types properly. This is important if you want to restrict access to services based off of IP, time or other factors of the account. Additionally, you can make sure users inherit certain environment variables on login or disallow access ... oval:org.secpod.oval:def:48364 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:72912 The .netrcfile presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrcfiles from other systems which could pose a risk to those systems. oval:org.secpod.oval:def:48481 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:48282 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48522 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:48251 The RPM package libreswan should be installed. oval:org.secpod.oval:def:48356 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:72929 Ensure nftables is not installed or stopped and masked oval:org.secpod.oval:def:72849 Ensure LDAP Client is not installed oval:org.secpod.oval:def:48332 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:72928 Ensure nfs-utils is not installed or the nfs-server service is masked oval:org.secpod.oval:def:72914 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. oval:org.secpod.oval:def:48338 Limit Users SSH Access should be configured appropriately. oval:org.secpod.oval:def:72906 Ensure users' home directories permissions are 750 or more restrictive oval:org.secpod.oval:def:72883 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48284 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48534 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:48525 The kernel module sctp should be disabled. oval:org.secpod.oval:def:72904 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:48526 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48334 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72861 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:48417 SSL capabilities should be enabled for the mail server. oval:org.secpod.oval:def:72905 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and ... oval:org.secpod.oval:def:48384 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:48477 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:72944 Disable Automounting oval:org.secpod.oval:def:72843 Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribu ... oval:org.secpod.oval:def:48359 The RPM package sendmail should be removed. oval:org.secpod.oval:def:48432 The RPM package mcstrans should be installed. oval:org.secpod.oval:def:72862 The X Window System provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Windows system is typically used on workstations where users login, but not on servers where users typically do not login. oval:org.secpod.oval:def:72882 Since the /var/tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:48546 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:72933 Ensure iptables in enabled and running oval:org.secpod.oval:def:48295 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:72923 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:72913 Ensure sudo log file exists oval:org.secpod.oval:def:48489 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72940 Ensure rsyslog default file permissions configured oval:org.secpod.oval:def:48280 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72910 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. oval:org.secpod.oval:def:72874 A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network connections, interfaces and sources. oval:org.secpod.oval:def:72892 The contents of the /var/lib/update-motd/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:72920 Ensure no duplicate group names account oval:org.secpod.oval:def:48286 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48249 The kernel module rds should be disabled. oval:org.secpod.oval:def:48296 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:72873 TMOUT is an environmental setting that determines the timeout of a shell in seconds. oval:org.secpod.oval:def:72878 Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:48501 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:48274 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:48264 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:48491 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:48472 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:72936 Ensure rsync is not installed or the rsyncd service is masked oval:org.secpod.oval:def:48437 The RPM package talk-server should be installed. oval:org.secpod.oval:def:48422 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:72900 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:48442 Core dumps for all users should be disabled oval:org.secpod.oval:def:48424 The RPM package squid should be removed. oval:org.secpod.oval:def:48240 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:72870 Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters. oval:org.secpod.oval:def:48410 The mod_security package installation should be configured appropriately. oval:org.secpod.oval:def:48439 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72857 To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:72947 Ensure auditd service is enabled and running oval:org.secpod.oval:def:48531 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:48450 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:48266 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:48427 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:48308 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:48470 The Kernel Parameter for Accepting Source-Routed Packets By Default and all interfaces should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48414 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:48441 The daemon umask should be set as appropriate oval:org.secpod.oval:def:48293 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:org.secpod.oval:def:48252 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:72876 The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. oval:org.secpod.oval:def:72891 It is critical to ensure that the /etc/passwd- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions. oval:org.secpod.oval:def:48474 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:72927 Ensure inactive password lock is 30 days or less oval:org.secpod.oval:def:72852 SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory access control) as contrary to the DAC (Discretionary access control). oval:org.secpod.oval:def:48518 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:48502 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:72898 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:72924 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:48465 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:72897 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to use ... oval:org.secpod.oval:def:72921 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames and is the successor to iptables. oval:org.secpod.oval:def:72868 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk oval:org.secpod.oval:def:48510 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:72866 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:48337 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:72901 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:48505 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:72879 Since the /tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:72887 There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data. oval:org.secpod.oval:def:72925 Ensure journald is configured to write logfiles to persistent disk oval:org.secpod.oval:def:48455 The default umask for users of the bash shell oval:org.secpod.oval:def:48508 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:48436 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72869 Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected. oval:org.secpod.oval:def:48386 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:72941 Ensure only strong Key Exchange algorithms are used oval:org.secpod.oval:def:48353 Logging (/etc/rsyslog.conf) should be configured appropriately. oval:org.secpod.oval:def:74447 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:72865 If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:48287 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72946 >Ensure mail transfer agent is configured for local-only mode oval:org.secpod.oval:def:72890 The /etc/shadow- file is used to store backup information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:48532 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48256 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48248 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48300 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:48283 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48463 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:72908 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. oval:org.secpod.oval:def:72939 Ensure ntp is configured oval:org.secpod.oval:def:72915 sudo can be configured to run only from a pseudo-pty oval:org.secpod.oval:def:48273 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:48479 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:72855 Setting the LoginGraceTime parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. It will also limit the number of concurrent unauthenticated connections While the recommended setting is 60 seconds (1 Minute), set the number based on site policy. oval:org.secpod.oval:def:72934 Ensure rsyslog Service is enabled and running oval:org.secpod.oval:def:72919 Ensure no duplicate user names account oval:org.secpod.oval:def:48416 The kernel module hfs should be disabled. oval:org.secpod.oval:def:72922 Ensure iptables packages are installed oval:org.secpod.oval:def:72937 Ensure no users have .forward files oval:org.secpod.oval:def:72846 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:48292 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:72894 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72854 SSH provides several logging levels with varying amounts of verbosity. DEBUG is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. INFO level is the basic level that only re ... oval:org.secpod.oval:def:72860 Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disa ... oval:org.secpod.oval:def:48269 Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately. oval:org.secpod.oval:def:48545 The system login banner text should be set correctly. oval:org.secpod.oval:def:48521 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:48490 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:48443 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:48289 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72926 Ensure journald is configured to send logs to rsyslog oval:org.secpod.oval:def:48523 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:48515 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:48540 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72863 Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly managed. oval:org.secpod.oval:def:48544 Audit files deletion events. oval:org.secpod.oval:def:72899 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:48504 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:48383 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:48467 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:72880 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48473 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:48388 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:48435 The RPM package tftp should be installed. oval:org.secpod.oval:def:48536 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72889 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:72895 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72881 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48538 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:48484 The password minclass should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72872 Ensure default group for the root account is GID 0 oval:org.secpod.oval:def:48524 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:48277 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:48418 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:48497 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:48288 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48245 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:48263 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:72867 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:72845 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:48506 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:72844 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:72911 Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user dot file permissions and determine the action to be taken in accordance with site po ... oval:org.secpod.oval:def:48241 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:48444 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:72935 Ensure rpcbind is not installed or the rpcbind services are masked oval:org.secpod.oval:def:48468 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:48265 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:72884 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48278 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48529 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:48454 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:48331 Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately. oval:org.secpod.oval:def:72918 Ensure root is the only UID 0 account oval:org.secpod.oval:def:72902 Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them. oval:org.secpod.oval:def:72875 The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unau ... oval:org.secpod.oval:def:48415 The RPM package dovecot should be removed. oval:org.secpod.oval:def:48363 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:72885 The /home directory is used to support disk storage needs of local users. oval:org.secpod.oval:def:48438 The RPM package talk should be installed. oval:org.secpod.oval:def:48498 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:48381 The RPM package bind should be removed. oval:org.secpod.oval:def:72907 While the complete removal of /etc/sshd/sshd_config files is recommended if any are required on the system secure permissions must be applied. oval:org.secpod.oval:def:48476 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:48429 Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48509 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48374 Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:48299 The RPM package xinetd should be removed. oval:org.secpod.oval:def:48396 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:72903 It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Other/world should not have the ability to view this information. Group should not have the ability to modify this information. oval:org.secpod.oval:def:48257 The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72945 Ensure use of privileged commands is collected oval:org.secpod.oval:def:48431 The RPM package setroubleshoot should be installed. oval:org.secpod.oval:def:48297 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:72896 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:72916 Ensure root is the only UID 0 account oval:org.secpod.oval:def:48360 Postfix network listening should be disabled oval:org.secpod.oval:def:48471 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:72931 Ensure firewalld service is enabled and running oval:org.secpod.oval:def:48275 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:48503 The passwords to remember should be set correctly. oval:org.secpod.oval:def:72888 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:48464 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:48488 The RPM package aide should be installed. oval:org.secpod.oval:def:48453 Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately. oval:org.secpod.oval:def:48514 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:72893 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. oval:org.secpod.oval:def:48456 The default umask for users of the csh shell oval:org.secpod.oval:def:48487 Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:48527 File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:48507 Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:48483 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:72938 Ensure ntp is configured oval:org.secpod.oval:def:74454 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:74461 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:74475 The use of wireless networking can introduce many different attack vectors into the organization's network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP ... oval:org.secpod.oval:def:74482 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:74468 Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The /var/run/failock directory maint ... oval:org.secpod.oval:def:74433 Change the default policy to DROP (from ACCEPT) for the FORWARD built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:74440 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:48511 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:48449 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:48482 The password warning age should be set appropriately. oval:org.secpod.oval:def:48430 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:48258 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:72871 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a ... oval:org.secpod.oval:def:1600326 ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service via a crafted Distinguished Name in a MOD operation request. 389 Directory Server does not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive ... oval:org.secpod.oval:def:1600324 It was discovered that gc"s implementation of the malloc and calloc routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc and calloc routines, a remote attacker could provide spec ... oval:org.secpod.oval:def:1600330 It was found that SSSD"s Privilege Attribute Certificate responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon applicati ... oval:org.secpod.oval:def:1600334 A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. oval:org.secpod.oval:def:1600355 It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. It was discovered that the unhtmlify function of foomatic-rip ... oval:org.secpod.oval:def:1600380 An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system ... oval:org.secpod.oval:def:1600387 A stack-based buffer overflow flaw was found in the send_dg and send_vc functions, used by getaddrinfo and other higher-level interfaces of glibc. A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the permissions of th ... oval:org.secpod.oval:def:1600370 An integer truncation flaw and an integer overflow flaw , both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execu ... oval:org.secpod.oval:def:1600379 A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. oval:org.secpod.oval:def:1200117 An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. oval:org.secpod.oval:def:1200106 A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the retu ... oval:org.secpod.oval:def:1200105 Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, ex ... oval:org.secpod.oval:def:1200109 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service by closing an SSL session at a time when the authentication timeout will expire during the session shutdow ... oval:org.secpod.oval:def:1200111 A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. ... oval:org.secpod.oval:def:1200164 It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause ... oval:org.secpod.oval:def:1200163 A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the att ... oval:org.secpod.oval:def:1200154 A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx t ... oval:org.secpod.oval:def:1200100 It was discovered that the snmp_pdu_parse function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd oval:org.secpod.oval:def:1200102 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service by closing an SSL session at a time when the authentication timeout will expire during the session shutdow ... oval:org.secpod.oval:def:1200062 An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. An integer truncation flaw was disc ... oval:org.secpod.oval:def:1200042 An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash oval:org.secpod.oval:def:1600704 A denial of service flaw was found in the way BIND handled DNSSEC validation.A remote attacker could use this flaw to make named exit unexpectedly with anassertion failure via a specially crafted DNS response oval:org.secpod.oval:def:1600730 Python debugger accessible to authorized users:A flaw was found in the way hg serve --stdio command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options oval:org.secpod.oval:def:1200137 It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. It was found that GnuTLS did not verify whether a hashing algorithm listed in a ... oval:org.secpod.oval:def:1200120 It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. oval:org.secpod.oval:def:1200175 A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. oval:org.secpod.oval:def:1200094 It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. It was found that mailman stored private email messages in a world-readable directory. A local user could use this f ... oval:org.secpod.oval:def:1200030 It was found that libuser, as used in the chfn userhelper functionality, does not properly filter out newline characters, which allows an authenticated local attacker to corrupt the /etc/passwd file and cause denial-of-service against the system. A flaw was found in the way the libuser library handl ... oval:org.secpod.oval:def:1600312 A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run ... oval:org.secpod.oval:def:1601236 The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service via a crafted application that makes epoll_create and epoll_ctl system calls.Buffer overflow in the xfs_readlink funct ... oval:org.secpod.oval:def:1600420 It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would le ... oval:org.secpod.oval:def:1600358 An out-of-bounds read flaw was found in the parsing of GIF files using GraphicsMagick. oval:org.secpod.oval:def:1600692 The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file.The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial o ... oval:org.secpod.oval:def:1601516 lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check oval:org.secpod.oval:def:1600364 An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading ... oval:org.secpod.oval:def:1601704 Netlogon RPC Elevation of Privilege Vulnerability oval:org.secpod.oval:def:1600485 CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries.CVE-2016-5416 38 ... oval:org.secpod.oval:def:1600063 The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service via crafted JSON data, involving collisions.Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1200190 A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library to crash or, possibly, execute arbitrary code. oval:org.secpod.oval:def:1200108 A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library to crash or, possibly, execute arbitrary code. oval:org.secpod.oval:def:1601642 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping oval:org.secpod.oval:def:1601355 It was found that the data_len parameter of the sock_alloc_send_pskb function in the Linux kernel"s networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note ... oval:org.secpod.oval:def:1601237 A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password ... oval:org.secpod.oval:def:1601224 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, relate ... oval:org.secpod.oval:def:1600934 mod_perl allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the c ... oval:org.secpod.oval:def:1601226 The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service via crafted network traffic. Race condition in the e ... oval:org.secpod.oval:def:1600264 A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. If an application"s PAM configuration contained "user_readenv=1" , a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. A denial of s ... oval:org.secpod.oval:def:1601291 A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of th ... oval:org.secpod.oval:def:1601297 A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary c ... oval:org.secpod.oval:def:1601337 It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The h ... oval:org.secpod.oval:def:1601241 It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect t ... oval:org.secpod.oval:def:1601229 Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a ... oval:org.secpod.oval:def:1601230 The Apache HTTP Server is a popular web server.A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd user ... oval:org.secpod.oval:def:1601288 A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:1601644 A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. A flaw was found in libXpm. This issue occurs when ... oval:org.secpod.oval:def:1601734 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity codebase oval:org.secpod.oval:def:1601641 cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read oval:org.secpod.oval:def:1601587 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack oval:org.secpod.oval:def:1601501 No versions of an Amazon Linux Java Virtual Machine are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-4504 ... oval:org.secpod.oval:def:1601472 A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity. A flaw was found in Go, where it attem ... oval:org.secpod.oval:def:1601464 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer en ... oval:org.secpod.oval:def:1601466 An XML Signature Wrapping vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to ... oval:org.secpod.oval:def:1601443 The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon , they can cause a difference in the interpretation of the request betwe ... oval:org.secpod.oval:def:1601141 An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. oval:org.secpod.oval:def:1601133 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Thi ... oval:org.secpod.oval:def:1601142 A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolve ... oval:org.secpod.oval:def:1601140 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it"s being evaluated. When processing the expression, it could either evaluate the top of the st ... oval:org.secpod.oval:def:1601127 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE . Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi ... oval:org.secpod.oval:def:1601139 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized me ... oval:org.secpod.oval:def:1601136 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. oval:org.secpod.oval:def:1601137 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. oval:org.secpod.oval:def:1601732 An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data ove ... oval:org.secpod.oval:def:1600715 An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp"ed over, this affects Linux Kernel versions 4.11.5 and earlier . An issue was discovered in the size of the default stack guard page on GRSecurity/PAX Lin ... oval:org.secpod.oval:def:1601088 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1601087 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1601031 A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone jo ... oval:org.secpod.oval:def:1601060 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3 oval:org.secpod.oval:def:1601051 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. oval:org.secpod.oval:def:1601063 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise ... oval:org.secpod.oval:def:1601089 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. oval:org.secpod.oval:def:1601027 dbus as used in DBusServer, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a diffe ... oval:org.secpod.oval:def:1601023 It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution oval:org.secpod.oval:def:1601022 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. An integer overflow in curl#039;s URL API results in a buffer overflow in libcurl oval:org.secpod.oval:def:1601018 In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party oval:org.secpod.oval:def:1601029 libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded oval:org.secpod.oval:def:1601003 The agroot function in cgraph\obj.c in libcgraph.a in Graphviz has a NULL pointer dereference, as demonstrated by graphml2gv oval:org.secpod.oval:def:1601131 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. It was discovered that Dovecot before versions 2.2.36.1 an ... oval:org.secpod.oval:def:1600994 A vulnerability was found in mod_auth_mellon. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users , adding special HTTP headers that are normally used to start the special SAML ECP can be used to bypass authentication. A vulnerability ... oval:org.secpod.oval:def:1601028 An issue was discovered in net/http in Go. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command oval:org.secpod.oval:def:1601062 A stack-based buffer overflow vulnerability in the "Server: Packaging " subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server. Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.44 ... oval:org.secpod.oval:def:1601066 libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards contains a CWE-415 Double Free vulnerab ... oval:org.secpod.oval:def:1600984 The GD Graphics Library has a double free in the gdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected oval:org.secpod.oval:def:1600981 Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks oval:org.secpod.oval:def:1601135 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:1600963 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, b ... oval:org.secpod.oval:def:1601013 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext oval:org.secpod.oval:def:1600986 Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations oval:org.secpod.oval:def:1600974 A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an #039;easy#039; handle in the `Curl_close` function, the library code first frees a struct and might then subsequently erroneously write to a struct field within that already freed struct. ... oval:org.secpod.oval:def:1600937 A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed.A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin ... oval:org.secpod.oval:def:1600935 Gitolite before 3.6.9 does not properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. See: https://nvd.nist.gov/vuln/detail/CVE-2018-16976 oval:org.secpod.oval:def:1601705 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse in gmarkup.c, related to utf8_str oval:org.secpod.oval:def:1600904 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessi ... oval:org.secpod.oval:def:1601371 A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the allow_other mount option regardless of whether user_allow_other is set in the fuse configuration. An attacker may use this ... oval:org.secpod.oval:def:1600919 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 . oval:org.secpod.oval:def:1600955 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ... oval:org.secpod.oval:def:1600947 A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is p ... oval:org.secpod.oval:def:1600918 Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security cl ... oval:org.secpod.oval:def:1600915 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ca ... oval:org.secpod.oval:def:1600912 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can ... oval:org.secpod.oval:def:1601369 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a linkdn and containerdn database argument, or by supplying a DN string which is a left extension of a container DN string but ... oval:org.secpod.oval:def:1600859 Arbitrary code execution during "go get" via C compiler options:An arbitrary command execution flaw was found in the way Go#039;s go get command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to ca ... oval:org.secpod.oval:def:1600851 Mishandling of client certificates can allow for OCSP check bypass:When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the ... oval:org.secpod.oval:def:1600862 Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CSRF protection missing in t ... oval:org.secpod.oval:def:1600847 Memory information disclosure in DescribeImage function in magick/describe.cGraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing th ... oval:org.secpod.oval:def:1600803 FTP PWD response parser out of bounds readlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in , it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing ... oval:org.secpod.oval:def:1600921 A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.An authentication bypass flaw was found in the way krb5's certauth interface ha ... oval:org.secpod.oval:def:1601057 A text injection flaw was found in how mod_auth_openidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. It was found that mod_auth_openidc did not properly sanitize HTTP headers f ... oval:org.secpod.oval:def:1600419 It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arb ... oval:org.secpod.oval:def:1200151 Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a negative length value. The osi_print_cksum function in print-isoclns.c in the ethernet print ... oval:org.secpod.oval:def:1600498 The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data. Use-after-free vulnerability in the CURLFile impl ... oval:org.secpod.oval:def:1600762 Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.Integer overflow in hcreate and hcreate_rAn integer overflow ... oval:org.secpod.oval:def:1200122 A buffer overflow flaw was found in the way glibc"s gethostbyname_r and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the applic ... oval:org.secpod.oval:def:1200040 A buffer overflow flaw was found in the way glibc"s gethostbyname_r and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the applic ... oval:org.secpod.oval:def:1600165 Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through vo ... oval:org.secpod.oval:def:1600169 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. A memory leak flaw was found in the way an Ope ... oval:org.secpod.oval:def:1600145 crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. oval:org.secpod.oval:def:1600031 The serf_ssl_cert_issuer, serf_ssl_cert_subject, and serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arb ... oval:org.secpod.oval:def:1600057 The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. oval:org.secpod.oval:def:1600148 The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. oval:org.secpod.oval:def:1600064 Varnish before 3.0.5 allows remote attackers to cause a denial of service via a GET request with trailing whitespace characters and no URI.varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensiti ... oval:org.secpod.oval:def:1600021 The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." oval:org.secpod.oval:def:1600155 It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw t ... oval:org.secpod.oval:def:1600176 MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service via a crafted Content-Type header that bypasses a loop"s intended exit conditions. oval:org.secpod.oval:def:1600162 A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Laye ... oval:org.secpod.oval:def:1600143 The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service via a crafted BGP update. oval:org.secpod.oval:def:1600277 Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. oval:org.secpod.oval:def:1600250 Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. oval:org.secpod.oval:def:1600332 A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. oval:org.secpod.oval:def:1200170 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges o ... oval:org.secpod.oval:def:1601269 A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the prox ... oval:org.secpod.oval:def:1601315 An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript"s International Color Consortium Format library . An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:1601263 It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-B ... oval:org.secpod.oval:def:1601313 A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the applicat ... oval:org.secpod.oval:def:1601357 Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running t ... oval:org.secpod.oval:def:1601339 Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arb ... oval:org.secpod.oval:def:1600317 HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. oval:org.secpod.oval:def:1601280 A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data function. A malicious TLS/SSL serve ... oval:org.secpod.oval:def:1601702 A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileg ... oval:org.secpod.oval:def:1601730 Denial of Service.An issue in c-ares was found where a 0-byte UDP payload can cause a Denial of Service . oval:org.secpod.oval:def:1200177 It was reported that gnupg2 keyring DB code did not reject packets which don"t belong into a keyring, which may lead to invalid read of sizeof . oval:org.secpod.oval:def:1600734 Golang: Elliptic curves carry propagation issue in x86-64 P-256. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could use this flaw to extract private keys when static ECDH is used oval:org.secpod.oval:def:1600718 Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file oval:org.secpod.oval:def:1600500 A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind ... oval:org.secpod.oval:def:1600501 A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resul ... oval:org.secpod.oval:def:1600391 An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability. oval:org.secpod.oval:def:1600413 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository ... oval:org.secpod.oval:def:1600414 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository ... oval:org.secpod.oval:def:1600354 A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba s ... oval:org.secpod.oval:def:1600377 A denial of service flaw was found in the ldb_wildcard_compare function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb , would cause that application to consume an excessive amount of memory and crash.A memory-read flaw was foun ... oval:org.secpod.oval:def:1600369 A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. oval:org.secpod.oval:def:1600523 Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. oval:org.secpod.oval:def:1200136 It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. oval:org.secpod.oval:def:1200152 Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file oval:org.secpod.oval:def:1200142 A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities.A buffer overflow flaw was found in the way various binutils utilities processed certai ... oval:org.secpod.oval:def:1200007 A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac ... oval:org.secpod.oval:def:1600025 parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. oval:org.secpod.oval:def:1200157 It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected trac ... oval:org.secpod.oval:def:1600837 SingleEntryRegistry incorrect setup of deserialization filter It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrict ... oval:org.secpod.oval:def:1600857 DerValue unbounded memory allocation:It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it ... oval:org.secpod.oval:def:1600884 Unbounded memory allocation during deserialization in NamedNodeMapImpl Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ... oval:org.secpod.oval:def:1600876 Unbounded memory allocation during deserialization in Container Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ... oval:org.secpod.oval:def:1601728 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ... oval:org.secpod.oval:def:1600141 This ALAS is superceded by ALAS-2014-419.A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticate ... oval:org.secpod.oval:def:1601365 A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax ... oval:org.secpod.oval:def:1601361 sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote ... oval:org.secpod.oval:def:1601368 The ExecShield feature does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. oval:org.secpod.oval:def:1601366 An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer oval:org.secpod.oval:def:1600400 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. oval:org.secpod.oval:def:1601353 A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods oval:org.secpod.oval:def:1601352 Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrar ... oval:org.secpod.oval:def:1601342 A use-after-free flaw was found in the Linux kernel"s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A use-after-free flaw was found in the mad ... oval:org.secpod.oval:def:1601346 A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon oval:org.secpod.oval:def:1601254 A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon oval:org.secpod.oval:def:1601253 Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrar ... oval:org.secpod.oval:def:1601287 An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd ... oval:org.secpod.oval:def:1600303 A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the ... oval:org.secpod.oval:def:1600301 An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that ... oval:org.secpod.oval:def:1600302 A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of ... oval:org.secpod.oval:def:1600300 An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mod ... oval:org.secpod.oval:def:1600325 It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding orac ... oval:org.secpod.oval:def:1600319 Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. An improper permission check issue was discovered in the Libraries component in OpenJDK. An unt ... oval:org.secpod.oval:def:1600313 Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple flaws were found in the way image parsers in the 2D and AWT compon ... oval:org.secpod.oval:def:1600309 The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. oval:org.secpod.oval:def:1600308 Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user"s ... oval:org.secpod.oval:def:1600350 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. oval:org.secpod.oval:def:1600284 Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI com ... oval:org.secpod.oval:def:1600283 Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user"s ... oval:org.secpod.oval:def:1600280 Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. oval:org.secpod.oval:def:1600281 Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI com ... oval:org.secpod.oval:def:1600297 Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way ... oval:org.secpod.oval:def:1600291 It was discovered that Ruby"s REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amount ... oval:org.secpod.oval:def:1600292 A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim"s passwo ... oval:org.secpod.oval:def:1200180 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service via unspecified vectors, which are not properly handled in json or jsonb values. The crypt function in contrib/pgcrypto in PostgreSQL ... oval:org.secpod.oval:def:1200189 A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory oval:org.secpod.oval:def:1600206 Multiple cross-site scripting vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:1600207 An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs , an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that Mesa did not cor ... oval:org.secpod.oval:def:1600202 A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records could cause Openswan"s pluto IKE daemon to crash or, potential ... oval:org.secpod.oval:def:1600203 An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that ... oval:org.secpod.oval:def:1600228 The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any ... oval:org.secpod.oval:def:1600222 Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way ... oval:org.secpod.oval:def:1200085 A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token function and use this flaw to crash that application. If kadmind wer ... oval:org.secpod.oval:def:1600216 It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly ... oval:org.secpod.oval:def:1600213 lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service via crafted text nodes in an XML document, aka an XML Entity Expansion attack. oval:org.secpod.oval:def:1600242 A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitra ... oval:org.secpod.oval:def:1600248 The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. oval:org.secpod.oval:def:1600247 Multiple cross-site scripting vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:1600238 Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.Multiple flaws were found in the way image parsers in the 2D and AWT components han ... oval:org.secpod.oval:def:1600233 libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. oval:org.secpod.oval:def:1600263 It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding orac ... oval:org.secpod.oval:def:1600260 It was found that kadmind"s kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services ... oval:org.secpod.oval:def:1600253 A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. A flaw was found in the way the mod_dav_svn module handled large numbers of propertie ... oval:org.secpod.oval:def:1600259 It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding ... oval:org.secpod.oval:def:1600256 The tomcat5, tomcat6, and tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on tomcat5-initd.log, tomcat6-initd. ... oval:org.secpod.oval:def:1600138 The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distingu ... oval:org.secpod.oval:def:1600041 It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in Open ... oval:org.secpod.oval:def:1600048 An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multip ... oval:org.secpod.oval:def:1600047 An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code wi ... oval:org.secpod.oval:def:1600030 It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate oval:org.secpod.oval:def:1600037 The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search ... oval:org.secpod.oval:def:1600038 A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim applic ... oval:org.secpod.oval:def:1600062 An off-by-one heap-based buffer overflow flaw was found in glibc"s internal __gconv_translit_find function. An attacker able to make an application call the iconv_open function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that applic ... oval:org.secpod.oval:def:1600054 A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid"s DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy c ... oval:org.secpod.oval:def:1600059 Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of ... oval:org.secpod.oval:def:1600058 A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server oval:org.secpod.oval:def:1600089 A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.acinclude.m4, as used in the configure script in PHP 5.5.13 ... oval:org.secpod.oval:def:1600087 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can res ... oval:org.secpod.oval:def:1600084 A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash oval:org.secpod.oval:def:1600080 A denial of service flaw was found in the way the File Information extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. oval:org.secpod.oval:def:1600077 An out-of-bounds read flaw was found in the way the File Information extension parsed Executable and Linkable Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. oval:org.secpod.oval:def:1600078 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. ... oval:org.secpod.oval:def:1600075 It was found that RPM could encounter an integer overflow, leading to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during pa ... oval:org.secpod.oval:def:1600071 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service by triggering many file_printf calls.The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 ... oval:org.secpod.oval:def:1600070 A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. oval:org.secpod.oval:def:1600094 Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of extern ... oval:org.secpod.oval:def:1600092 An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted ... oval:org.secpod.oval:def:1601318 A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure oval:org.secpod.oval:def:1601303 A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup oval:org.secpod.oval:def:1600009 A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconvert function in softmagic.c in ... oval:org.secpod.oval:def:1600007 A flaw was found in the way the mod_dav_svn module handled OPTIONS requests oval:org.secpod.oval:def:1600004 It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, pos ... oval:org.secpod.oval:def:1600005 The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package. oval:org.secpod.oval:def:1601327 A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. A flaw ... oval:org.secpod.oval:def:1600029 A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i ... oval:org.secpod.oval:def:1600026 It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query ... oval:org.secpod.oval:def:1600012 A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid"s DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy c ... oval:org.secpod.oval:def:1600018 It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the M ... oval:org.secpod.oval:def:1600015 An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted ... oval:org.secpod.oval:def:1600016 An out-of-bounds read flaw was found in the way the File Information extension parsed Executable and Linkable Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. oval:org.secpod.oval:def:1601344 An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure oval:org.secpod.oval:def:1601264 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." oval:org.secpod.oval:def:1600305 Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. The class lo ... oval:org.secpod.oval:def:1600314 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc"s memory allocator functions . If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ... oval:org.secpod.oval:def:1600315 Apache Axis did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name oval:org.secpod.oval:def:1600310 It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle oval:org.secpod.oval:def:1600285 A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash oval:org.secpod.oval:def:1600288 A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query oval:org.secpod.oval:def:1200140 It was reported that ntp misses validation of vallen value, leading to various information leaks. See for more details. It was reported that ntp allows bypassing source IP ACLs on some OSes when ::1 spoofed oval:org.secpod.oval:def:1600273 It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS oval:org.secpod.oval:def:1600270 GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. oval:org.secpod.oval:def:1600279 It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the pr ... oval:org.secpod.oval:def:1200135 Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permi ... oval:org.secpod.oval:def:1200121 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w ... oval:org.secpod.oval:def:1600294 Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding ... oval:org.secpod.oval:def:1600290 Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. The class lo ... oval:org.secpod.oval:def:1200095 The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. An assertion failure flaw was found in the way the SVN server processed certain requests with d ... oval:org.secpod.oval:def:1600225 A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to acces ... oval:org.secpod.oval:def:1600223 GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set , which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before ... oval:org.secpod.oval:def:1200086 A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ... oval:org.secpod.oval:def:1600217 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1600208 A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to acces ... oval:org.secpod.oval:def:1600239 GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared as if it has all bits set , which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before ... oval:org.secpod.oval:def:1600237 A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges oval:org.secpod.oval:def:1600234 GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. oval:org.secpod.oval:def:1600166 Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of ... oval:org.secpod.oval:def:1600163 A denial of service flaw was found in the way the File Information extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ... oval:org.secpod.oval:def:1600161 Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs "locked" to the 2014.03 repositories, openssl-1.0.1i-1.79.amzn1 also addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs ... oval:org.secpod.oval:def:1600160 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. ... oval:org.secpod.oval:def:1600151 A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessiv ... oval:org.secpod.oval:def:1600159 Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service via a crafted CDF file. NOTE: this vulnerability exists because of an incomplet ... oval:org.secpod.oval:def:1600156 A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive enti ... oval:org.secpod.oval:def:1600185 A NULL pointer dereference flaw was discovered in the way Openswan"s IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service , possibly causing existing VPN connections to be dropped oval:org.secpod.oval:def:1600183 Multiple integer overflows in the fs_get_reply, fs_alloc_glyphs, and fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.Multiple buffer overflows in ... oval:org.secpod.oval:def:1600184 An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple ... oval:org.secpod.oval:def:1600189 It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in Open ... oval:org.secpod.oval:def:1600180 Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of extern ... oval:org.secpod.oval:def:1600177 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service by triggering many file_printf calls.The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 ... oval:org.secpod.oval:def:1600174 It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". oval:org.secpod.oval:def:1600172 A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. oval:org.secpod.oval:def:1600170 Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop respon ... oval:org.secpod.oval:def:1600178 A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. oval:org.secpod.oval:def:1600179 An out-of-bounds read flaw was found in the way the File Information extension parsed Executable and Linkable Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. oval:org.secpod.oval:def:1200066 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w ... oval:org.secpod.oval:def:1600192 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service via a crafted indirect offset value in the magic of a file. oval:org.secpod.oval:def:1200056 A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request oval:org.secpod.oval:def:1600190 This update fixes several vulnerabilities in the MySQL database server. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to ... oval:org.secpod.oval:def:1200057 Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. Fix a side-channel attack which can potentially lead to an information leak. Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perf ... oval:org.secpod.oval:def:1200041 A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ... oval:org.secpod.oval:def:1200028 Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, e ... oval:org.secpod.oval:def:1600107 It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to ... oval:org.secpod.oval:def:1600108 An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges oval:org.secpod.oval:def:1600122 Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service or possible execute arbitrary code via a crafted TIFF image. The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows c ... oval:org.secpod.oval:def:1600129 A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and ... oval:org.secpod.oval:def:1600118 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service via a crafted cookie that is not properly handled during truncation. oval:org.secpod.oval:def:1600119 A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon oval:org.secpod.oval:def:1600116 A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value could possibly use this flaw to execute arbitrary code with the privileges of that application. oval:org.secpod.oval:def:1600144 GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typ ... oval:org.secpod.oval:def:1600140 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject"s Common Name or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to ... oval:org.secpod.oval:def:1600146 An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code wi ... oval:org.secpod.oval:def:1600133 It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. Multiple flaws were discovered in the Librari ... oval:org.secpod.oval:def:1600131 Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding ... oval:org.secpod.oval:def:1600136 This update fixes numerous unspecified vulnerabilities in the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier. oval:org.secpod.oval:def:1600134 A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the gif2tiff tool. A ... oval:org.secpod.oval:def:1600464 CVE-2016-2848 bind: assertion failure triggered by a packet with malformed optionsA denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS pac ... oval:org.secpod.oval:def:1600474 It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. oval:org.secpod.oval:def:1601322 An integer overflow flaw was found in the i915_gem_do_execbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. A memory leak flaw was found in the way the Linux kernel"s mem ... oval:org.secpod.oval:def:1601276 The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. oval:org.secpod.oval:def:1601292 The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a recvfrom or recvmsg system call on an RDS socket. oval:org.secpod.oval:def:1600703 Unsafe second checksum calculation in udp.c:The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. This may create a kernel panic or memory corruption leadin ... oval:org.secpod.oval:def:1600344 It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. oval:org.secpod.oval:def:1600366 When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes , or in-guest information leaks. In some cases, the kernel did not correctly fix ... oval:org.secpod.oval:def:1600353 A defect in control channel input handling was discovered which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named"s control channel. If control channel input is accepted from the network , an unauthenticated attacker could cause named ... oval:org.secpod.oval:def:1600386 An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. oval:org.secpod.oval:def:1600388 Specific APL RR data could cause a server to exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. CVE-2015-8705 was also issued today for bind, but the Amazon Linux AMI"s version of bind is not impacted by that CVE. oval:org.secpod.oval:def:1600376 An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even i ... oval:org.secpod.oval:def:1200139 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1 ... oval:org.secpod.oval:def:1200138 During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA ... oval:org.secpod.oval:def:1200127 An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrict ... oval:org.secpod.oval:def:1601128 Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283 oval:org.secpod.oval:def:1200114 An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrict ... oval:org.secpod.oval:def:1200171 A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. oval:org.secpod.oval:def:1200160 An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible ... oval:org.secpod.oval:def:1200169 A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet oval:org.secpod.oval:def:1200149 It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh coupled with "fail open" behavior in the X11 server when ... oval:org.secpod.oval:def:1200158 A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid system call, among others, also sets the sa ... oval:org.secpod.oval:def:1200098 A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid system call, among others, also sets the sa ... oval:org.secpod.oval:def:1200019 A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash oval:org.secpod.oval:def:1200018 A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon to crash under certain conditions. oval:org.secpod.oval:def:1200023 As discussed upstream, parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberate ... oval:org.secpod.oval:def:1200012 A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. oval:org.secpod.oval:def:1200064 An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrict ... oval:org.secpod.oval:def:1200034 As reported upstream, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. oval:org.secpod.oval:def:1600307 A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitra ... oval:org.secpod.oval:def:1601017 The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website oval:org.secpod.oval:def:1601025 The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were ab ... oval:org.secpod.oval:def:1600909 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:1601005 When the default servlet in Apache Tomcat returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat is vulnerable to ... oval:org.secpod.oval:def:1600945 When the default servlet in Apache Tomcat versions 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:1600906 The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ... oval:org.secpod.oval:def:1600839 Incorrect documentation of CGI Servlet search algorithm may lead to misconfigurationAs part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. A ... oval:org.secpod.oval:def:1600836 Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration:As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. ... oval:org.secpod.oval:def:1600855 Late application of security constraints can lead to resource exposure for unauthorised users:Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any U ... oval:org.secpod.oval:def:1600856 Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration:As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. ... oval:org.secpod.oval:def:1600343 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:1600331 It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough reques ... oval:org.secpod.oval:def:1600336 ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ... oval:org.secpod.oval:def:1600351 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:1600357 ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ... oval:org.secpod.oval:def:1600384 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:1200188 It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. oval:org.secpod.oval:def:1200005 It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessiv ... oval:org.secpod.oval:def:1200067 It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessiv ... oval:org.secpod.oval:def:1200113 A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user run ... oval:org.secpod.oval:def:1200178 A stack-buffer overflow flaw was found in PostgreSQL"s pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. A flaw was found in way PostgreSQL handled certain erro ... oval:org.secpod.oval:def:1200166 mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictio ... oval:org.secpod.oval:def:1200093 It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to the same server, the ... oval:org.secpod.oval:def:1200050 The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. CRLF injection v ... oval:org.secpod.oval:def:1200036 An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the quer ... oval:org.secpod.oval:def:1600695 Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service oval:org.secpod.oval:def:1600470 It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox. oval:org.secpod.oval:def:1600701 Infinite loop due to incorrect interaction of parse_packet and parse_part_sign_sha256 functions:Collectd contains an infinite loop due to how the parse_packet and parse_part_sign_sha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" o ... oval:org.secpod.oval:def:1600517 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A spe ... oval:org.secpod.oval:def:1600442 An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go"s net/http package, ... oval:org.secpod.oval:def:1600477 The implementation of ORDER BY and GROUP BY in Zend_Db_Select was discovered to be vulnerable to SQL injection. oval:org.secpod.oval:def:1600777 Password brute-force possible for locked account due to different return codes:A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby ... oval:org.secpod.oval:def:1600444 A heap-based buffer overflow in the parse_packet function in network.c in collectd allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted network packet. oval:org.secpod.oval:def:1600450 It was found that the lightweight resolver could crash due to an error when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf ... oval:org.secpod.oval:def:1600506 It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. A race ... oval:org.secpod.oval:def:1600773 It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service oval:org.secpod.oval:def:1600469 This build resolves the following issues:CVE-2016-8615 : Cookie injection for other serversCVE-2016-8616 : Case insensitive password comparisonCVE-2016-8617 : Out-of-bounds write via unchecked multiplicationCVE-2016-8618 : Double-free in curl_maprintfCVE-2016-8619 : Double-free in krb5 codeCVE-2016- ... oval:org.secpod.oval:def:1600454 After testing original CVE-2016-5420 patch, it was discovered that libcurl built on top of NSS still incorrectly re-uses client certificates if a certificate from file is used for one TLS connection but no certificate is set for a subsequent TLS connection. oval:org.secpod.oval:def:1600491 It was discovered that runC allowed additional container processes via `runc exec` to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file descriptors of these new processes during the initialization, which can lead to ... oval:org.secpod.oval:def:1600757 IV Reuse in GCM Mode:The openssl gem for Ruby uses the same initialization vector in GCM Mode when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism oval:org.secpod.oval:def:1600509 A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. oval:org.secpod.oval:def:1600415 The following security-related issues were resolved:Incomplete fix for CVE-2016-4356 Out-of-bounds read in _ksba_ber_parse_tl oval:org.secpod.oval:def:1600489 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary ... oval:org.secpod.oval:def:1600731 It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root oval:org.secpod.oval:def:1600365 Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server or, possibly, execute arbitrary code with the permissions of the user running Samba . This flaw could also be used ... oval:org.secpod.oval:def:1600403 The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service by attempting to access a hugetlbfs mapped area. A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate fil ... oval:org.secpod.oval:def:1600426 Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file ... oval:org.secpod.oval:def:1600425 Tomcat"s CGI support used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly ... oval:org.secpod.oval:def:1600422 GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource oval:org.secpod.oval:def:1600418 A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid ... oval:org.secpod.oval:def:1600416 A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. oval:org.secpod.oval:def:1600406 The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem oval:org.secpod.oval:def:1600448 A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. A flaw wa ... oval:org.secpod.oval:def:1600449 An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted ... oval:org.secpod.oval:def:1600447 A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes. oval:org.secpod.oval:def:1600445 A use after free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. oval:org.secpod.oval:def:1600437 A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. It was found that the fix for CVE-2016-4051 did not properly prevent th ... oval:org.secpod.oval:def:1600436 A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. oval:org.secpod.oval:def:1600433 It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialised variable would eventually lead ... oval:org.secpod.oval:def:1600434 curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to re ... oval:org.secpod.oval:def:1600432 Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file ... oval:org.secpod.oval:def:1600429 It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could p ... oval:org.secpod.oval:def:1600463 CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakageA race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherw ... oval:org.secpod.oval:def:1600461 It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. oval:org.secpod.oval:def:1600468 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. An integer overflow flaw, leading to a heap-base ... oval:org.secpod.oval:def:1600467 The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-703 ... oval:org.secpod.oval:def:1600456 A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. oval:org.secpod.oval:def:1600453 A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive"s file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. Multiple out-of-bounds write ... oval:org.secpod.oval:def:1600479 CVE-2016-8645 kernel: a BUG statement can be hit in net/ipv4/tcp_input.cIt was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen; set to 1 can hit BUG statement in tcp_collapse function after making a number of certain syscalls leading to a possible system crash.CVE-2016-8655 ... oval:org.secpod.oval:def:1600475 A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. oval:org.secpod.oval:def:1600496 The following security-related issues were fixed:CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3243 Server: Charsets unspecified vulnerability CVE-2017-3244 Server: DML unspecified vulnerability CVE-2017-3258 Server: DDL unspecified vulnerability CVE-2017-3313 Server: MyISAM uns ... oval:org.secpod.oval:def:1600494 The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service by leveraging access to a /dev/sg device, related to bloc ... oval:org.secpod.oval:def:1600492 It was found that the ghostscript functions getenv, file name for all and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie ... oval:org.secpod.oval:def:1600499 The following security-related issues were fixed:CVE-2016-8318 Server: Security: Encryption unspecified vulnerabilityCVE-2016-8327 Server: Replication unspecified vulnerabilityCVE-2017-3238 Server: Optimizer unspecified vulnerabilityCVE-2017-3244 Server: DML unspecified vulnerabilityCVE-2017-3257 Se ... oval:org.secpod.oval:def:1600705 It was found that ghostscript did not properly validate the parameters passedto the .rsdparams and .eqproc functions. During its execution, a speciallycrafted PostScript document could execute code in the context of the ghostscriptprocess, bypassing the -dSAFER protection oval:org.secpod.oval:def:1600786 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the var ... oval:org.secpod.oval:def:1600352 It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would ... oval:org.secpod.oval:def:1600702 A remote code execution flaw was found in Samba. A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Sa ... oval:org.secpod.oval:def:1600700 Server: Security: Privileges unspecified vulnerability :Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with networ ... oval:org.secpod.oval:def:1600699 Server: Security: Privileges unspecified vulnerability :Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with networ ... oval:org.secpod.oval:def:1600504 A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information lea ... oval:org.secpod.oval:def:1600521 The skbs processed by ip_cmsg_recv are not guaranteed to be linear . Using csum_partial on potentially the whole skb len is dangerous; instead be on the safe side and use skb_checksum. This may lead to an infoleak as the kernel memory may be checksummed and sent as part of the packet. It was discove ... oval:org.secpod.oval:def:1600514 It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addres ... oval:org.secpod.oval:def:1600510 It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys. oval:org.secpod.oval:def:1600511 A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. oval:org.secpod.oval:def:1600455 Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn"t happen frequently or at all in long running connections. The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remote attacker to reco ... oval:org.secpod.oval:def:1600495 The following security-related issues were fixed:Padding oracle vulnerability in Apache mod_session_crypto DoS vulnerability in mod_auth_digest Apache HTTP request parsing whitespace defects oval:org.secpod.oval:def:1600720 Null pointer dereference when handling empty SSLv2 messages:A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library oval:org.secpod.oval:def:1600719 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a certain character, which leads to ... oval:org.secpod.oval:def:1600716 Glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap ... oval:org.secpod.oval:def:1600717 Apache HTTP Request Parsing Whitespace DefectsIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that inte ... oval:org.secpod.oval:def:1600711 Escape out of git-shellA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command laun ... oval:org.secpod.oval:def:1600706 A flaw was found in the way sudo parsed tty information from the processstatus file in the proc filesystem. A local user with privileges to executecommands via sudo could use this flaw to escalate their privileges to root. oval:org.secpod.oval:def:1600745 Out-of-bounds read in fr_dhcp_decode_options:An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. Out-of-bounds read in fr_dhcp_decode when ... oval:org.secpod.oval:def:1600740 Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcats DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page oval:org.secpod.oval:def:1600736 Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request. A f ... oval:org.secpod.oval:def:1600732 Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page oval:org.secpod.oval:def:1600733 Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page oval:org.secpod.oval:def:1600760 Server: Charsets unspecified vulnerability Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via ... oval:org.secpod.oval:def:1600767 pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappi ... oval:org.secpod.oval:def:1600768 Server: Charsets unspecified vulnerability :Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via ... oval:org.secpod.oval:def:1600765 pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user mappi ... oval:org.secpod.oval:def:1600763 Command injection via malicious ssh URLs:A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "c ... oval:org.secpod.oval:def:1600761 Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, f ... oval:org.secpod.oval:def:1600759 popd controlled free:A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.Arbitrary code execution via malicious hostname:An arbitrary command inject ... oval:org.secpod.oval:def:1600756 Integer overflow in nlmsg_reserve:An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application oval:org.secpod.oval:def:1600755 CRLF injection in the url_parse function in url.cA CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests, via CRLF sequences in the host sub-component of a URL, by tricking a user running wget into processing cr ... oval:org.secpod.oval:def:1600750 Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untr ... oval:org.secpod.oval:def:1600751 Vulnerabilities in the Graphite 2 library A heap-based buffer overflow flaw related to lz4::decompress has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. Heap-buffer-overflow write "lz4::decompress" A heap-based buffer overflow ... oval:org.secpod.oval:def:1600782 Stack-buffer overflow in GfxState.cc:A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execute arbitrary code when opened. Integer overflow in JBIG2Stream.cc:An intege ... oval:org.secpod.oval:def:1600780 Information leak in the DHCPv6 relay codeAn information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. Memory exhaustion vulner ... oval:org.secpod.oval:def:1600789 Server memory information leak over SMB1:An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be c ... oval:org.secpod.oval:def:1600787 Command injection flaw within "enriched mode" handling:A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary ... oval:org.secpod.oval:def:1600778 1480618: Vary header not added by CORS filter leading to cache poisoningThe CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances oval:org.secpod.oval:def:1600774 A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by s ... oval:org.secpod.oval:def:1600792 The pg_user_mappings view discloses passwords to users lacking server privileges:An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user m ... oval:org.secpod.oval:def:1600790 Potential use-after-free in TLS 1.2 server when verifying client authentication:A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, poten ... oval:org.secpod.oval:def:1600791 The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations oval:org.secpod.oval:def:1600796 Heap-based buffer overflow in HTTP protocol handlingA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ... oval:org.secpod.oval:def:1600688 Incorrect handling of pipelined requests when send file was used:A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost wh ... oval:org.secpod.oval:def:1600694 Sending SIGKILL to other processes with root privileges via su:A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. oval:org.secpod.oval:def:1600690 Incorrect handling of pipelined requests when send file was usedA bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost whe ... oval:org.secpod.oval:def:1600696 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an appl ... oval:org.secpod.oval:def:1600503 An authenticated remote attacker can cause denial-of-service conditions on the server using mod_dontdothat by sending a specially crafted REPORT request. The attack does not require access to a particular repository. oval:org.secpod.oval:def:1600516 libcurl"s implementation of the printf functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. This flaw does not exist in the command l ... oval:org.secpod.oval:def:1600466 It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote att ... oval:org.secpod.oval:def:1600797 A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution oval:org.secpod.oval:def:1200147 A flaw in libjpeg-turbo was reported that could lead to a local denial of service when processing a specially-crafted JPEG issue. oval:org.secpod.oval:def:1600770 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file oval:org.secpod.oval:def:1600484 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener oval:org.secpod.oval:def:1600482 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener oval:org.secpod.oval:def:1600480 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener oval:org.secpod.oval:def:1600473 It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. A malicious web applic ... oval:org.secpod.oval:def:1600693 A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. A denial of service flaw w ... oval:org.secpod.oval:def:1600518 It was discovered that the code that parsed the HTTP request line permittedinvalid characters. This could be exploited, in conjunction with a proxy thatalso permitted the invalid characters but with a different interpretation, toinject data into the HTTP response. By manipulating the HTTP response t ... oval:org.secpod.oval:def:1200130 It was discovered that in httpd 2.4, the internal API function ap_some_auth_required could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. Multiple flaws ... oval:org.secpod.oval:def:1200039 Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP requ ... oval:org.secpod.oval:def:1601648 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ... oval:org.secpod.oval:def:1600465 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine"s memory and completely bypass Java sandbox restrictions. It was discover ... oval:org.secpod.oval:def:1600476 It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. A flaw was found in the way the JMX component of Ope ... oval:org.secpod.oval:def:1600820 It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. Vulnerability in the Java SE, ... oval:org.secpod.oval:def:1600712 An untrusted library search path flaw was found in the JCE component ofOpenJDK. A local attacker could possibly use this flaw to cause a Javaapplication using JCE to load an attacker-controlled library and hence escalatetheir privileges. It was found that the JAXP component of OpenJDK failed to corr ... oval:org.secpod.oval:def:1600737 Incorrect enforcement of certificate path restrictions:It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of ... oval:org.secpod.oval:def:1600747 It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP ... oval:org.secpod.oval:def:1600795 Multiple unbounded memory allocations in deserialization Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability all ... oval:org.secpod.oval:def:1600697 Improper re-use of NTLM authenticated connections :It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java appli ... oval:org.secpod.oval:def:1600502 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine"s memory and completely bypass Java sandbox restrictions. It was discover ... oval:org.secpod.oval:def:1600440 Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files oval:org.secpod.oval:def:1600443 It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. Unspecified vuln ... oval:org.secpod.oval:def:1600438 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. ... oval:org.secpod.oval:def:1600806 pcre: heap buffer overflow in handling of duplicate named groups The pcre_compile2 function in pcre_compile.c mishandles the / oval:org.secpod.oval:def:1600337 wolfSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also know ... oval:org.secpod.oval:def:1200116 Use of uninitialized memory was reported in in libtiff. oval:org.secpod.oval:def:1200072 A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions. oval:org.secpod.oval:def:1601067 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service via a crafted GIF file.An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteSc ... oval:org.secpod.oval:def:1600327 An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan JPEG markers or Define Huffman Table JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially se ... oval:org.secpod.oval:def:1601333 Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.Several denial of service flaws were found in Wireshark. Wireshark could crash or stop respondi ... oval:org.secpod.oval:def:1601341 An integer overflow flaw was found in Ghostscript"s TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read ... oval:org.secpod.oval:def:1601242 Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code. oval:org.secpod.oval:def:1600714 Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code. Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. Aspecially crafted file could cause an a ... oval:org.secpod.oval:def:1200176 An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer de ... oval:org.secpod.oval:def:1200029 Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer ... oval:org.secpod.oval:def:1601733 Warning has been added when HTTP::Tiny is used without verify_ssl flag oval:org.secpod.oval:def:1601513 A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could u ... oval:org.secpod.oval:def:1601535 A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor oval:org.secpod.oval:def:1601519 An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution oval:org.secpod.oval:def:1600867 Path traversal when writing to a symlinked basedir outside of the rootRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerab ... oval:org.secpod.oval:def:1600879 Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ... oval:org.secpod.oval:def:1600813 An out-of-bounds array dereference was found in apr_time_exp_get. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. oval:org.secpod.oval:def:1600810 Apache Portable Runtime Utility fails to validate the integrity of SDBM database files used by apr_sdbm* functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of servi ... oval:org.secpod.oval:def:1600779 SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTPA SMTP command injection flaw was found in the way Ruby#039;s Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session ... oval:org.secpod.oval:def:1600799 Arbitrary heap exposure during a JSON.generate callRuby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a #039;\\0#039; byte, ... oval:org.secpod.oval:def:1600980 A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or l ... oval:org.secpod.oval:def:1600997 In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard oval:org.secpod.oval:def:1600405 A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute ar ... oval:org.secpod.oval:def:1600408 It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disab ... oval:org.secpod.oval:def:1600431 It was discovered that ntpq and ntpdc disclosed the origin timestamp to unauthenticated clients, which could permit such clients to forge the server"s replies. The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service by sendin ... oval:org.secpod.oval:def:1600481 CVE-2016-2834 nss: Multiple security flaws multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the ... oval:org.secpod.oval:def:1600488 The following security-related issues were resolved:CVE-2016-7426 : Client rate limiting and server responsesCVE-2016-7429 : Attack on interface selectionCVE-2016-7433 : Broken initial sync calculations regressionCVE-2016-9310 : Mode 6 unauthenticated trap information disclosure and DDoS vectorCVE-2 ... oval:org.secpod.oval:def:1600396 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1600395 It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that the H ... oval:org.secpod.oval:def:1600392 An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:1600390 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory of a successfully authenticated OpenSSH client.A buffer overflow flaw was found in the way the OpenSSH client roaming featu ... oval:org.secpod.oval:def:1600399 A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an applicatio ... oval:org.secpod.oval:def:1600341 DL::dlopen could open a library with tainted library name even if $SAFE oval:org.secpod.oval:def:1600340 Several vulnerabilities were discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of ... oval:org.secpod.oval:def:1600361 An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:1600362 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1600389 It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to ... oval:org.secpod.oval:def:1600374 Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict w ... oval:org.secpod.oval:def:1600373 An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:1600378 It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discovered that the H ... oval:org.secpod.oval:def:1200129 It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer ove ... oval:org.secpod.oval:def:1200128 Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A spec ... oval:org.secpod.oval:def:1200153 As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker c ... oval:org.secpod.oval:def:1200010 Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A spec ... oval:org.secpod.oval:def:1200002 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:1200052 It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client"s polling interval value, and effectively disable synchronization with th ... oval:org.secpod.oval:def:1200051 Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A spec ... oval:org.secpod.oval:def:1200043 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19, allowing remote attackers to cause a denial of service or possibly have unspecified other imp ... oval:org.secpod.oval:def:1600689 Denial of Service via Malformed Config:A vulnerability was discovered in the NTP servers parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.Potential Overflows in ctl_put functions:A vulnerability was found in NTP, in the buil ... oval:org.secpod.oval:def:1600961 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1600958 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ... oval:org.secpod.oval:def:1600949 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability ... oval:org.secpod.oval:def:1600911 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in ... oval:org.secpod.oval:def:1600908 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in ... oval:org.secpod.oval:def:1600928 ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim#039;s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-201 ... oval:org.secpod.oval:def:1600831 The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service or possibly have unspecified other impact via vectors involving long user and password fields. The FTP wildcard function in curl and libcurl before 7.57.0 allows remot ... oval:org.secpod.oval:def:1600875 RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys:OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process c ... oval:org.secpod.oval:def:1600817 Quick Emulator , compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbit ... oval:org.secpod.oval:def:1600723 Module reference leak due to improper shut down of callback channel on umount:The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and ... oval:org.secpod.oval:def:1601004 NTP has a NULL pointer dereference attack in an authenticated mode 6 packet oval:org.secpod.oval:def:1601046 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service or execute arbitrary code via a crafted file.libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of ... oval:org.secpod.oval:def:1600965 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol oval:org.secpod.oval:def:1600959 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via S ... oval:org.secpod.oval:def:1600946 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE . Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom ... oval:org.secpod.oval:def:1600987 Vulnerability in the Java SE component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of th ... oval:org.secpod.oval:def:1601649 Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. A possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105 ... oval:org.secpod.oval:def:1601441 RDoc before version 6.3.1 used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user ... oval:org.secpod.oval:def:1601442 RDoc before version 6.3.1 used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user ... oval:org.secpod.oval:def:1600985 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key oval:org.secpod.oval:def:1600524 A denial of service flaw was found in the way the TLS/SSL protocol definedprocessing of ALERT packets during a connection handshake. A remote attackercould use this flaw to make a TLS/SSL server consume an excessive amount of CPUand fail to accept connections form other clients. Multiple flaws were ... oval:org.secpod.oval:def:1600996 A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. If an application encounters a fatal protocol error and then calls SSL_shutdown twice ... oval:org.secpod.oval:def:1600507 An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. A denial of service flaw was found in the way the TLS/SSL protocol defined pro ... oval:org.secpod.oval:def:1600923 Quick Emulator , compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process ... oval:org.secpod.oval:def:1601647 A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to ... oval:org.secpod.oval:def:1600977 A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed b ... oval:org.secpod.oval:def:1200179 The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. Libcontainer version 1.6.0 introduc ... oval:org.secpod.oval:def:1601646 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a la ... oval:org.secpod.oval:def:1200126 Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol ... oval:org.secpod.oval:def:1200167 Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol ... oval:org.secpod.oval:def:1200104 Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol ... oval:org.secpod.oval:def:1200046 A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Please note that this update forces the TLS/SSL c ... oval:org.secpod.oval:def:1200038 LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange . An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in wh ... oval:org.secpod.oval:def:1601514 A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited g ... oval:org.secpod.oval:def:1600439 A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long. oval:org.secpod.oval:def:1600486 A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim oval:org.secpod.oval:def:1600520 An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when ... oval:org.secpod.oval:def:1601469 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with n ... oval:org.secpod.oval:def:1601112 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy ... oval:org.secpod.oval:def:1601117 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy ... oval:org.secpod.oval:def:1600936 Git before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. oval:org.secpod.oval:def:1600894 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ... oval:org.secpod.oval:def:1200184 It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections libra ... oval:org.secpod.oval:def:1600924 The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness. oval:org.secpod.oval:def:1600824 Lack of content verification in Docker-CE versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing oval:org.secpod.oval:def:1600404 A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ... oval:org.secpod.oval:def:1600397 A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. It was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an ... oval:org.secpod.oval:def:1600367 A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicl ... oval:org.secpod.oval:def:1200024 A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory.The xmlParseConditionalSections func ... oval:org.secpod.oval:def:1200115 A denial of service vulnerability was discovered in the keyring function"s garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic oval:org.secpod.oval:def:1200092 It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. ... oval:org.secpod.oval:def:1200077 A flaw was found in the way the Linux kernel"s XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. oval:org.secpod.oval:def:1200053 The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the en ... oval:org.secpod.oval:def:1600060 sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.The verify_host_key function in sshconnect.c in the client in OpenSSH 6 ... oval:org.secpod.oval:def:1600055 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack. oval:org.secpod.oval:def:1600096 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... oval:org.secpod.oval:def:1600834 Reflected XSS in .phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Denial of Service via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.cThe gd_gif_in.c file in the GD Graphic ... oval:org.secpod.oval:def:1600402 A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT function ... oval:org.secpod.oval:def:1600460 ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an unserialize call that references a partially constructed object .ext/mysqlnd/mysqlnd_wireprot ... oval:org.secpod.oval:def:1600458 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service or possibly have unspecified other impact via crafted field metadata .Use-after-free vulnerabilit ... oval:org.secpod.oval:def:1600497 A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or, potentially, code exe ... oval:org.secpod.oval:def:1600014 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the Fo ... oval:org.secpod.oval:def:1600744 Out-of-bounds heap write in bitset_set_range:An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range during regular expression compilation due to an uninitialized variable from ... oval:org.secpod.oval:def:1600752 Out-of-bounds heap write in bitset_set_rangeAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range during regular expression compilation due to an uninitialized variable from ... oval:org.secpod.oval:def:1600306 A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 introduced a ... oval:org.secpod.oval:def:1600321 Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a "\0" chara ... oval:org.secpod.oval:def:1600318 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notBefore and notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a c ... oval:org.secpod.oval:def:1600333 A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ... oval:org.secpod.oval:def:1200191 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a craft ... oval:org.secpod.oval:def:1200192 As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . oval:org.secpod.oval:def:1200144 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping"s length during processing of an invalid file that begins with a # character and lacks a newline character, whi ... oval:org.secpod.oval:def:1200143 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:1200148 As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . oval:org.secpod.oval:def:1600276 A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 introduced a ... oval:org.secpod.oval:def:1200134 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive f ... oval:org.secpod.oval:def:1200119 An out-of-bounds read flaw was found in the way glibc"s iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. It was found that the files back end of Nam ... oval:org.secpod.oval:def:1200107 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:1600299 A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the afo ... oval:org.secpod.oval:def:1200187 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:1200186 An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ... oval:org.secpod.oval:def:1200172 As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . oval:org.secpod.oval:def:1200168 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:1200159 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:1200101 An out-of-bounds read flaw was found in the way glibc"s iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp function woul ... oval:org.secpod.oval:def:39728 Integer overflow in gd_io.c in the GD Graphics Library before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0 ... oval:org.secpod.oval:def:1200091 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:1200084 The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. The ELF parser in file before 5.21 allows remote attackers to cause a denial of service via a large number of program or section headers or invalid capabilities. It was rep ... oval:org.secpod.oval:def:1200082 As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . oval:org.secpod.oval:def:1200089 A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported. A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client ... oval:org.secpod.oval:def:1200087 As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . oval:org.secpod.oval:def:1200071 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:1200076 A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ... oval:org.secpod.oval:def:1600267 A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the afo ... oval:org.secpod.oval:def:1600164 A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail oval:org.secpod.oval:def:1200020 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buff ... oval:org.secpod.oval:def:1200025 A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.It was d ... oval:org.secpod.oval:def:1600158 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack. oval:org.secpod.oval:def:1200014 A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip"s "-t" option. A buffer overflow flaw was found in the way unzip computed t ... oval:org.secpod.oval:def:1600182 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... oval:org.secpod.oval:def:1200003 A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ... oval:org.secpod.oval:def:1200063 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:1200059 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:1200044 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping"s length during processing of an invalid file that begins with a # character and lacks a newline character, whi ... oval:org.secpod.oval:def:1200048 A buffer overflow vulnerability was found in PHP"s phar implementation. See https://bugs.php.net/bug.php?id=69324 for more details. A use-after-free flaw was found in PHP"s phar paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memo ... oval:org.secpod.oval:def:1601064 A use-after-free in onig_new_deluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte en ... oval:org.secpod.oval:def:1600519 Integer overflow in gd_io.c in the GD Graphics Library before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. In all versions of PHP 7, during the unserialization process, resizing the "properties"; hash table ... oval:org.secpod.oval:def:1600102 A buffer overflow flaw was found in the way the decode_icmp_msg function in the ICMP-MIB implementation processed Internet Control Message Protocol message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially caus ... oval:org.secpod.oval:def:1600113 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... oval:org.secpod.oval:def:1200008 A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connect ... oval:org.secpod.oval:def:1600152 fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled ... oval:org.secpod.oval:def:1600150 It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, exe ... oval:org.secpod.oval:def:1600120 A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the cl ... oval:org.secpod.oval:def:1600124 It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuT ... oval:org.secpod.oval:def:1600076 Mozilla Netscape Portable Runtime before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving the sprintf and console functions. oval:org.secpod.oval:def:1600147 Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain ... oval:org.secpod.oval:def:1601329 A buffer overflow flaw was found in the way the Linux kernel"s XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. Flaws in ghash_updat ... oval:org.secpod.oval:def:1601293 A flaw was found in the way the Linux kernel"s Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.A malicious Network File System version 4 server could return a crafted reply to a GETACL request, causing a denia ... oval:org.secpod.oval:def:1600296 A malicious Network File System version 4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control a ... oval:org.secpod.oval:def:1600229 It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module to be called. A local, unprivileged user could use this flaw to cause a denial of service . A flaw was found in the way ... oval:org.secpod.oval:def:1600226 Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Produc ... oval:org.secpod.oval:def:1601364 libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multi ... oval:org.secpod.oval:def:1601360 The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arb ... oval:org.secpod.oval:def:1601350 The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the bac ... oval:org.secpod.oval:def:1601270 It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations . An unprivileged database user could use this flaw to read and write to ... oval:org.secpod.oval:def:1600221 An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the Postgr ... oval:org.secpod.oval:def:1600241 Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a da ... oval:org.secpod.oval:def:1600001 A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child p ... oval:org.secpod.oval:def:1600742 ap_find_token buffer overread:A buffer over-read flaw was found in the httpds ap_find_token function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parse ... oval:org.secpod.oval:def:1600771 A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. It was discovered that the use of http ... oval:org.secpod.oval:def:1600776 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. ... oval:org.secpod.oval:def:1600109 A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child p ... oval:org.secpod.oval:def:1200013 It was discovered that libwmf did not correctly process certain WMF with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user runni ... oval:org.secpod.oval:def:1601316 A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this iss ... oval:org.secpod.oval:def:1600483 CVE-2016-0718 : Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary ... oval:org.secpod.oval:def:1200118 A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. It was found that SQLite"s sqlite3VdbeExec function did not properly implement ... oval:org.secpod.oval:def:1200021 Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library . All PHP 5.4 users are encouraged to upgrade to this version. Please see the upstream release notes for full details. oval:org.secpod.oval:def:1600266 The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. oval:org.secpod.oval:def:1600883 Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim#039;s clo ... oval:org.secpod.oval:def:1601515 It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. It was found that vim was vulnerable to a 1 byte heap based out of bounds read ... oval:org.secpod.oval:def:1601320 A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when cal ... oval:org.secpod.oval:def:1601354 The crypt_des function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt ... oval:org.secpod.oval:def:1601283 Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. The crypt_des fu ... oval:org.secpod.oval:def:1601706 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of s ... oval:org.secpod.oval:def:1601465 A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for "issuer cert" and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality oval:org.secpod.oval:def:1600490 A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. The blk_rq_map_user_iov function i ... oval:org.secpod.oval:def:1600224 The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service via a relative URL in a REPORT request.The get_parent_resource function in repos.c in ... oval:org.secpod.oval:def:1601703 A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. qfq_change_class in net/sched/sch_qfq.c in the Linux ... oval:org.secpod.oval:def:1601736 An issue was found in the Linux kernel's IPv6 TCP connection tracking code, which could lead to high CPU usage with certain traffic patterns oval:org.secpod.oval:def:1601729 A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation. A heap buffer ove ... oval:org.secpod.oval:def:1601589 An out-of-bounds write flaw was found in the Linux kernel and rsquo;s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. A vulnerabilit ... oval:org.secpod.oval:def:1601643 A flaw in the processing of received ICMP errors in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confid ... oval:org.secpod.oval:def:1601512 A flaw in the processing of received ICMP errors in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confid ... oval:org.secpod.oval:def:1601529 A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality. This flaw allows a local user to crash or escalate their privileges on the system. A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a loca ... oval:org.secpod.oval:def:1601520 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:1601471 A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability oval:org.secpod.oval:def:1601582 A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read oval:org.secpod.oval:def:1600061 The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service via a malformed INIT chunk. The pivot_root implementation in fs/namespace.c in the Linux kernel through ... oval:org.secpod.oval:def:1600168 arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service via an invalid syscall number, as demonstrated by number 1000. Array index error in the aio_re ... oval:org.secpod.oval:def:1601440 kernel: refcount leak in llcp_sock_bind kernel: refcount leak in llcp_sock_connect kernel: memory leak in llcp_sock_connect An issue was discovered in the Linux kernel related to mm/gup.c and mm/huge_memory.c. The get_user_pages implementation, when used for a copy-on-write page, does not properly ... oval:org.secpod.oval:def:1601463 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption oval:org.secpod.oval:def:1600892 A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch oper ... oval:org.secpod.oval:def:1601138 In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.In the Linux kernel 5.4.0-rc2, there is a use ... oval:org.secpod.oval:def:1601129 A NULL pointer dereference flaw was found in the Linux kernel"s SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option protocol"s category bitmap into the SELinux extensible bitmap via the" ebitmap_netlbl_import" routine. While processing the CIPSO restricted bitmap t ... oval:org.secpod.oval:def:1601113 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures a ... oval:org.secpod.oval:def:1601056 An out-of-bounds access issue was found in the way Linux kernel#039;s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer #039;struct kvm_coalesced_mmio#039; object, wherein write indices #039;ring-gt;first#039; and #039;ring-gt;last#039; value could be s ... oval:org.secpod.oval:def:1601048 A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg" commit reintro ... oval:org.secpod.oval:def:1601075 This security update is only applicable to EC2 Bare Metal instance types using Intel processors. Intel has released microcode updates for certain Intel CPUs. After installing the updated microcode_ctl package, the microcode will be automatically activated on next boot. Improper conditions check in t ... oval:org.secpod.oval:def:1600990 A kernel memory leak was found in the kernel_read_file function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service . A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers ... oval:org.secpod.oval:def:1601015 CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux AMIs as available in AWS EC2 already contain these kernels and are not vulner ... oval:org.secpod.oval:def:1601021 An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, ... oval:org.secpod.oval:def:1600979 In the Linux kernel af_alg_release in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. A local attacker can use this flaw to escalate privileges and take control of the system oval:org.secpod.oval:def:1600944 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.A vulnerability was discover ... oval:org.secpod.oval:def:1600844 Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add function potentially allowing KASLR bypassThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SB ... oval:org.secpod.oval:def:1200174 It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four. oval:org.secpod.oval:def:1601001 - Microarchitectural Store Buffer Data Sampling - Microarchitectural Fill Buffer Data Sampling - Microarchitectural Load Port Data Sampling - Microarchitectural Data Sampling Uncacheable Memory MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load as an optim ... oval:org.secpod.oval:def:1601000 A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol , part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a s ... oval:org.secpod.oval:def:1601007 A flaw was found in the Linux kernel#039;s freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create o ... oval:org.secpod.oval:def:1601006 A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rds_tcp kernel module loaded could possibly cause a use after free in which an attacker who is able to manipulate socket state while a network namespace is being torn down. This can lead to possible m ... oval:org.secpod.oval:def:1600978 A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested virtualization is enabled. This high resolution timer runs when a L2 guest is active. After VM exit, the sync_vmcs12 timer object is stopped. The use-afte ... oval:org.secpod.oval:def:1600973 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption ... oval:org.secpod.oval:def:1600970 The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect an ... oval:org.secpod.oval:def:1600916 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service via a crafted JPEG file.exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free because it closes a stream that it ... oval:org.secpod.oval:def:1600913 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service via a crafted JPEG file.An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Ov ... oval:org.secpod.oval:def:1600938 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c oval:org.secpod.oval:def:1601132 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. In PHP versions ... oval:org.secpod.oval:def:1601130 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. In PHP versions ... oval:org.secpod.oval:def:1601115 In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. In PHP versions 7.2.x below 7 ... oval:org.secpod.oval:def:1601116 In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. In PHP versions 7.2.x below 7 ... oval:org.secpod.oval:def:1601014 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. When processing certain files, PHP EXIF extension i ... oval:org.secpod.oval:def:1601033 Function iconv_mime_decode_headers in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that will cause the function to use ... oval:org.secpod.oval:def:1601055 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information d ... oval:org.secpod.oval:def:1601052 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information d ... oval:org.secpod.oval:def:1601053 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:1600972 ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service via an empty string in the message argument to the imap_mail function.University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open in PHP and other products, launches an rsh command ... oval:org.secpod.oval:def:1601467 Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calc ... oval:org.secpod.oval:def:1601012 In Pallets Jinja, str.format allows a sandbox escape oval:org.secpod.oval:def:1601030 In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter oval:org.secpod.oval:def:1600969 It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. oval:org.secpod.oval:def:1600910 Fixes for L1Terminal Fault security issues:L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault an ... oval:org.secpod.oval:def:1600905 An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode is called with a NULL bp. This can lead to a system crash and a denial of service.An issue was discovered in th ... oval:org.secpod.oval:def:1600903 The fs/ext4/inline.c:ext4_read_inline_data function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or ... oval:org.secpod.oval:def:1600901 A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service. oval:org.secpod.oval:def:1600829 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorp ... oval:org.secpod.oval:def:1600852 Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c:A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory oval:org.secpod.oval:def:1600872 Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk function allows denial of service:An error in the _sctp_make_chunk function when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. Mishandling mutex within libsas al ... oval:org.secpod.oval:def:1600899 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to w ... oval:org.secpod.oval:def:1600898 An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator . It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service ... oval:org.secpod.oval:def:1600896 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load amp; Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to wh ... oval:org.secpod.oval:def:1600823 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:45991 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to w ... oval:org.secpod.oval:def:1601047 It was found that paravirt_patch_call/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.A buffer overflow due to a singed-unsigned comparsion was fou ... oval:org.secpod.oval:def:1600821 A flaw was found in the patches used to fix the #039;dirtycow#039; vulnerability . An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. Linux kernel Virtualization Module for the Intel processor family is vulnerable to ... oval:org.secpod.oval:def:1600748 Buffer overflow in mp_override_legacy_irq:Buffer overflow in the mp_override_legacy_irq function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. A race between inotify_handle_event and sys_rename:A race condition was f ... oval:org.secpod.oval:def:1600794 stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel , an unauthenticated atta ... oval:org.secpod.oval:def:1600698 Infinite recursion in ahash.c by triggering EBUSY on a full queue:A vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service by triggering EBUSY on a full queue.Time subsystem allows local users to discover real PID values:The time subsystem ... oval:org.secpod.oval:def:1601049 An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location o ... oval:org.secpod.oval:def:1600933 A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta ... oval:org.secpod.oval:def:1600826 Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leakA flaw was found in the Linux kernel's implementation of raw_sendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sock ... oval:org.secpod.oval:def:1600809 Incorrect updates of uninstantiated keys crash the kernelA vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service . Memory leak when merging buffers in SCSI IO vectorsIt was found that i ... oval:org.secpod.oval:def:1600746 Exploitable memory corruption due to UFO to non-UFO path switch heap out-of-bounds in AF_PACKET sockets oval:org.secpod.oval:def:1600783 A buffer overflow was discovered in tpacket_rcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kerne ... oval:org.secpod.oval:def:1600775 The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability cal ... oval:org.secpod.oval:def:1601050 A flaw was found in the Linux kernel in the hid_debug_events_read function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user to achieve an out-of-bounds write and thus receiving user space buffer corruption.Note: The Release Date is incorrect. This CVE wa ... oval:org.secpod.oval:def:1600968 A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation . The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.An issue was discovered in the Linux ... oval:org.secpod.oval:def:1601473 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks oval:org.secpod.oval:def:1600053 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server oval:org.secpod.oval:def:1600093 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. oval:org.secpod.oval:def:1600943 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, ... oval:org.secpod.oval:def:1600942 During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ... oval:org.secpod.oval:def:1600835 Integer overflow in PyString_DecodeEscape results in heap-base buffer overflowCPython is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow oval:org.secpod.oval:def:1600825 CPython is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow oval:org.secpod.oval:def:1600886 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks a ... oval:org.secpod.oval:def:1600877 DOS via regular expression catastrophic backtracking in apop method in pop3libA flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. DOS via regular expression backtracking in diff ... oval:org.secpod.oval:def:1600427 It was found that Python"s httplib library did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. It was found that Python"s smtplib library did not r ... oval:org.secpod.oval:def:1600446 It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP requ ... oval:org.secpod.oval:def:1600452 A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enab ... oval:org.secpod.oval:def:1600457 It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ... oval:org.secpod.oval:def:1601304 A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations tak ... oval:org.secpod.oval:def:1600002 It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script"s source code or execute arbitrary scripts in the server"s document root. Integer overflow in bufferobject.c in Python before 2 ... oval:org.secpod.oval:def:1600028 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, b ... oval:org.secpod.oval:def:1601358 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. oval:org.secpod.oval:def:1600493 It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addres ... oval:org.secpod.oval:def:1601257 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. oval:org.secpod.oval:def:1600735 The c-ares function `ares_parse_naptr_reply`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way oval:org.secpod.oval:def:1600316 It was discovered that multiple Python standard library modules implementing network protocols failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. The ssl.match_hostname function in the SSL ... oval:org.secpod.oval:def:1601239 A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server wit ... oval:org.secpod.oval:def:1601134 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname ... oval:org.secpod.oval:def:1200145 It was discovered that multiple Python standard library modules implementing network protocols failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. oval:org.secpod.oval:def:1200132 An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.It was discovered that multiple Python standard library modules ... oval:org.secpod.oval:def:1600298 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issu ... oval:org.secpod.oval:def:1200112 A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. A memory leak vulnerability was ... oval:org.secpod.oval:def:1601008 Python is affected by improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authenticat ... oval:org.secpod.oval:def:1601032 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. Python 2.7.x and 3.x are affected ... oval:org.secpod.oval:def:1601020 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command oval:org.secpod.oval:def:1601059 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:1601061 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:1600954 Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacke ... oval:org.secpod.oval:def:1600952 A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service.A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacke ... oval:org.secpod.oval:def:1600988 A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts ... oval:org.secpod.oval:def:1600967 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, ... oval:org.secpod.oval:def:1600998 Python is affected by improper Handling of Unicode Encoding during NFKC normalization. The impact is information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authenticati ... oval:org.secpod.oval:def:1600103 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. oval:org.secpod.oval:def:1600137 It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server oval:org.secpod.oval:def:1600435 Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. Multiple flaws have been discovered in va ... oval:org.secpod.oval:def:1600515 Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. Multiple flaws have been discovered in va ... oval:org.secpod.oval:def:1600880 Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.Buffer overflow in glob ... oval:org.secpod.oval:def:1600713 It was found that due to the way rpcbind uses libtirpc , a memoryleak can occur when parsing specially crafted XDR messages. An attacker sendingthousands of messages to rpcbind could cause its memory usage to grow withoutbound, eventually causing it to be terminated by the OOM killer oval:org.secpod.oval:def:1600710 Memory leak when failing to parse XDR strings or bytearraysIt was found that due to the way rpcbind uses libtirpc , a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually ... oval:org.secpod.oval:def:1600962 A buffer overflow has been discovered in the GNU C Library in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.elf/dl-load.c in the GNU C Library 2.19 through 2.26 misha ... oval:org.secpod.oval:def:1600922 A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the applicati ... oval:org.secpod.oval:def:1600784 A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. It was found that OpenSSH did not limit password lengths f ... oval:org.secpod.oval:def:1600926 The compile_branch function in pcre_compile.c in PCRE 8.x and pcre2_compile.c in PCRE2 mishandles patterns containing an substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted regular expression, as demon ... oval:org.secpod.oval:def:1601731 Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess c ... oval:org.secpod.oval:def:1601727 PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered b ... oval:org.secpod.oval:def:1600423 A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permission ... oval:org.secpod.oval:def:1600421 A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with C ... oval:org.secpod.oval:def:1600410 The following security-related issues were resolved:Out-of-bounds read in imagescale Integer underflow causing arbitrary null write in fread/gzread Integer overflow in php_html_entities Out-of-bounds heap read in get_icu_value_internal oval:org.secpod.oval:def:1600407 The following security-related issues were resolved:Out-of-bounds read in imagescale Integer underflow causing arbitrary null write in fread/gzread The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allow ... oval:org.secpod.oval:def:1600430 A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP"s gd extension. A remote attacker could use this ... oval:org.secpod.oval:def:1600398 The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. A race condition in the tty_ioctl function in drivers/tty/tty_io.c i ... oval:org.secpod.oval:def:1600342 A stack overflow vulnerability was reported that may occur when decompressing tar archives due to phar_tar_writeheaders potentially copying non-terminated linknames from entries parsed by phar_parse_tarfile. oval:org.secpod.oval:def:1600345 An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption. In the mark_source_chains function it is possible for a user-supplied ipt_entry structure to have a large next_offset field. ... oval:org.secpod.oval:def:1600346 Perception Point Research identified a use-after-free vulnerability, representing a local privilege escalation vulnerability in the Linux kernel. Their post contains a detailed analysis of the bug.kernel-4.1.13-19.30.amzn1 and earlier versions are impacted. oval:org.secpod.oval:def:1600363 The imagerotate function lacked validation of the background color variable, an integer which represents an index of the color palette. A number larger than the length of the color palette could be used in the function, reading beyond the memory of the color palette and causing an information leak. oval:org.secpod.oval:def:1600383 The following security-related issues were resolved:Buffer over-write in finfo_open with malformed magic file Signedness vulnerability causing heap overflow in libgd Integer overflow in php_raw_url_encode Format string vulnerability in php_snmp_error Invalid memory write in phar on filename containi ... oval:org.secpod.oval:def:1200183 Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries . All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details. oval:org.secpod.oval:def:1200156 As reported upstream, A NULL pointer dereference flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. Ho ... oval:org.secpod.oval:def:1200096 As reported upstream, A NULL pointer dereference flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. Ho ... oval:org.secpod.oval:def:1200088 An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ... oval:org.secpod.oval:def:1200078 Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries . All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details. oval:org.secpod.oval:def:1200079 An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ... oval:org.secpod.oval:def:1200015 Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. Linux kernels built with the name spaces supp ... oval:org.secpod.oval:def:1600525 Possible double free in stcp_sendmsg :It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service via a multithreaded application. This ... oval:org.secpod.oval:def:1600505 A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allo ... oval:org.secpod.oval:def:1600040 The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service via an SCTP handshake with a modified IN ... oval:org.secpod.oval:def:1600039 The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioct ... oval:org.secpod.oval:def:1600051 The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets.drivers/vhost/net.c in the Linux kernel before 3.13.10, whe ... oval:org.secpod.oval:def:1600219 Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a XFS_IOC_ATTRLIST_BY_HANDLE or XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call ... oval:org.secpod.oval:def:1600214 The Linux kernel before 3.12, when UDP Fragmentation Offload is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and s ... oval:org.secpod.oval:def:1600212 The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. The udf_encode_fh f ... oval:org.secpod.oval:def:1600246 The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service , and consequently obtain sensitive information, via ICMPv6 Router Ad ... oval:org.secpod.oval:def:1600232 The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a tkill or tgkill system call.The udp_v6_push_pending_frames func ... oval:org.secpod.oval:def:1600196 The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a recvfrom, recvmmsg, or ... oval:org.secpod.oval:def:1600101 ** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported ... oval:org.secpod.oval:def:1600123 The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service or gain privileges by triggering a race condition involving read and write operations wit ... oval:org.secpod.oval:def:1600130 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. oval:org.secpod.oval:def:1601347 An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with ... |
