Download
| Alert*
oval:org.secpod.oval:def:1900417
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:704346 texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live. oval:org.secpod.oval:def:1900133 A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. oval:org.secpod.oval:def:1900092 A heap corruption of type CWE-120 exists in quassel version 0.12.4 inquasselcore in void DataStreamPeer::processMessagedatastreampeer.cpp line 62 that allows an attacker to execute code remotely. oval:org.secpod.oval:def:703874 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703580 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:1902124 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service by leveraging the ability to run arbitrary SQL statements . oval:org.secpod.oval:def:1900848 Cross-site scripting vulnerability in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. oval:org.secpod.oval:def:1901768 BWA before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. oval:org.secpod.oval:def:1901524 Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a "system" entrypoint from fbudf.so. oval:org.secpod.oval:def:1901350 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:1901169 An issue was discovered in libtskbase.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unm ... oval:org.secpod.oval:def:1901275 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmappe ... oval:org.secpod.oval:def:1900695 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me ... oval:org.secpod.oval:def:1901068 An issue was discovered in libtskimg.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory caus ... oval:org.secpod.oval:def:1902048 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:1902049 An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:1900008 It was discovered that the gnome-shell lock screen since version 3.15.91did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. oval:org.secpod.oval:def:1900012 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. oval:org.secpod.oval:def:1900024 Resource exhaustion via TCP connection to port serving the SSL endpoint oval:org.secpod.oval:def:1901729 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in ... oval:org.secpod.oval:def:1901973 An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:1901974 An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:1901731 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:1901388 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of ... oval:org.secpod.oval:def:1900023 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks. oval:org.secpod.oval:def:1900020 skins/classic/views/control cap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange]parameter. oval:org.secpod.oval:def:1900021 daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. oval:org.secpod.oval:def:1900022 ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. oval:org.secpod.oval:def:1900027 python3-sqlalchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:1900028 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "". This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:1900029 includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. oval:org.secpod.oval:def:1900001 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory on ... oval:org.secpod.oval:def:1900002 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ... oval:org.secpod.oval:def:1900003 ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. oval:org.secpod.oval:def:1900000 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. oval:org.secpod.oval:def:1900009 An issue was discovered in the function mark_beginning_as_normal in nfa.cin flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vul ... oval:org.secpod.oval:def:1900005 python3-sqlalchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:1900015 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. oval:org.secpod.oval:def:1900010 A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user"s session. oval:org.secpod.oval:def:1900011 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. oval:org.secpod.oval:def:1900017 A Denial of Service issue was discovered in the LIVE555 Strealibming-dev Media libraries as used in Live555 Media Server 0.93. It can cause an RTSP Server crash in handle HTTPCmd_Tunneling POST, when RTSP-over-HTTP tunneling is supported, via x-session cookie HTTP headers in a GET request and a POST ... oval:org.secpod.oval:def:703060 Ubuntu 16.04 is installed oval:org.secpod.oval:def:1900034 Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. oval:org.secpod.oval:def:1900036 ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. oval:org.secpod.oval:def:1900030 The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ... oval:org.secpod.oval:def:1900032 Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. oval:org.secpod.oval:def:1900103 Netwide Assembler 2.14rc15 has a buffer over-read in x86/regflags.c. oval:org.secpod.oval:def:1900106 Netwide Assembler 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. oval:org.secpod.oval:def:1900111 In libjs-dojo-core Toolkit before 1.14, there is unescaped string injection in libjs-dojo-corex/Grid/DataGrid. oval:org.secpod.oval:def:1900113 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade an ... oval:org.secpod.oval:def:1900110 Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. oval:org.secpod.oval:def:1900115 NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption of nasm when handling a crafted file due to function assemble_file at asm/nasm.c:482. vulnerability in function assemble_file at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appe ... oval:org.secpod.oval:def:1900118 Ceph does not properly sanitize encryption keys in debug logging for v4auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. oval:org.secpod.oval:def:1900141 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:1900142 An exploitable code execution vulnerability exists in the HTTPpacket-parsing functionality of the LIVE555 RTSP server library version0.92. A specially crafted packet can cause a stack-based buffer overflow,result ing in code execution. An attacker can send a packet to trigger this vulnerability. oval:org.secpod.oval:def:1900148 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode,but not in m ... oval:org.secpod.oval:def:1900155 The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900157 A bug in Bluez may allow for the Bluetooth Discoverable state being set toon when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. oval:org.secpod.oval:def:1900152 Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance"s port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to ... oval:org.secpod.oval:def:1900151 In libwpd-dev 0.10.2, there is a NULL pointer dereference in the functionWP6Content Listener::defineTable in WP6Content Listener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. oval:org.secpod.oval:def:1900153 An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to makens-slapd crash via a specially crafted LDAP request, thus result ing in denial of ... oval:org.secpod.oval:def:1900124 The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html. oval:org.secpod.oval:def:1900127 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy function in DriverManager/__info.c. oval:org.secpod.oval:def:1900129 When read ing a specially crafted ZIP archive, the read method of ApacheCommons Compress 1.7 to 1.17"s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an in finitestream, ... oval:org.secpod.oval:def:1900128 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis-dev 1.3.6 has a stack-based buffer over-read. oval:org.secpod.oval:def:1900136 In libgraphite2-dev in libgraphite2-dev 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation,which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. oval:org.secpod.oval:def:1900135 Netwide Assembler before 2.13.02 has a use-after-free in detoken atasm/preproc.c. oval:org.secpod.oval:def:1900132 Netwide Assembler 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a global line no integer overflow. oval:org.secpod.oval:def:1900067 An issue was discovered in GEGL through 0.3.32. Thegegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in ... oval:org.secpod.oval:def:1900069 Netwide Assembler 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. oval:org.secpod.oval:def:1900064 An issue was discovered in zziplib-bin 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900065 In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function . Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. oval:org.secpod.oval:def:1900062 The caml_ba_deserialize function in byterun/big array.c in the standardlibrary in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafte ... oval:org.secpod.oval:def:1900061 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. oval:org.secpod.oval:def:1900078 Incorrect returning of an error code in the index.c:read_entry function leads to a double free in libgit2-dev before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:1900075 An issue was discovered in login 4.5. new gidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator h ... oval:org.secpod.oval:def:1900074 The html package through 2018-09-25 in Go mishandles<table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. oval:org.secpod.oval:def:1900073 Integer overflow in the index.c:read_entry function while decompressing a compressed prefix length in libgit2-dev before v0.26.2 allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:1900072 nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. oval:org.secpod.oval:def:1900046 Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $and ! characters. oval:org.secpod.oval:def:1900045 Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. oval:org.secpod.oval:def:1900048 prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a usersession remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the ... oval:org.secpod.oval:def:1900043 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an ar ... oval:org.secpod.oval:def:1900057 Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. oval:org.secpod.oval:def:1900056 There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer. oval:org.secpod.oval:def:1900059 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in PrivateDNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages we refixed, but later u ... oval:org.secpod.oval:def:1900053 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps-dev through 0.3.0because it does not reject negative return values from ag_input_stream_read call. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900054 An issue was discovered in GEGL through 0.3.32. Thegegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to thebabl_format ... oval:org.secpod.oval:def:1900051 An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900089 mapping0_forward in mapping0.c in Xiph.Org libvorbis-dev 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900086 Open Chinese Convert 1.0.5 allows attackers to cause a denial of service because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. oval:org.secpod.oval:def:1900081 asm/labels.c in Netwide Assembler is prone to NULL PointerDereference, which allows the attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900083 zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service orarbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed i ... oval:org.secpod.oval:def:1900080 libpam-kwallet4 in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. oval:org.secpod.oval:def:1900097 libtiff-toolsClientOpen in tif_unix.c in Liblibtiff-tools 3.8.2 has memory leaks, as demonstrated by bmp2libtiff-tools. oval:org.secpod.oval:def:1900099 No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. oval:org.secpod.oval:def:1900098 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps-dev through 0.3.0. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900094 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. oval:org.secpod.oval:def:1900184 python-fedmsg 0.18.1 and older is vulnerable to a message validation flaw result ing in message validation not being enabled if configured to be on. oval:org.secpod.oval:def:1900183 In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900167 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900166 Directory traversal vulnerability in zziplib-bin 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. oval:org.secpod.oval:def:1900169 The libaudiofile-dev Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. oval:org.secpod.oval:def:1900162 Netwide Assembler 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. oval:org.secpod.oval:def:1900164 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before1. ... oval:org.secpod.oval:def:1900178 In ncurses-bin 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900177 The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900179 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service in ReadMATImage if the size specified for a MAT Object is larger than the actual amount of data. oval:org.secpod.oval:def:1900173 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:1900176 In ncurses-bin 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900171 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. oval:org.secpod.oval:def:1900340 The main function in plistutil.c in libimobiledevice libplist++-dev through 1.12allows attackers to obtain sensitive information from process memory or cause a denial of service via Apple Property List data that is too short. oval:org.secpod.oval:def:1900321 XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. oval:org.secpod.oval:def:1900323 It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions. oval:org.secpod.oval:def:1900322 A program libming-dev error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509certificate would need to be delivered to the client or server application in orde ... oval:org.secpod.oval:def:1900329 It was discovered that libice-dev before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. oval:org.secpod.oval:def:1900325 In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger t ... oval:org.secpod.oval:def:1900324 Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a cha ... oval:org.secpod.oval:def:1900327 ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. oval:org.secpod.oval:def:1900332 The parse_dict_node function in bplist.c in libplist++-dev allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900334 The gst_asf_demux_process_ext_stream_props function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3allows remote attackers to cause a denial of service via vectors related to the number of languages in a video file. oval:org.secpod.oval:def:1900333 wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makesit easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup. oval:org.secpod.oval:def:1900330 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, result ing in denial of service. oval:org.secpod.oval:def:1900336 wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. oval:org.secpod.oval:def:1900335 The plist_free_data function in plist.c in libplist++-dev allows attackers to cause a denial of service via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. oval:org.secpod.oval:def:1900338 Cross-site scripting vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related towp-admin/includes/class-theme-installer-skin.php. oval:org.secpod.oval:def:1900337 Cross-site scripting vulnerability inwp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary webscript or HTML via a crafted excerpt. oval:org.secpod.oval:def:1900301 wp-admin/user-new.php in WordPress before 4.9.1 sets the new bloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. oval:org.secpod.oval:def:1900300 In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brunfunction in plug-ins/file-fli/fli.c. oval:org.secpod.oval:def:1900307 The function d2ulaw_array in ulaw.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246. oval:org.secpod.oval:def:1900309 libopenafs-dev 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. oval:org.secpod.oval:def:1900308 wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. oval:org.secpod.oval:def:1900303 The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library 0.6.1 does not ensure anon-negative size, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900302 In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. oval:org.secpod.oval:def:1900304 In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:1900310 In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c via an unexpected bits-per-pixel value for an RGBA image. oval:org.secpod.oval:def:1900312 In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:1900311 The swri_audio_convert function in audio convert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, libaubio-dev 0.4.6, and other products,allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:1900318 Open Ticket Request System 4.0.x before 4.0.28, 5.0.x before 5.0.26,and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. oval:org.secpod.oval:def:1900317 In python-yaml before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used. oval:org.secpod.oval:def:1900313 wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. oval:org.secpod.oval:def:1900316 wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. oval:org.secpod.oval:def:1900315 pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. oval:org.secpod.oval:def:1900287 LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. oval:org.secpod.oval:def:1900289 plugins/preauth/pkinit/pkinit_crypto_opelibnss3-devl.c in MIT Kerberos 5 through 1.15.2 mishandles Distinguished Name fields, which allow sremote attackers to execute arbitrary code or cause a denial of service in situations involving untrustedX.509 data, related to the get_matching_data and X509_NA ... oval:org.secpod.oval:def:1900284 Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker to execute arbitrary code as the user running Ohcount. oval:org.secpod.oval:def:1900283 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. oval:org.secpod.oval:def:1900286 A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadBytefunction of the gifread.c file. oval:org.secpod.oval:def:1900285 The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length,which allows local users to cause a denial of service or possibly have unspecified other impact via a crafted input stream. oval:org.secpod.oval:def:1900280 shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic Metadata Provider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the Metadata Filter plugins and does not perform critical security checks such as signature verification, enforcement of validity pe ... oval:org.secpod.oval:def:1900282 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 , if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application rootfolder to a file of choice and querying passenger-status --show=xml. oval:org.secpod.oval:def:1900281 In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. oval:org.secpod.oval:def:1900299 The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19edoes not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. oval:org.secpod.oval:def:1900298 An issue was discovered in OpenStack nova-common 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header,result ing in a denial of service attack on the compute host. All nova-common ... oval:org.secpod.oval:def:1900295 Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. oval:org.secpod.oval:def:1900296 An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. oval:org.secpod.oval:def:1900291 An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI.This allows attackers to ... oval:org.secpod.oval:def:1900290 A vulnerability was found in openstack-cinder-common releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIOvolumes using thin volumes and zero padding. This could lead to leakage of sensit ... oval:org.secpod.oval:def:1900293 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash . oval:org.secpod.oval:def:1900221 Directory traversal vulnerability in minion id validation in salt-common Stack salt-common before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. oval:org.secpod.oval:def:1900220 In login before 4.5, the new users tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control P ... oval:org.secpod.oval:def:1900229 DokuWiki through 2017-02-19b has XSS in the at parameter to doku.php. oval:org.secpod.oval:def:1900225 The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900228 Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. oval:org.secpod.oval:def:1900227 The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900233 NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. oval:org.secpod.oval:def:1900232 The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900235 There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900234 There is an infinite loop in the next_char function in comp_scan.c in ncurses-bin 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900231 The elf_read_notes function in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file. oval:org.secpod.oval:def:1900230 There is a stack consumption issue in libsass-dev 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900237 In The Sleuth Kit 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table in tsk/vs/dos.c in libtskvs.a,as demonstrated by mmls. oval:org.secpod.oval:def:1900239 There is an illegal address access in the function _nc_read_entry_source in progs/tic.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900238 In The Sleuth Kit 4.4.2, fls hangs on a corrupt exfat image intsk_img_read in tsk/img/img_io.c in libtskimg.a. oval:org.secpod.oval:def:1900202 There is an illegal address access in ast.cpp of libsass-dev 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900201 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: CPU consumption might be relevant when using the--background option. oval:org.secpod.oval:def:1900208 The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service via a crafted HTML file. oval:org.secpod.oval:def:1900209 There is a heap based buffer over-read in lexer.hpp of libsass-dev 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900204 An out-of-bounds read and write flaw was found in the way SIPcrack 0.2processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. oval:org.secpod.oval:def:1900203 The _tokenize_matrix function in audio_out.c in Xiph.Org libao-dev 1.2.0 allow sremote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1900206 The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900205 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900211 main.c in Tinyproxy 1.8.4 and earlier creates a/run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-rootaccount, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kil ... oval:org.secpod.oval:def:1900210 A memory leak was found in the way SIPcrack 0.2 handled processing of SIPtraffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. oval:org.secpod.oval:def:1900213 The SdpContents::Session::Medium::parse function inresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service by triggering many media connections. oval:org.secpod.oval:def:1900212 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900215 Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. oval:org.secpod.oval:def:1900217 The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900216 The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900266 Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. oval:org.secpod.oval:def:1900268 Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. oval:org.secpod.oval:def:1900262 The _zip_read_eocd64 function in zip_open.c in libzip-dev before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service via a crafted ZIP archive. oval:org.secpod.oval:def:1900261 WordPress 4.8.2 stores cleartext wp_signups.activation_key values , which might make it easier for remote attackers to hijack unactivated useraccounts by leveraging database read access . oval:org.secpod.oval:def:1900264 In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure is possible with careful tilibming-dev by an attacker. The "strictrtp" option in rtp.conf enab ... oval:org.secpod.oval:def:1900263 Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. oval:org.secpod.oval:def:1900277 Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 oval:org.secpod.oval:def:1900276 spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. oval:org.secpod.oval:def:1900279 Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. oval:org.secpod.oval:def:1900278 WordPress before 4.8.3 is affected by an issue where $wpdb->prepare can create unexpected and unsafe queries leading to potential SQL injection in plugins and themes, as demonstrated by a "double prepare"approach, a different vulnerability than CVE-2017-14723. oval:org.secpod.oval:def:1900272 logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. oval:org.secpod.oval:def:1900274 backintime-common before 1.1.24 did improper escaping/quoting of file paths used as arguments to the "notify-send" command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notify plugin.py. This could allow an attacker to craft an unreadab ... oval:org.secpod.oval:def:1900271 In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before13.13-cert5, unauthorized command execution is possible. The app_minivmmodule has an "externnotify" program configuration option that is executed by the MinivmNot ... oval:org.secpod.oval:def:1900270 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets. oval:org.secpod.oval:def:1900244 There is an illegal address access in the function post process_termcap in parse_entry.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900243 In The Sleuth Kit 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. oval:org.secpod.oval:def:1900246 There is an illegal address access in the function dump_uses in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900245 There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses-bin 6.0. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900240 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900242 In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLoggersubsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. oval:org.secpod.oval:def:1900248 Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. oval:org.secpod.oval:def:1900247 WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd-dev 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service . This vulnerability can be triggered in LibreOffice before5.3.7. It may lead to suffering a remote attack against a LibreOffi ... oval:org.secpod.oval:def:1900249 In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before13.13-cert6, insufficient RTCP packet validation could allow read ing stalebuffer contents and when combined with the "nat" and "symmetric_rtp"options allow redir ... oval:org.secpod.oval:def:1900255 Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. oval:org.secpod.oval:def:1900254 The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. oval:org.secpod.oval:def:1900257 Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. oval:org.secpod.oval:def:1900251 In the pjsip channel driver in Asterisk 13.x before 13.17.1 and14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. oval:org.secpod.oval:def:1900250 Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. oval:org.secpod.oval:def:1900253 Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugineditor via a crafted plugin name. oval:org.secpod.oval:def:1900252 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:1900259 A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick"s "convert"utility. It"s not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Customapplications u ... oval:org.secpod.oval:def:1900258 GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a.desktop file"s Name field ends in .pdf but this file"s Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication ... oval:org.secpod.oval:def:1900189 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CASserver. oval:org.secpod.oval:def:1900188 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relyi ... oval:org.secpod.oval:def:1900185 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service via a file that begins with many "\0"characters. oval:org.secpod.oval:def:1900187 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-16355. Reason: This candidate is a reservation duplicate of CVE-2017-16355. Notes: All CVE users should reference CVE-2017-16355instead of this candidate. All references and descriptions in this candidate have been removed to prevent ... oval:org.secpod.oval:def:1900186 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. oval:org.secpod.oval:def:1900199 The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900196 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. oval:org.secpod.oval:def:1900195 yadm 1.10.0 has a race condition , which potentially allows access to SSH and PGP keys. oval:org.secpod.oval:def:1900197 The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900192 The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900191 In ncurses-bin 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900194 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the--background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. oval:org.secpod.oval:def:1900193 In ncurses-bin 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900343 SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Queryin WordPress before 4.7.2 allows remote attackers to execute arbitrary SQLcommands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. oval:org.secpod.oval:def:1900342 The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors. oval:org.secpod.oval:def:1900345 Multiple cross-site scripting vulnerabilities inwp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the name or version header of a plugin. oval:org.secpod.oval:def:1900344 Cross-site request forgery vulnerability in WordPress before 4.7.1allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. oval:org.secpod.oval:def:1900341 The base64decode function in base64.c in libimobiledevice libplist++-dev through1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via split encoded Apple Property List data. oval:org.secpod.oval:def:1900347 libplist++-dev allows attackers to cause a denial of service via vectors involving an offset size of zero. oval:org.secpod.oval:def:1900346 wp-admin/includes/class-wp-press-this.php in Press This in WordPress before4.7.2 does not properly restrict visibility of a taxonomy-assignment userinterface, which allows remote attackers to bypass intended access restrictions by read ing terms. oval:org.secpod.oval:def:1900348 A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files in the context of the web server user. The attack vector is a .. ... oval:org.secpod.oval:def:1900354 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900356 Multiple heap-based buffer overflows in parser.c in libming-dev 0.4.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SWF file. NOTE:this issue exists because of an incomplete fix for CVE-2016-9831. oval:org.secpod.oval:def:1900355 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900350 Cross-site request forgery vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related towp-admin/includes/class-wp-screen.php and wp-ad ... oval:org.secpod.oval:def:1900351 sarnold> probably our packages are not-affected but marking as needed to communicate that this patch is needed too oval:org.secpod.oval:def:1900357 The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900359 In WordPress before 4.7.3 , control characters can trick redirect URL validation. oval:org.secpod.oval:def:1900387 Drupal core 7.x versions before 7.57 when using Drupal"s private filesystem, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is ... oval:org.secpod.oval:def:1900386 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900389 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service via a crafted binary file, related to use of a variable-size stackarray. oval:org.secpod.oval:def:1900383 Crypto++ through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. oval:org.secpod.oval:def:1900385 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email addr ... oval:org.secpod.oval:def:1900384 gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload,which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications , see information from the extensions , or even execute arbitrary commands. It all depends on what e ... oval:org.secpod.oval:def:1900381 In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900398 The TNEFFillMapi function in lib/ytnef.c in libytnef0 in ytnef through 1.9.2does not ensure a nonzero count value before a certain memory allocation,which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted tnef file. oval:org.secpod.oval:def:1900397 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. oval:org.secpod.oval:def:1900399 In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan . A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the us ... oval:org.secpod.oval:def:1900394 The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900393 The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900396 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the A ... oval:org.secpod.oval:def:1900392 PoDoFo 0.9.5 allows denial of service via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure . oval:org.secpod.oval:def:1900391 The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900365 The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted archive. oval:org.secpod.oval:def:1900364 The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900367 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900366 In libsamplerate0-dev before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. oval:org.secpod.oval:def:1900361 It was found that a mock CMC authentication plugin with a hard coded secret was accidentally enabled by default in the pki-core package before 10.6.4.An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. oval:org.secpod.oval:def:1900360 Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command=option. This occurs because ~/.ssh/authorized_keys is read with rootprivileges and symlinks are followed. oval:org.secpod.oval:def:1900363 The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. oval:org.secpod.oval:def:1900362 In WordPress before 4.7.5, a cross-site scripting vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. oval:org.secpod.oval:def:1900369 smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. oval:org.secpod.oval:def:1900368 php-tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. oval:org.secpod.oval:def:1900376 In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56;Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupalcore did not prev ... oval:org.secpod.oval:def:1900375 elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, has a "member access within null pointer"undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via an "int main {return 0;}" program. oval:org.secpod.oval:def:1900378 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900377 In WordPress before 4.7.3, there is authenticated Cross-Site Scripting via Media File Metadata. This is demonstrated by both mishandling of the playlist shortcode in the wp_playlist_shortcode function inwp-includes/media.php and mishandling of meta information in the render Tracks function in wp-inc ... oval:org.secpod.oval:def:1900372 The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while read ing section contents in a corrupt binary, leading to a program crash. oval:org.secpod.oval:def:1900371 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900374 In WordPress before 4.7.5, a cross-site scripting vulnerability related to the Customizer exists, involving an invalid customizationsession. oval:org.secpod.oval:def:1900373 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:1900379 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900370 The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file isnot associated with any template file. oval:org.secpod.oval:def:1900465 SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in/ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. oval:org.secpod.oval:def:1900460 The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf20161001 and earlier allows remote attackers to cause a denial of service by calling the dwarfdump command on a crafted file. oval:org.secpod.oval:def:1900462 dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service via a crafted elf file. oval:org.secpod.oval:def:1900461 The parser_get_next_char function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900467 perltidy through 20160302, as used by perl critic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demon ... oval:org.secpod.oval:def:1900475 Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allow sremote authenticated users to obtain sensitive information by read ing the fields in the ics or XML calendar feeds. oval:org.secpod.oval:def:1900477 xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability ... oval:org.secpod.oval:def:1900476 lshell 0.9.16 allows remote authenticated users to break out of a limitedshell and execute arbitrary commands. oval:org.secpod.oval:def:1900471 The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. oval:org.secpod.oval:def:1900472 Integer overflow in X.org libxfixes-dev before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX,which triggers the client to stop read ing data and get out of sync. oval:org.secpod.oval:def:1900478 SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. oval:org.secpod.oval:def:1900442 The dex_load code function in libr/bin/p/bin_dex.c in radare2 1.2.1 allow sremote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900441 Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.cin libjasper-dev 2.0.10 allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:1900444 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header,which could potentially lead to clickjacking. oval:org.secpod.oval:def:1900443 In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. oval:org.secpod.oval:def:1900440 CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves hosting a crafted plugin that executes an arbitrary program from its __init__.py file and causing the victim to download, install, and enable this plugin. oval:org.secpod.oval:def:1900449 Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external s ... oval:org.secpod.oval:def:1900445 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.check Plain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML . This function does not correctly handle all methods of injecting malicious HTML, leading to across-sit ... oval:org.secpod.oval:def:1900448 The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900447 Use-after-free vulnerability in the fz_subsample_pixmap function infitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. oval:org.secpod.oval:def:1900455 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash when parsing an invalid file. oval:org.secpod.oval:def:1900451 In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. oval:org.secpod.oval:def:1900450 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900457 The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900456 A jQuery cross site scripting vulnerability is present when making Ajaxrequests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core ... oval:org.secpod.oval:def:1900458 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. oval:org.secpod.oval:def:1900486 Integer overflow in the opj_pi_create_decode function in pi.c in libopenjpeg-dev allows remote attackers to execute arbitrary code via a crafted JP2 file,which triggers an out-of-bounds read or write. oval:org.secpod.oval:def:1900485 The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service via a crafted JSON file. oval:org.secpod.oval:def:1900488 Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service or execute arbitrary code via a large decode array. oval:org.secpod.oval:def:1900487 The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service via a crafted GZIP response. oval:org.secpod.oval:def:1900482 listmp3.c in libming-dev 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. oval:org.secpod.oval:def:1900481 Multiple XML external entity vulnerabilities in the Dom4JDriver, DomDriver, JDomDriver, JDom2Driver, SjsxpDriver, StandardStaxDriver, and WstxDriver drivers in XStream before 1.4.9allow remote attackers to read arbitrary files via a crafted XML document. oval:org.secpod.oval:def:1900484 The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service by calling the dwarfdump command on a crafted file. oval:org.secpod.oval:def:1900497 Cross-site scripting vulnerability in flash/Flashlibjs-mediaelement.as in libjs-mediaelement.js before 2.21.0, as used in WordPress before 4.5.2, allow sremote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by"jsinitfunctio%gn ... oval:org.secpod.oval:def:1900496 chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service . oval:org.secpod.oval:def:1900499 SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in/ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. oval:org.secpod.oval:def:1900498 AST-2016-006 oval:org.secpod.oval:def:1900492 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through9.11.0b1 allows primary DNS servers to cause a denial of service via a large AXFR response, and possibly allows IXFRservers to cause a denial of service via a large IXFRresponse and allows remote authenticated users to cause a de ... oval:org.secpod.oval:def:1900495 The git_commit_message function in oid.c in libgit2-dev before 0.24.3 allow sremote attackers to cause a denial of service via acat-file command with a crafted object file. oval:org.secpod.oval:def:1900494 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. oval:org.secpod.oval:def:1900491 Cross-site scripting vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution attack. oval:org.secpod.oval:def:1900490 Multiple integer overflows in libopenjpeg-dev, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux,allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000data that is mishandled during ... oval:org.secpod.oval:def:1900420 A Cross-Site Scripting was discovered in ZoneMinder before 1.30.2.The vulnerability exists due to insufficient filtration of user-supplied data passed to the"ZoneMinder-master/web/skins/classic/views/js/post login.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in ... oval:org.secpod.oval:def:1900422 The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. oval:org.secpod.oval:def:1900421 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all chicken-bin Scheme versions prior to 4.13,which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. oval:org.secpod.oval:def:1900428 The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900427 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900423 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900426 Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1900425 Memory leak in the vcard_apdu_new function in card_7816.c in libcacard0before 2.5.3 allows local guest OS users to cause a denial of service via vectors related to allocating a new APDU object. oval:org.secpod.oval:def:1900431 In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. oval:org.secpod.oval:def:1900430 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user"s preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit th ... oval:org.secpod.oval:def:1900433 It was discovered that a program libming-dev error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting ... oval:org.secpod.oval:def:1900432 The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900439 Roundcube Webmail allows arbitrary password resets by authenticated users.This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. oval:org.secpod.oval:def:1900438 The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900435 SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. oval:org.secpod.oval:def:1900434 Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service via a large XMLdocument, aka Devil"s Ivy. NOTE: the large document would be blocked by m ... oval:org.secpod.oval:def:1900437 kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password ent ... oval:org.secpod.oval:def:1900400 rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted CascadingStyle Sheets token sequence within an SVG element. oval:org.secpod.oval:def:1900406 Incorrect interaction of the parse_packet and parse_part_sign_sha256functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:1900405 objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads while handling corrupt STABS enum typestrings in a crafted object file, leading to program crash. oval:org.secpod.oval:def:1900407 A null dereference vulnerability has been found in the MIME handling component of libetpan-dev before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Ccheader containing multiple e-mail addresses. oval:org.secpod.oval:def:1900411 Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1900410 In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. oval:org.secpod.oval:def:1900416 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900419 In WordPress before 4.7.3 , unintended files can be deleted by administrators using the plugin deletion functionality. oval:org.secpod.oval:def:1900418 The parse_string_node function in bplist.c in libimobiledevice libplist++-dev1.12 allows local users to cause a denial of service via a crafted plist file. oval:org.secpod.oval:def:1900413 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900412 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900415 In WordPress before 4.7.5, a Cross Site Request Forgery vulnerability exists in the filesystem credentials dia log because a nonce is not required for updating credentials. oval:org.secpod.oval:def:1900504 The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. oval:org.secpod.oval:def:1900507 Apache libtika-java before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity attacks via vectors involving spreadsheets in OOXML files and XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175 ... oval:org.secpod.oval:def:1900503 NSD before 4.1.11 allows remote DNS master servers to cause a denial of service via a zone transfer with unlimited data. oval:org.secpod.oval:def:1900515 Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service via a large zonetransfer for DDNS, AXFR, or IXFR. oval:org.secpod.oval:def:1900517 Buffer overflow in the printMP3Headers function in listmp3.c in Liblibming-dev 0.4.7 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:1900512 Buffer underflow in X.org libxvmc-dev before 1.0.10 allows remote X servers to have unspecified impact via an empty string. oval:org.secpod.oval:def:1900511 perl-Image-Info: When parsing an SVG file, external entity expansion was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or,potentially, information disclosure. oval:org.secpod.oval:def:1900513 lshell 0.9.16 allows remote authenticated users to break out of a limitedshell and execute arbitrary commands. oval:org.secpod.oval:def:1900509 The oarsh script in OAR before 2.5.7 allows remote authenticated users of acluster to obtain sensitive information and possibly gain privileges via vectors related to Opelibnss3-devH options. oval:org.secpod.oval:def:1900508 The icaltime_from_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900540 Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service or gain privileges via a long GECOS field, involving longbuffer. oval:org.secpod.oval:def:1900543 file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. oval:org.secpod.oval:def:1900542 Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service via a crafted PDF file. oval:org.secpod.oval:def:1900544 The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by read ing these files. oval:org.secpod.oval:def:1900521 The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. oval:org.secpod.oval:def:1900527 The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments.The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a p ... oval:org.secpod.oval:def:1900526 The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. oval:org.secpod.oval:def:1900528 The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900523 PowerDNS Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service via a large AXFR or IXFR response. oval:org.secpod.oval:def:1900522 The icalparser_parse_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1900532 SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UIDand DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time"restriction, as demonstrated by correlating UIDs and DTSTAMPs between all u ... oval:org.secpod.oval:def:1900538 The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service via a crafted HTTP response or possibly a UPnP broadcast. oval:org.secpod.oval:def:1900539 The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service via a too small section. oval:org.secpod.oval:def:1900536 The sanity check module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. oval:org.secpod.oval:def:1900535 Gajim through 0.16.7 unconditionally implements the "XEP-0146: RemoteControlling Clients" extension. This can be abused by malicious XMPPservers to, for example, extract plaintext from OTR encrypted sessions. oval:org.secpod.oval:def:1900747 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. oval:org.secpod.oval:def:1900746 GNOME Web 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. oval:org.secpod.oval:def:1900742 The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. oval:org.secpod.oval:def:1900745 XSS issues were discovered in phpMyAdmin. This affects Zoom search ; GIS editor ; Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is r ... oval:org.secpod.oval:def:1900744 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. oval:org.secpod.oval:def:1900752 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900751 chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of serv ... oval:org.secpod.oval:def:1900759 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. oval:org.secpod.oval:def:1900754 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1900753 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. oval:org.secpod.oval:def:1900756 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none. oval:org.secpod.oval:def:1900724 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving a crafted table name that is mishandled during privilege checking in table_row.phtml ... oval:org.secpod.oval:def:1900727 Cross-site scripting vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. oval:org.secpod.oval:def:1900723 In Long Range Zip 0.631, there is an infinite loop and application hang in the get_fileinfo function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1900722 Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-common-master via Salt"s ssh_client. Users of Salt-API and salt-common-ssh could execute a command on the salt-common master via a hole when both systems ... oval:org.secpod.oval:def:1900718 Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. oval:org.secpod.oval:def:1900719 In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream in sass_context.cpp. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900730 The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the ... oval:org.secpod.oval:def:1900736 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ... oval:org.secpod.oval:def:1900735 The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. oval:org.secpod.oval:def:1900738 The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file, because the program"s actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and cons ... oval:org.secpod.oval:def:1900732 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1900734 txAWS fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. oval:org.secpod.oval:def:1900729 The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900781 Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the username or host argument. oval:org.secpod.oval:def:1900780 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , HTTP/0.9 is handled poorly. An HTTP/1 style request line that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version , then the ... oval:org.secpod.oval:def:1900786 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900789 The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. oval:org.secpod.oval:def:1900793 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. oval:org.secpod.oval:def:1900796 Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host"s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid us ... oval:org.secpod.oval:def:1900790 An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user"s session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_sess ... oval:org.secpod.oval:def:1900797 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1900799 The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1900760 Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. oval:org.secpod.oval:def:1900763 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace ... oval:org.secpod.oval:def:1900762 The elf_object_p function in elfcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service or possibly have unspecif ... oval:org.secpod.oval:def:1900765 WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c ... oval:org.secpod.oval:def:1900764 Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O lookup time. oval:org.secpod.oval:def:1900767 There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. oval:org.secpod.oval:def:1900766 The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900772 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot"s AES-CBC encryption feature using environment encryption read environment variables from disk as the encrypted disk image is processed. An attacker with physical access ... oval:org.secpod.oval:def:1900771 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900774 An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op is due to a failure to check a pointer for being in bounds . oval:org.secpod.oval:def:1900770 The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a ... oval:org.secpod.oval:def:1900779 A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. oval:org.secpod.oval:def:1900778 The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service via crafted xml file. oval:org.secpod.oval:def:1900777 phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. oval:org.secpod.oval:def:1900702 In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. oval:org.secpod.oval:def:1900705 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. oval:org.secpod.oval:def:1900704 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900701 partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected appli ... oval:org.secpod.oval:def:1900700 XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature ; the "Tracking" feature ; and GIS visualization feature. All 4.6.x versions and 4.4.x versions are affected. oval:org.secpod.oval:def:1900714 The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. oval:org.secpod.oval:def:1900713 The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted INCLUDE or INCLURE tag and then accessing it with a valider_xml action. oval:org.secpod.oval:def:1900715 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. oval:org.secpod.oval:def:1900710 Prevent a MITM from forcing a NULL cipher for UDP oval:org.secpod.oval:def:1900712 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1900711 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service , related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. oval:org.secpod.oval:def:1900707 An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. oval:org.secpod.oval:def:1900709 There is a stack consumption vulnerability in the lex function in parser.hpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:1900708 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. oval:org.secpod.oval:def:1900826 An integer overflow vulnerability in ptp-pack.c of libmtp-dev allows attackers to cause a denial of service or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. oval:org.secpod.oval:def:1900822 Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. oval:org.secpod.oval:def:1900821 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900817 libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. oval:org.secpod.oval:def:1900818 front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. oval:org.secpod.oval:def:1900831 bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_ ... oval:org.secpod.oval:def:1900828 http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-162 ... oval:org.secpod.oval:def:1900829 The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900802 An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc. With an unexpected size, the impact may have been a segfault or ... oval:org.secpod.oval:def:1900801 Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. oval:org.secpod.oval:def:1900804 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5. ... oval:org.secpod.oval:def:1900803 In Long Range Zip 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:1900800 Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. oval:org.secpod.oval:def:1900813 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading HTTP requests or server logs. oval:org.secpod.oval:def:1900815 In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. oval:org.secpod.oval:def:1900814 The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname ... oval:org.secpod.oval:def:1900810 When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor"s ACL by adding and removing netmasks, and to configure forward zones. It w ... oval:org.secpod.oval:def:1900809 In Long Range Zip 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1900808 The http_connect function in transports/http.c in libgit2-dev before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. oval:org.secpod.oval:def:1900807 A heap-based buffer over-read was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900585 Cross-site request forgery vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1900584 The check_allocations function in libass-dev/ass_shaper.c in libass-dev before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1900580 The mail transport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted e-mail address in the From, ReturnPath,or Sender header. oval:org.secpod.oval:def:1900583 /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. oval:org.secpod.oval:def:1900563 Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. oval:org.secpod.oval:def:1900560 An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. oval:org.secpod.oval:def:1900567 Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. oval:org.secpod.oval:def:1900569 The XvQueryAdaptors and XvQueryEncodings functions in X.org libxv-dev before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. oval:org.secpod.oval:def:1900568 The create_script function in the lxc_container module in Ansible before1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on /opt/.lxc-attach-script, the archived container in the archive_path directory, or the lxc-attach-script.lo ... oval:org.secpod.oval:def:1900573 X.org libxi-dev before 1.7.7 allows remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1900575 SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. oval:org.secpod.oval:def:1900572 Cross-site request forgery vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. oval:org.secpod.oval:def:1900571 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in libopenjpeg-dev, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via cra ... oval:org.secpod.oval:def:1900579 The icalproperty_new_clone function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted icsfile. oval:org.secpod.oval:def:1900549 The git_oid_nfmt function in commit.c in libgit2-dev before 0.24.3 allow sremote attackers to cause a denial of service via a cat-file command with a crafted object file. oval:org.secpod.oval:def:1900545 The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900547 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. oval:org.secpod.oval:def:1900546 The dwarf_get_a ranges_list function in dwarf_arrange.c in Libdwarf before20161124 allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:1900552 The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf20161001 and earlier allows remote attackers to cause a denial of service by calling the dwarfdump command on a crafted file. oval:org.secpod.oval:def:1900551 The wrap_lines_smart function in ass_render.c in libass-dev before 0.13.4allows remote attackers to cause a denial of service via unspecified vectors, related to "0/3 line wrapping equalization." oval:org.secpod.oval:def:1900554 libdwarf/dwarf_leb.c and dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." oval:org.secpod.oval:def:1900553 Integer overflow in the write_png function in libcairo2-dev 1.14.6 allows remote attackers to cause a denial of service via a large svg file. oval:org.secpod.oval:def:1900550 The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. oval:org.secpod.oval:def:1900559 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. oval:org.secpod.oval:def:1900556 Tilibming-dev attack vulnerability oval:org.secpod.oval:def:1900558 The printMP3Headers function in listmp3.c in Liblibming-dev 0.4.7 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:1900557 An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between ... oval:org.secpod.oval:def:1900684 In Apache Tika 1.19 , we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. ... oval:org.secpod.oval:def:1900683 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1900686 A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900682 partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a "Denial of Service attack" in the context of the user running the affected application. oval:org.secpod.oval:def:1900681 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1900694 A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900697 An issue was discovered in liburiparser1 before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. oval:org.secpod.oval:def:1900691 The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900693 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS. oval:org.secpod.oval:def:1900692 Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. oval:org.secpod.oval:def:1900699 etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. oval:org.secpod.oval:def:1900698 The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. oval:org.secpod.oval:def:1900662 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:1900664 setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. oval:org.secpod.oval:def:1900669 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness oval:org.secpod.oval:def:1900666 The spice-client-gtk widget allows remote authenticated users to obtain information from the host clipboard. oval:org.secpod.oval:def:1900665 lynx: It was found that Lynx doesn"t parse the authority component of the URL correctly when the host name part ends with "?", and could instead be tricked into connecting to a different host. oval:org.secpod.oval:def:1900673 A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900672 There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900674 libical-dev allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:1900671 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. oval:org.secpod.oval:def:1900670 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1900678 The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted dwarf file. oval:org.secpod.oval:def:1900861 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a IIS header that lets users override the path in the request URL via the X-Origina ... oval:org.secpod.oval:def:1900868 HTTPoxy oval:org.secpod.oval:def:1900867 rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. oval:org.secpod.oval:def:1900864 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service , which could be relevant if unrarlib is used as library code for a long-running application. oval:org.secpod.oval:def:1900863 js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. oval:org.secpod.oval:def:1900866 The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted DWARF section. oval:org.secpod.oval:def:1900871 In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. oval:org.secpod.oval:def:1900873 The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "o ... oval:org.secpod.oval:def:1900872 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV i ... oval:org.secpod.oval:def:1900879 Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted packet. oval:org.secpod.oval:def:1900878 An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction and deny rules for username by using Null Byte in the username. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900874 It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the "System: Read Stage Users" permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclo ... oval:org.secpod.oval:def:1900877 Multiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. oval:org.secpod.oval:def:1900876 An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not norm ... oval:org.secpod.oval:def:1900846 negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. oval:org.secpod.oval:def:1900845 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters oval:org.secpod.oval:def:1900847 SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. oval:org.secpod.oval:def:1900842 The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI appli ... oval:org.secpod.oval:def:1900841 An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service attack by entering a very long password at the change password dialog. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900844 util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900843 The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900839 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. oval:org.secpod.oval:def:1900838 Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. oval:org.secpod.oval:def:1900851 An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900850 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1900859 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful ... oval:org.secpod.oval:def:1900858 The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. oval:org.secpod.oval:def:1900853 QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:1900852 Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. oval:org.secpod.oval:def:1900855 The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Mach0 file. oval:org.secpod.oval:def:1900854 A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900882 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. oval:org.secpod.oval:def:1900884 Cross-site scripting vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. oval:org.secpod.oval:def:1900880 rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. oval:org.secpod.oval:def:1900889 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. oval:org.secpod.oval:def:1900886 SimpleXML is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. oval:org.secpod.oval:def:1900885 Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 . Fixed in A ... oval:org.secpod.oval:def:1900887 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via normalization.php or js/normalization.js in the database normalization page, templates/database/structure/sortabl ... oval:org.secpod.oval:def:1900893 The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service via an object file with empty bss-like sections. oval:org.secpod.oval:def:1900894 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. oval:org.secpod.oval:def:1900891 An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900897 Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. oval:org.secpod.oval:def:1900899 GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow while attempting to unget an EOF character from the input stream, potentially leading to a program crash. oval:org.secpod.oval:def:1900898 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900837 VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. oval:org.secpod.oval:def:1900836 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. oval:org.secpod.oval:def:1900833 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. oval:org.secpod.oval:def:1900832 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ... oval:org.secpod.oval:def:1901003 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1901001 The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. oval:org.secpod.oval:def:1901000 Cross-site scripting vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. oval:org.secpod.oval:def:1901006 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via a crafted Host HTTP header, related to libraries/Config.class.php; crafted JSON data, related to fi ... oval:org.secpod.oval:def:1901009 The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. oval:org.secpod.oval:def:1900981 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. oval:org.secpod.oval:def:1900980 Async Http Client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a "?" character occurs in a fragment identifier. Similar bugs were previously identified in cURL and Oracle Java 8 java.net.URL. oval:org.secpod.oval:def:1900983 The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service via a crafted BMP image. oval:org.secpod.oval:def:1900982 opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900988 The getsym function in tekhex.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a malformed tekhex binary. oval:org.secpod.oval:def:1900984 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn"t stop when it should after no match is found; inste ... oval:org.secpod.oval:def:1900987 phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. oval:org.secpod.oval:def:1900992 Cross-site scripting vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. oval:org.secpod.oval:def:1900994 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900990 ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admi ... oval:org.secpod.oval:def:1900995 The versados_mkobject function in bfd/versados.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file ... oval:org.secpod.oval:def:1900998 A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. oval:org.secpod.oval:def:1900997 Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution oval:org.secpod.oval:def:1900960 The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. oval:org.secpod.oval:def:1900967 The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. oval:org.secpod.oval:def:1900969 The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html. oval:org.secpod.oval:def:1900959 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving server-privileges certificate data fields on the user privileges page, an "invalid JSON" error message in th ... oval:org.secpod.oval:def:1900971 FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. oval:org.secpod.oval:def:1900978 An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions and 4.4.x versions are affected. oval:org.secpod.oval:def:1900977 In ng_pkt in transports/smart_pkt.c in libgit2-dev before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS. oval:org.secpod.oval:def:1900979 A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thu ... oval:org.secpod.oval:def:1900974 In the GNU C Library through 2.29, the memcmp function for the x32 architecture can incorrectly return zero because the RDX most significant bit is mishandled. oval:org.secpod.oval:def:1900973 The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. oval:org.secpod.oval:def:1900976 cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. oval:org.secpod.oval:def:1900975 Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of states or tags, which triggers an out-of-bounds write. oval:org.secpod.oval:def:1900901 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. oval:org.secpod.oval:def:1900900 opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900902 libdwarf before 20160923 allows remote attackers to cause a denial of service via a large length value in a compilation unit header. oval:org.secpod.oval:def:1900912 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. oval:org.secpod.oval:def:1900911 Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. oval:org.secpod.oval:def:1900914 Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1900913 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. oval:org.secpod.oval:def:1900910 Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimmi ... oval:org.secpod.oval:def:1900908 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900905 In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. oval:org.secpod.oval:def:1900907 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. oval:org.secpod.oval:def:1900906 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an invalid read because the code to emit relocs does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker program crash. oval:org.secpod.oval:def:1900945 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in My ... oval:org.secpod.oval:def:1900944 An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly ke ... oval:org.secpod.oval:def:1900946 marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. oval:org.secpod.oval:def:1900941 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900940 HTTPoxy oval:org.secpod.oval:def:1900943 An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900942 An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be ... oval:org.secpod.oval:def:1900937 An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900939 There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:1900955 The get_build_id function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within ... oval:org.secpod.oval:def:1900958 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1900957 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker program crash ... oval:org.secpod.oval:def:1900952 dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a debugging information entry using DWARF5 and without a DW_AT_name. oval:org.secpod.oval:def:1900948 Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. oval:org.secpod.oval:def:1900923 Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. oval:org.secpod.oval:def:1900925 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Web Assembly file. oval:org.secpod.oval:def:1900921 XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. oval:org.secpod.oval:def:1900919 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. oval:org.secpod.oval:def:1900916 The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1900918 dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on ... oval:org.secpod.oval:def:1900933 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality oval:org.secpod.oval:def:1900936 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving an array value to FormDisplay.php, incorrect data to validate.php, unexpected data to Validator.php, a missing config directory during se ... oval:org.secpod.oval:def:1900930 Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. oval:org.secpod.oval:def:1900931 An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900927 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. oval:org.secpod.oval:def:1900926 An invalid memory read vulnerability was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900929 SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. oval:org.secpod.oval:def:1900928 In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. oval:org.secpod.oval:def:1901036 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901035 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901037 An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. oval:org.secpod.oval:def:1901032 The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:1901034 ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. oval:org.secpod.oval:def:1901039 The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901047 In Moodle 3.3, the course overview block reveals activities in hidden courses. oval:org.secpod.oval:def:1901046 The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901043 The REPL server in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. oval:org.secpod.oval:def:1901041 The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 . oval:org.secpod.oval:def:1901014 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. oval:org.secpod.oval:def:1901013 A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901016 A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. oval:org.secpod.oval:def:1901010 In Moodle 3.x, course creators are able to change system default settings for courses. oval:org.secpod.oval:def:1901012 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901011 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1901019 The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901025 There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor"s CVE-2017-11555 fix . oval:org.secpod.oval:def:1901024 The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. oval:org.secpod.oval:def:1901027 Multiple cross-site scripting vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. oval:org.secpod.oval:def:1901026 In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. oval:org.secpod.oval:def:1901021 The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. oval:org.secpod.oval:def:1901020 uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. oval:org.secpod.oval:def:1901023 The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901022 An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service attack against the server. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901029 The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to decrypt hashed passwords by leveraging knowledge of client registration codes or gain login access by eavesdropping on login messages and re-using the hashed passwords. oval:org.secpod.oval:def:1901053 lib/Config/Model.pm in Config-Model before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array. oval:org.secpod.oval:def:1901050 An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web ap ... oval:org.secpod.oval:def:1901051 Cross-site scripting vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. oval:org.secpod.oval:def:1901200 rsyslog librelp0 version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by se ... oval:org.secpod.oval:def:1901203 An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901208 The client in OpenAFS before 1.6.17 does not properly initialize the AFSStoreStatus, AFSStoreVolumeStatus, VldbListByAttributes, and ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. oval:org.secpod.oval:def:1901204 The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service by leveraging improper conversion of r ... oval:org.secpod.oval:def:1901207 The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901206 An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from ... oval:org.secpod.oval:def:1901234 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in My ... oval:org.secpod.oval:def:1901236 In SWFTools, a memcpy buffer overflow was found in swfc. oval:org.secpod.oval:def:1901235 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker program crash. oval:org.secpod.oval:def:1901230 Regular Expression Denial of Service oval:org.secpod.oval:def:1901232 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. oval:org.secpod.oval:def:1901231 The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. oval:org.secpod.oval:def:1901238 In Open Ticket Request System 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in qu ... oval:org.secpod.oval:def:1901237 Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. oval:org.secpod.oval:def:1901245 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. oval:org.secpod.oval:def:1901247 Cross-site request forgery vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. oval:org.secpod.oval:def:1901243 FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fix ... oval:org.secpod.oval:def:1901242 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method , which can be abused to lead to commit metadata forgery. oval:org.secpod.oval:def:1901249 An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901248 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. oval:org.secpod.oval:def:1901212 The order and group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. oval:org.secpod.oval:def:1901211 An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. oval:org.secpod.oval:def:1901214 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901213 In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901210 DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonst ... oval:org.secpod.oval:def:1901216 ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery attacks via a URL in the var_url parameter in a valider_xml action. oval:org.secpod.oval:def:1901215 Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an in ... oval:org.secpod.oval:def:1901218 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. oval:org.secpod.oval:def:1901222 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901225 The gig::Region::Region function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901221 WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. oval:org.secpod.oval:def:1901220 BitlBee before 3.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. oval:org.secpod.oval:def:1901227 The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. oval:org.secpod.oval:def:1901226 The process_otr function in bfd/versados.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrate ... oval:org.secpod.oval:def:1901229 Cross-site request forgery vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer functi ... oval:org.secpod.oval:def:1901228 Cross-site scripting vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. oval:org.secpod.oval:def:1901157 Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for "roles" used for access control within the database, including the special case "_admin" role, th ... oval:org.secpod.oval:def:1901156 Cross-site request forgery vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined wi ... oval:org.secpod.oval:def:1901159 An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service attack on a server by passing large values to a loop. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901158 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. oval:org.secpod.oval:def:1901152 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. oval:org.secpod.oval:def:1901155 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. oval:org.secpod.oval:def:1901154 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. oval:org.secpod.oval:def:1901167 Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901164 OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c oval:org.secpod.oval:def:1901166 An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool"s Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, ... oval:org.secpod.oval:def:1901160 GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. oval:org.secpod.oval:def:1901161 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901131 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1901133 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901132 An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1901138 An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901146 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901145 The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service via a crafted SWF file. oval:org.secpod.oval:def:1901148 opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901147 Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. oval:org.secpod.oval:def:1901142 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. oval:org.secpod.oval:def:1901144 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901143 There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. Th ... oval:org.secpod.oval:def:1901140 When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that ... oval:org.secpod.oval:def:1901196 In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. oval:org.secpod.oval:def:1901199 Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. oval:org.secpod.oval:def:1901198 The Git Smart Protocol support in libgit2-dev before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service via an empty packet line. oval:org.secpod.oval:def:1901195 liblibvips-dev before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. oval:org.secpod.oval:def:1901191 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. oval:org.secpod.oval:def:1901179 An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if ... oval:org.secpod.oval:def:1901178 lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. oval:org.secpod.oval:def:1901175 Moodle 3.x has user fullname disclosure on the user preferences page. oval:org.secpod.oval:def:1901174 Cross-site scripting vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NO ... oval:org.secpod.oval:def:1901176 The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. oval:org.secpod.oval:def:1901173 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. oval:org.secpod.oval:def:1901172 An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901189 gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901186 An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901187 The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery attacks via unspecified vectors. oval:org.secpod.oval:def:1901182 The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. oval:org.secpod.oval:def:1901184 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the yr_re_exec function. oval:org.secpod.oval:def:1901180 marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it"s possible to bypass marked"s content injection protection to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` get ... oval:org.secpod.oval:def:1900469 Arbitrary File Write oval:org.secpod.oval:def:1901273 The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. oval:org.secpod.oval:def:1901270 The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. oval:org.secpod.oval:def:1901272 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304. oval:org.secpod.oval:def:1901256 A heap-based buffer over-read was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901255 The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. oval:org.secpod.oval:def:1901258 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. oval:org.secpod.oval:def:1901257 Cross-site scripting vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. oval:org.secpod.oval:def:1901254 In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. oval:org.secpod.oval:def:1901259 phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server oval:org.secpod.oval:def:1901267 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in ... oval:org.secpod.oval:def:1901262 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:1901113 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. oval:org.secpod.oval:def:1901112 Cross-site scripting vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter . oval:org.secpod.oval:def:1901111 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability. oval:org.secpod.oval:def:1901117 The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted DWARF section. oval:org.secpod.oval:def:1901116 The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of C ... oval:org.secpod.oval:def:1901119 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901124 file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242. oval:org.secpod.oval:def:1901126 An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions , 4.4.x ... oval:org.secpod.oval:def:1901125 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901122 Cross-site scripting vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form action or xlink attribute. oval:org.secpod.oval:def:1901128 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. oval:org.secpod.oval:def:1901102 When using the local_batch client from salt-common-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. The LocalClient.cmd_batch method client does not accept external_ ... oval:org.secpod.oval:def:1901104 Cross-site scripting vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. oval:org.secpod.oval:def:1901103 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. oval:org.secpod.oval:def:1901100 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware . The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attack ... oval:org.secpod.oval:def:1901105 Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. oval:org.secpod.oval:def:1901108 The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. oval:org.secpod.oval:def:1901098 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. oval:org.secpod.oval:def:1901097 The LoadString function in helper.h in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901099 The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an inco ... oval:org.secpod.oval:def:1901094 The htcondor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service by leveraging use of GSI and VOMS extensions. oval:org.secpod.oval:def:1901093 Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .ph ... oval:org.secpod.oval:def:1901090 The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect func ... oval:org.secpod.oval:def:1901092 In Apache libuima-core-java prior to 2.10.2, Apache libuima-core-java 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion capability of various XML parsers. UIMA ... oval:org.secpod.oval:def:1901091 The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service by leveraging improper conversion of return values to boolean. oval:org.secpod.oval:def:1901076 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the _yr_re_emit function. oval:org.secpod.oval:def:1901071 When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path trav ... oval:org.secpod.oval:def:1901073 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. oval:org.secpod.oval:def:1901070 The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. oval:org.secpod.oval:def:1901087 [improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt] oval:org.secpod.oval:def:1901086 Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from an ... oval:org.secpod.oval:def:1901089 Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service via a large number of options in a CAP LS message. oval:org.secpod.oval:def:1901088 The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html. oval:org.secpod.oval:def:1901083 Cross-site scripting vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. oval:org.secpod.oval:def:1901082 There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901085 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. oval:org.secpod.oval:def:1901084 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. oval:org.secpod.oval:def:1901081 Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1901080 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901057 WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. oval:org.secpod.oval:def:1901056 The authentication protocol allows an oracle attack that could potentially be exploited. oval:org.secpod.oval:def:1901069 FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially c ... oval:org.secpod.oval:def:1901065 In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. oval:org.secpod.oval:def:1901064 The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c. oval:org.secpod.oval:def:1901067 A heap-based buffer over-read was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901061 The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901063 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service via a crafted binary file, as demonstrated by the r_read_le32 function. oval:org.secpod.oval:def:1901062 In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901311 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. oval:org.secpod.oval:def:1901310 The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. oval:org.secpod.oval:def:1901313 The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. oval:org.secpod.oval:def:1901319 The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. oval:org.secpod.oval:def:1901314 An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901322 The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. oval:org.secpod.oval:def:1901324 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the "&" character is mishandled in certain contexts. oval:org.secpod.oval:def:1901320 An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and termi ... oval:org.secpod.oval:def:1901325 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, a ... oval:org.secpod.oval:def:1901328 WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. oval:org.secpod.oval:def:1901327 Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service via a zero length error correcting redundancy packet for a UDPTL FAX packet ... oval:org.secpod.oval:def:1901300 DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. oval:org.secpod.oval:def:1901307 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. oval:org.secpod.oval:def:1901309 An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901304 An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg["AllowArbitraryServer"]=true. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901303 The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player ... oval:org.secpod.oval:def:1901305 The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service via crafted xml file. oval:org.secpod.oval:def:1901354 An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize function. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901357 Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901356 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c ... oval:org.secpod.oval:def:1901353 Cross-site scripting vulnerability in Open Ticket Request System 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. oval:org.secpod.oval:def:1901359 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. oval:org.secpod.oval:def:1901358 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. oval:org.secpod.oval:def:1901366 An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg["Servers"][$i]["AllowNoPassword"] = false are bypassed under certain PHP versions . This can allow the login of users who have no password set ... oval:org.secpod.oval:def:1901365 GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:1901368 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901367 The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. oval:org.secpod.oval:def:1901362 In Long Range Zip 0.631, there is a use-after-free in the ucompthread function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1901364 The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service via an empty field that should have contained a hostname or IP address. oval:org.secpod.oval:def:1901363 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. oval:org.secpod.oval:def:1901360 The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901333 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901334 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901331 lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. oval:org.secpod.oval:def:1901330 A null pointer dereference vulnerability was found in the function stackswap in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901339 examples/consumer/common.php in JanRain PHP OpenID library improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host heade ... oval:org.secpod.oval:def:1901344 The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901345 In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no "\0" character after the version string. oval:org.secpod.oval:def:1901340 batteriesConfig.mlp in OCaml Batteries Included 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901341 An accessibility flaw was found in the OpenStack Workflow service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. oval:org.secpod.oval:def:1901349 A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. oval:org.secpod.oval:def:1901279 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. oval:org.secpod.oval:def:1901289 GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. oval:org.secpod.oval:def:1901288 Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp1 library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets. oval:org.secpod.oval:def:1901287 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. oval:org.secpod.oval:def:1901286 DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. oval:org.secpod.oval:def:1901281 i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is n ... oval:org.secpod.oval:def:1901280 Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service or possibly execute arbitrary code by causing a file transfer connection to expire. oval:org.secpod.oval:def:1901283 Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2-dev before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. oval:org.secpod.oval:def:1901282 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901296 A stack-based buffer overflow in the find_green function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. oval:org.secpod.oval:def:1901295 ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision w ... oval:org.secpod.oval:def:1901298 Cross-site request forgery vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. oval:org.secpod.oval:def:1901297 The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service via invalid handshake data. oval:org.secpod.oval:def:1901294 Cross-site scripting vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user"s email. oval:org.secpod.oval:def:1901290 The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service attack against parser.c. oval:org.secpod.oval:def:1901431 readelf in GNU Binutils 2.28 has a use-after-free error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. oval:org.secpod.oval:def:1901433 In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. oval:org.secpod.oval:def:1901430 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. oval:org.secpod.oval:def:1901439 An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacki ... oval:org.secpod.oval:def:1901435 The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman key to be used and consequently allow attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:1901442 The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during " ... oval:org.secpod.oval:def:1901441 There is a vulnerability of type use-after-free affecting DBD::mysql 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. oval:org.secpod.oval:def:1901446 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot"s use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt th ... oval:org.secpod.oval:def:1901449 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name co ... oval:org.secpod.oval:def:1901448 The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write while disassembling a corrupt binary that contains an empty function name, leading to a program crash. oval:org.secpod.oval:def:1901410 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. oval:org.secpod.oval:def:1901411 Cross-site scripting vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. oval:org.secpod.oval:def:1901417 The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. oval:org.secpod.oval:def:1901419 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. oval:org.secpod.oval:def:1901413 In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. oval:org.secpod.oval:def:1901416 Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp1 library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. oval:org.secpod.oval:def:1901415 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster be ... oval:org.secpod.oval:def:1901421 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. oval:org.secpod.oval:def:1901420 In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. oval:org.secpod.oval:def:1901423 SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. oval:org.secpod.oval:def:1901422 In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. oval:org.secpod.oval:def:1901429 The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file dur ... oval:org.secpod.oval:def:1901425 In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can"t access. oval:org.secpod.oval:def:1901424 In Long Range Zip 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. oval:org.secpod.oval:def:1901427 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x , and 9.4.x , when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored . If an intermediary decided on the shorter length, but ... oval:org.secpod.oval:def:1901426 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901476 Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp1 library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. oval:org.secpod.oval:def:1901478 The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901472 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin"s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. oval:org.secpod.oval:def:1901471 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. oval:org.secpod.oval:def:1901474 An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user"s valid phpMyAdmin token. All 4.0.x versions are affected. oval:org.secpod.oval:def:1901487 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. oval:org.secpod.oval:def:1901489 There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. oval:org.secpod.oval:def:1901488 Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. oval:org.secpod.oval:def:1901483 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. oval:org.secpod.oval:def:1901482 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1901485 The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service via a crafted SWF file. oval:org.secpod.oval:def:1901484 A heap-based buffer overflow vulnerability was found in the function dcputs in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901481 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. oval:org.secpod.oval:def:1901480 GNU linker in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of "\0" termination of a name field in ldlex.l. oval:org.secpod.oval:def:1901454 Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity attacks via a crafted PDF. oval:org.secpod.oval:def:1901456 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:1901455 An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of ... oval:org.secpod.oval:def:1901450 X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service via a reply in the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied category without a client sequence and with attached data. oval:org.secpod.oval:def:1901451 SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. oval:org.secpod.oval:def:1901458 An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow ... oval:org.secpod.oval:def:1901459 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. oval:org.secpod.oval:def:1901464 An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. oval:org.secpod.oval:def:1901466 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonst ... oval:org.secpod.oval:def:1901460 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule. oval:org.secpod.oval:def:1901463 JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. oval:org.secpod.oval:def:1901468 An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp-dev allows attackers to cause a denial of service or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. oval:org.secpod.oval:def:1901401 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. oval:org.secpod.oval:def:1901400 It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and s ... oval:org.secpod.oval:def:1901406 Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted network packet. oval:org.secpod.oval:def:1901409 In Open Ticket Request System 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. oval:org.secpod.oval:def:1901403 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. oval:org.secpod.oval:def:1901404 The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. oval:org.secpod.oval:def:1901399 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. oval:org.secpod.oval:def:1901398 The pe_ILF_object_p function in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and ... oval:org.secpod.oval:def:1901395 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:1901397 The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901392 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. oval:org.secpod.oval:def:1901377 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions , and 4.4.x versions are affected. oval:org.secpod.oval:def:1901376 OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the client cache partition, fileserver vice partition, or certain RPC responses. oval:org.secpod.oval:def:1901379 An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901373 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. oval:org.secpod.oval:def:1901372 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901371 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901370 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. oval:org.secpod.oval:def:1901387 XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. oval:org.secpod.oval:def:1901389 readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901386 The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. oval:org.secpod.oval:def:1901385 The bfd_make_section_with_flags function in section.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. oval:org.secpod.oval:def:1901380 In Open Ticket Request System through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. oval:org.secpod.oval:def:1901382 An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it"s valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions , 4.4.x versions ... oval:org.secpod.oval:def:1901531 SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. oval:org.secpod.oval:def:1901530 libcgroup1 up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. oval:org.secpod.oval:def:1901533 In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned length field in a way which later causes memory corruption or other failure. oval:org.secpod.oval:def:1901532 readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. oval:org.secpod.oval:def:1901539 An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service attack by forcing persistent connections when phpMyAdmin is running with $cfg["AllowArbitraryServer"]=true. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901538 liblivemedia-dev in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash or possibly have unspecified other impact. oval:org.secpod.oval:def:1901535 The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1901534 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:1901537 libundertow-java before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access ... oval:org.secpod.oval:def:1901542 The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fi ... oval:org.secpod.oval:def:1901543 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. oval:org.secpod.oval:def:1901540 WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to tran ... oval:org.secpod.oval:def:1901511 An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An atta ... oval:org.secpod.oval:def:1901510 Cross-site scripting vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter . oval:org.secpod.oval:def:1901517 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. oval:org.secpod.oval:def:1901516 In Moodle 3.x, there is XSS in the assignment submission page. oval:org.secpod.oval:def:1901519 ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service via a long request that uses the lightweight resolver protocol. oval:org.secpod.oval:def:1901513 Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by ... oval:org.secpod.oval:def:1901512 Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901509 Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. oval:org.secpod.oval:def:1901522 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ... oval:org.secpod.oval:def:1901521 An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user"s blowfi ... oval:org.secpod.oval:def:1901527 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack. oval:org.secpod.oval:def:1901529 The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901523 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1901526 An issue was discovered in phpMyAdmin involving the $cfg["ArbitraryServerRegexp"] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901525 An error within the "tar_directory_for_file" function in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. oval:org.secpod.oval:def:1901500 Cross-site scripting vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. oval:org.secpod.oval:def:1901508 Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio before 4.3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large SIP packet. oval:org.secpod.oval:def:1901502 phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name oval:org.secpod.oval:def:1901501 CouchDB administrative users can configure the database server via HTTP. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary s ... oval:org.secpod.oval:def:1901504 An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901498 The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted -m or -c argument. oval:org.secpod.oval:def:1901494 The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. oval:org.secpod.oval:def:1901495 Cross-site scripting vulnerability in Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. oval:org.secpod.oval:def:1901492 The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1901491 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" c ... oval:org.secpod.oval:def:1901674 SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider is misconfigured. oval:org.secpod.oval:def:1901673 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. oval:org.secpod.oval:def:1901670 Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. oval:org.secpod.oval:def:1901672 A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attr ... oval:org.secpod.oval:def:1901671 Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands via vectors involving a branch whose name begins with a --config= or --debugger= substring, a re ... oval:org.secpod.oval:def:1901679 The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. oval:org.secpod.oval:def:1901685 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. oval:org.secpod.oval:def:1901687 The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901686 The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. oval:org.secpod.oval:def:1901681 Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery verification tokens via a crafted URL. oval:org.secpod.oval:def:1901683 In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. oval:org.secpod.oval:def:1901682 A cross site scripting vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts ... oval:org.secpod.oval:def:1901689 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PNG file. oval:org.secpod.oval:def:1901651 Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lo ... oval:org.secpod.oval:def:1901654 Heap buffer overflow in the yr_object_array_set_item function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. oval:org.secpod.oval:def:1901653 SQL injection in multiple remote calls oval:org.secpod.oval:def:1901650 A flaw was found in RPC request using gfs2_create_req in glusterfs-common server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs-common server nodes. oval:org.secpod.oval:def:1901659 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. oval:org.secpod.oval:def:1901656 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. oval:org.secpod.oval:def:1901658 The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim"s web browser. oval:org.secpod.oval:def:1901657 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. oval:org.secpod.oval:def:1901663 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. oval:org.secpod.oval:def:1901662 The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901665 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. oval:org.secpod.oval:def:1901664 In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity attacks, as demonstrated by /ServerView. oval:org.secpod.oval:def:1901661 The dashboard subscription interface in Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. oval:org.secpod.oval:def:1901660 A cross site scripting vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/ht ... oval:org.secpod.oval:def:1901667 The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. oval:org.secpod.oval:def:1901666 The Htpasswd authentication source in the authcrypt module and SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. oval:org.secpod.oval:def:1901669 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. oval:org.secpod.oval:def:1901668 The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. oval:org.secpod.oval:def:1901696 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service via a crafted web site, as demonstrated by GNOME Web . oval:org.secpod.oval:def:1901695 The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PE file. oval:org.secpod.oval:def:1901697 coffgen.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PE file. oval:org.secpod.oval:def:1901691 In SWFTools, a stack overflow was found in pdf2swf. oval:org.secpod.oval:def:1901694 When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load function in lib/png.c. oval:org.secpod.oval:def:1901699 The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c ... oval:org.secpod.oval:def:1901690 The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901605 A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. oval:org.secpod.oval:def:1901607 During Jelly file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity attacks i ... oval:org.secpod.oval:def:1901606 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A ... oval:org.secpod.oval:def:1901601 Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:1901600 Remote code execution in lspci_process oval:org.secpod.oval:def:1901603 The setup_group function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a group section that is too small. oval:org.secpod.oval:def:1901602 An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created ".avi" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicati ... oval:org.secpod.oval:def:1901632 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of ... oval:org.secpod.oval:def:1901638 A flaw was found in RPC request using gfs3_rename_req in glusterfs-common server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. oval:org.secpod.oval:def:1901637 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ... oval:org.secpod.oval:def:1901633 An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".tif" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A ... oval:org.secpod.oval:def:1901635 A flaw was found in RPC request using gfs3_symlink_req in glusterfs-common server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary c ... oval:org.secpod.oval:def:1901641 An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".cin" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901640 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create ... oval:org.secpod.oval:def:1901643 The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901642 The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. oval:org.secpod.oval:def:1901649 An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerab ... oval:org.secpod.oval:def:1901648 glusterfs-common is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool ... oval:org.secpod.oval:def:1901645 A flaw was found in RPC request using gfs3_lookup_req in glusterfs-common server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. oval:org.secpod.oval:def:1901644 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of ... oval:org.secpod.oval:def:1901647 DoS in process_demand_active oval:org.secpod.oval:def:1901615 An exploitable integer overflow exists in the "modifier_mdef_compact_influences" functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the ... oval:org.secpod.oval:def:1901618 It was found that usage of snprintf function in feature/locks translator of glusterfs-common server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. oval:org.secpod.oval:def:1901617 Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack oval:org.secpod.oval:def:1901611 DoS in sec_parse_crypt_info and in sec_recv oval:org.secpod.oval:def:1901613 An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".bmp" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901609 An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An a ... oval:org.secpod.oval:def:1901621 FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provide ... oval:org.secpod.oval:def:1901620 An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".png" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901627 glusterfs-common server before versions 3.10.12, 4.0.2 is vulnerable when using "auth.allow" option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. oval:org.secpod.oval:def:1901626 An exploitable integer overflow exists in the "multires_load_old_dm" functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application ... oval:org.secpod.oval:def:1901629 rbenv is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution oval:org.secpod.oval:def:1901623 An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".iris" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. ... oval:org.secpod.oval:def:1901622 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. oval:org.secpod.oval:def:1901625 Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whe ... oval:org.secpod.oval:def:1901619 It was found that glusterfs-common server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient ... oval:org.secpod.oval:def:1901795 The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901794 Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. oval:org.secpod.oval:def:1901790 An issue was discovered in Teluu libpjproject-dev in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ... oval:org.secpod.oval:def:1901793 Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. oval:org.secpod.oval:def:1901792 An issue was discovered in Teluu libpjproject-dev in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will ... oval:org.secpod.oval:def:1901773 In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. oval:org.secpod.oval:def:1901772 realloc_symlink in rock.c in GNU libcdio-dev before 1.0.0 allows remote attackers to cause a denial of service via a crafted iso file. oval:org.secpod.oval:def:1901775 Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses-bin 6.0 allows attackers to cause a denial of service or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. oval:org.secpod.oval:def:1901774 print_iso9660_recurse in iso-info.c in GNU libcdio-dev before 1.0.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted iso file. oval:org.secpod.oval:def:1901776 extplorer exposes /usr and /etc/extplorer over HTTP oval:org.secpod.oval:def:1901784 The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. oval:org.secpod.oval:def:1901783 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful ... oval:org.secpod.oval:def:1901782 Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 . Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. oval:org.secpod.oval:def:1901788 mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1901715 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." oval:org.secpod.oval:def:1901714 When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup function in lib/q.c. oval:org.secpod.oval:def:1901717 In SWFTools, an address access exception was found in swfdump swf_GetBits. oval:org.secpod.oval:def:1901716 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. oval:org.secpod.oval:def:1901710 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer ... oval:org.secpod.oval:def:1901712 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a." oval:org.secpod.oval:def:1901707 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." oval:org.secpod.oval:def:1901709 Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack. oval:org.secpod.oval:def:1901726 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service via a crafted WAV file. oval:org.secpod.oval:def:1901725 When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite function in lib/rxfswf.c. oval:org.secpod.oval:def:1901727 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by s ... oval:org.secpod.oval:def:1901722 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901721 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF oval:org.secpod.oval:def:1901724 SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. oval:org.secpod.oval:def:1901723 SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS . oval:org.secpod.oval:def:1901719 In SWFTools, a memcpy buffer overflow was found in gif2swf. oval:org.secpod.oval:def:1901718 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter function in lib/modules/swffilter.c. oval:org.secpod.oval:def:1901704 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono function in lib/wav.c. oval:org.secpod.oval:def:1901703 The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF f ... oval:org.secpod.oval:def:1901706 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate function in lib/modules/swftools.c. oval:org.secpod.oval:def:1901705 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596." oval:org.secpod.oval:def:1901701 In SWFTools, a memory leak was found in wav2swf. oval:org.secpod.oval:def:1901751 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901752 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. oval:org.secpod.oval:def:1901757 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. oval:org.secpod.oval:def:1901763 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:1901769 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. oval:org.secpod.oval:def:1901730 In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information by reading a Referer log, because account/lost_password does not use a redirect. oval:org.secpod.oval:def:1901737 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901736 Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. oval:org.secpod.oval:def:1901738 An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. oval:org.secpod.oval:def:1901733 Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. oval:org.secpod.oval:def:1901732 JabberD 2.x before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. oval:org.secpod.oval:def:1901735 Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. oval:org.secpod.oval:def:1901734 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901749 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... oval:org.secpod.oval:def:1901553 In Long Range Zip 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1901554 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading ... oval:org.secpod.oval:def:1901557 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. oval:org.secpod.oval:def:1901556 The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264. oval:org.secpod.oval:def:1901559 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. oval:org.secpod.oval:def:1901558 the web framework using ljharb"s qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. oval:org.secpod.oval:def:1901564 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a p ... oval:org.secpod.oval:def:1901565 xrdp 0.9.1 calls the PAM function auth_start_session in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. oval:org.secpod.oval:def:1901560 Cross-site scripting vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. oval:org.secpod.oval:def:1901568 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata is due to a failure to check a pointer for being in bounds and a failure in a check in dwarf_attr_list. oval:org.secpod.oval:def:1901569 mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service by leveraging in-memory database representation when authenticating against a non-existent database. oval:org.secpod.oval:def:1901544 WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. oval:org.secpod.oval:def:1901549 An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user"s session, username, and password are not compromised by this vulnerability. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901545 The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. oval:org.secpod.oval:def:1901547 GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. oval:org.secpod.oval:def:1901597 It was found that an attacker could issue a xattr request via glusterfs-common FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. oval:org.secpod.oval:def:1901596 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. oval:org.secpod.oval:def:1901599 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs-common server node ... oval:org.secpod.oval:def:1901593 An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. ... oval:org.secpod.oval:def:1901592 Major information leak in ui_clip_handle_data oval:org.secpod.oval:def:1901594 It was found that the "mknod" call derived from mknod can create files pointing to devices on a glusterfs-common server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs-common server node. oval:org.secpod.oval:def:1901591 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs-common server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs-common server node. oval:org.secpod.oval:def:1901575 An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute "tface" of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the app ... oval:org.secpod.oval:def:1901574 An information disclosure vulnerability was discovered in glusterfs-common server. An attacker could issue a xattr request via glusterfs-common FUSE to determine the existence of any file. oval:org.secpod.oval:def:1901577 The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901576 An exploitable integer overflow exists in the "BKE_mesh_calc_normals_tessface" functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicat ... oval:org.secpod.oval:def:1901571 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901570 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. oval:org.secpod.oval:def:1901572 An issue was discovered in phpMyAdmin. phpinfo shows PHP information including values of HttpOnly cookies. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901579 A flaw was found in the way dic_unserialize function of glusterfs-common does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:1901578 An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".hdr" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicatio ... oval:org.secpod.oval:def:1901586 An exploitable integer overflow exists in the "CustomData" Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the cont ... oval:org.secpod.oval:def:1901588 An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created ".avi" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicati ... oval:org.secpod.oval:def:1901587 Memory corruption in rdp_in_unistr oval:org.secpod.oval:def:1901582 An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".cin" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901581 DoS in mcs_recv_connect_response and in mcs_parse_domain_params oval:org.secpod.oval:def:1901584 It was found that glusterfs-common server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed bu ... oval:org.secpod.oval:def:1901583 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An at ... oval:org.secpod.oval:def:1901589 plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901580 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1(POI bugs 61338 and 61294 oval:org.secpod.oval:def:1902087 A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of se ... oval:org.secpod.oval:def:1902083 A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF a ... oval:org.secpod.oval:def:1902080 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1902082 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated ... oval:org.secpod.oval:def:1902081 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1902091 concat_filename in dwarf2.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service via a crafted binary file, as demonstrated by nm-new. oval:org.secpod.oval:def:1902090 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. oval:org.secpod.oval:def:1902093 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. oval:org.secpod.oval:def:1902092 The bfd_section_from_shdr function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service via a large attribute section. oval:org.secpod.oval:def:1902065 binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be ex ... oval:org.secpod.oval:def:1902067 load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. oval:org.secpod.oval:def:1902064 The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of *edd so that the address exceeds its own memory region, resul ... oval:org.secpod.oval:def:1902077 finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. oval:org.secpod.oval:def:1902079 The ignore_section_sym function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service vi ... oval:org.secpod.oval:def:1902078 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. oval:org.secpod.oval:def:1902073 The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service , as demonstrated by nm. oval:org.secpod.oval:def:1902072 process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service via a crafted binary file, as demonstrated by readelf. oval:org.secpod.oval:def:1902074 A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. oval:org.secpod.oval:def:1902071 An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote atta ... oval:org.secpod.oval:def:1902005 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass." oval:org.secpod.oval:def:1902014 Certain function pointers in Trusted Boot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module by hooking these function pointers. oval:org.secpod.oval:def:1902017 OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. oval:org.secpod.oval:def:1902016 Unrestricted file upload in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. oval:org.secpod.oval:def:1902010 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. oval:org.secpod.oval:def:1902019 OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec call in the PHP code. Authentication is needed in order to exploit this vulnerability ... oval:org.secpod.oval:def:1902018 OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. oval:org.secpod.oval:def:1902047 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. oval:org.secpod.oval:def:1902042 In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. oval:org.secpod.oval:def:1902059 An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote ... oval:org.secpod.oval:def:1902055 Yubico libpam-u2f 1.0.7 attempts parsing of the configured authfile as root , and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be ... oval:org.secpod.oval:def:1902051 In Yubico libpam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it ... oval:org.secpod.oval:def:1902053 An issue was discovered in phpMyAdmin before 4.8.6. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. oval:org.secpod.oval:def:1902052 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim"s phpMyAdmin database, and the attacker can ... oval:org.secpod.oval:def:1902025 The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902029 libsoundtouch-dev version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open malicious file in soundstretch utility. oval:org.secpod.oval:def:1902033 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902032 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902031 Capstone 3.0.4 has an out-of-bounds vulnerability in X86_insn_reg_intel in arch/X86/X86Mapping.c. oval:org.secpod.oval:def:1901797 Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to m_offsets.size. oval:org.secpod.oval:def:1901796 xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service oval:org.secpod.oval:def:1901799 The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901798 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF file. oval:org.secpod.oval:def:1902126 libqb-dev before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames without O_EXCL. oval:org.secpod.oval:def:1902128 URI_FUNC in UriParse.c in liburiparser1 before 0.9.1 has an out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. oval:org.secpod.oval:def:1902116 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service . The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list ... oval:org.secpod.oval:def:1902115 SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. oval:org.secpod.oval:def:1902117 MathJax version prior to version 2.7.4 contains a Cross Site Scripting vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed us ... oval:org.secpod.oval:def:1902119 In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 ... oval:org.secpod.oval:def:1901896 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. oval:org.secpod.oval:def:1901892 A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs. oval:org.secpod.oval:def:1901897 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. oval:org.secpod.oval:def:1901838 The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. oval:org.secpod.oval:def:1901834 Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. oval:org.secpod.oval:def:1901840 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901813 GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. oval:org.secpod.oval:def:1901812 There is a NULL Pointer Dereference in the function ll_insert of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901809 ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service via invalid encoding. oval:org.secpod.oval:def:1901825 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. oval:org.secpod.oval:def:1901827 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. oval:org.secpod.oval:def:1901826 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. oval:org.secpod.oval:def:1901821 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. oval:org.secpod.oval:def:1901820 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. oval:org.secpod.oval:def:1901823 FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. oval:org.secpod.oval:def:1901818 Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. oval:org.secpod.oval:def:1901873 DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost and trick the browser into sending requests to localhost . oval:org.secpod.oval:def:1901876 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:1901875 In GraphicsMagick 1.4 snapshot-20181209 Q8 there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specific ... oval:org.secpod.oval:def:1901878 A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe but POST allows creating in-order keys that an attacker can send. oval:org.secpod.oval:def:1901877 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11 a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. oval:org.secpod.oval:def:1901882 stb stb_image.h 2.19 as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. oval:org.secpod.oval:def:1901859 WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this ha ... oval:org.secpod.oval:def:1901861 Hard coded domain name in example web service named StockQuoteService.jws leading to remote code execution oval:org.secpod.oval:def:1901860 Prosody before 0.10.0 allows remote attackers to cause a denial of service related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s ... oval:org.secpod.oval:def:1901863 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server resulting in weak encryption of data. oval:org.secpod.oval:def:1901862 In HDF5 1.10.1 there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901869 In GraphicsMagick 1.3.31 the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:1901865 Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:1901864 In HDF5 1.10.1 there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901802 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:1901801 The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901800 The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901951 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. oval:org.secpod.oval:def:1901959 Byobu Apport hook may disclose sensitive information since it automatically uploads the local user"s .screenrc which may contain private hostnames, usernames and passwords. oval:org.secpod.oval:def:1901954 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are bui ... oval:org.secpod.oval:def:1901961 A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial"s path-checking logic and write files outside a repository. oval:org.secpod.oval:def:1901935 Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. oval:org.secpod.oval:def:1901937 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/ ... oval:org.secpod.oval:def:1901936 Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. oval:org.secpod.oval:def:1901929 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:1901940 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnera ... oval:org.secpod.oval:def:1901942 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulner ... oval:org.secpod.oval:def:1901941 gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. oval:org.secpod.oval:def:1901939 Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension. oval:org.secpod.oval:def:1901938 Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonR ... oval:org.secpod.oval:def:1901993 systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE check is mishandled. oval:org.secpod.oval:def:1901971 Persistent cross-site scripting in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _view ... oval:org.secpod.oval:def:1901970 An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. oval:org.secpod.oval:def:1901972 A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service . oval:org.secpod.oval:def:1901978 cleartext message spoofing oval:org.secpod.oval:def:1901981 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. oval:org.secpod.oval:def:1901980 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter ... oval:org.secpod.oval:def:1901900 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. oval:org.secpod.oval:def:39490 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:38100 The host is installed with cryptsetup through 2:1.6.6-5ubuntu2 on Ubuntu 16.04, cryptsetup through 2:1.6.1-1ubuntu1 on Ubuntu 14.04, cryptsetup through 2:1.7.2-0ubuntu1 on Ubuntu 16.10 or cryptsetup through 2:1.4.1-2ubuntu4 on Ubuntu 12.04 and is prone to security bypass vulnerability. A flaw is pre ... oval:org.secpod.oval:def:38605 The host is installed with python-html5lib, python-html5lib-whl or python3-html5lib prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle characters. An attacker who successfully exploited these vulnerability could have unspecified impact oval:org.secpod.oval:def:38606 The host is installed with python-html5lib, python-html5lib-whl or python3-html5lib prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle characters. An attacker who successfully exploited these vulnerability could have cross site scripting oval:org.secpod.oval:def:36851 libidn: implementation of IETF IDN specifications Several security issues were fixed in Libidn. oval:org.secpod.oval:def:36850 harfbuzz: OpenType text shaping engine HarfBuzz could be made to crash or run programs as your login if it processed specially crafted data. oval:org.secpod.oval:def:40152 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:41491 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:46272 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:46279 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:44098 erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang. oval:org.secpod.oval:def:41829 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:41841 pyjwt: Python implementation of JSON Web Token PyJWT could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:37871 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:36988 imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2. oval:org.secpod.oval:def:37413 systemd: system and service manager The system could be made unavailable under certain conditions. oval:org.secpod.oval:def:37412 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:38739 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:37885 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:41499 gdb: GNU Debugger Several security issues were fixed in gdb. oval:org.secpod.oval:def:1901475 The serializer in python-html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting attacks by leveraging mishandling of the < character in attribute values. oval:org.secpod.oval:def:39292 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39290 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39291 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39289 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39281 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:39282 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39286 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39287 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39288 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39280 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:39279 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:40657 libytnef: improved decoder for application/ms-tnef attachments libytnef could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900533 The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. oval:org.secpod.oval:def:45546 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901378 The serializer in python-html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. oval:org.secpod.oval:def:41167 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:1900095 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messingup terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:42573 The host is installed with RunC on Ubuntu 17.04 or 17.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the container. Successful exploitation could allow attackers to gain access to file-descriptors of new processes duri ... oval:org.secpod.oval:def:42576 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly assign permissions. Successful exploitation could allow attackers to obtain sensitive information, and perform protocol ... oval:org.secpod.oval:def:42575 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an image that allows volumes to override files in /proc. Successful exploitation could allow attackers to set arbitrary ... oval:org.secpod.oval:def:42579 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors involving unsafe /tmp usage. Successful exploitation could allow local users to have unspecified impact. oval:org.secpod.oval:def:44760 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44761 In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:44762 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. oval:org.secpod.oval:def:43822 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:38488 apport: automatically generate crash reports for debugging Apport could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:38999 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:45660 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1900174 In the cron package through 3.0pl1-128 on Debian, and through3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:1900353 libexif-dev through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif-dev/exif-data.c caused by improper length computation of the allocated data of an ExifMnoteentry which can cause denial-of-service or possibly information disclosure. oval:org.secpod.oval:def:62296 bluez: Bluetooth tools and daemons Several security issues were fixed in BlueZ. oval:org.secpod.oval:def:66659 accountsservice: query and manipulate user account information Several security issues were fixed in AccountsService. oval:org.secpod.oval:def:1900328 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected.watchOS before 3.2.2 is affected. The issue involves the "SQLite"component. It allows remote attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:1900331 An exploitable code execution vulnerability exists in the trapper command functionality of zabbix-agent Server 2.4.X. A specially crafted set of packet scan cause a command injection result ing in remote code execution. An attacker can make requests from an active zabbix-agent Proxy to trigger this ... oval:org.secpod.oval:def:50269 scp client spoofing via stderr oval:org.secpod.oval:def:50278 irssi: terminal based IRC client Irssi could be made to crash or execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:50279 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1901604 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exis ... oval:org.secpod.oval:def:69260 The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). oval:org.secpod.oval:def:49675 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:1901612 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:68045 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:68046 libapache2-mod-perl2: Integration of perl with the Apache2 web server mod_perl could be made to run programs contrary to expectations. oval:org.secpod.oval:def:68048 freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:54265 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:1901130 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON. oval:org.secpod.oval:def:64082 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1900294 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:1902054 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables. oval:org.secpod.oval:def:1902050 Modelines allow arbitrary code execution by opening a specially crafted text file oval:org.secpod.oval:def:1900466 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:1900470 run user in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:1900453 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900031 Squid before 4.4, when SNMP is enabled, allows a denial of service via an SNMP packet. oval:org.secpod.oval:def:48010 libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ... oval:org.secpod.oval:def:1901720 get_8bit_row in rdbmp.c in libturbojpeg through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. oval:org.secpod.oval:def:50337 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a la ... oval:org.secpod.oval:def:703086 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703085 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703089 ubuntu-core-launcher: Snap application launcher ubuntu-core-launcher did not properly isolate snaps from one another. oval:org.secpod.oval:def:703071 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703066 libsoup2.4: HTTP client/server library for GNOME Details: USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory This update fixes ... oval:org.secpod.oval:def:703069 libtasn1-6: Library to manage ASN.1 structures Details: USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory Libtasn1 could be made to hang if it processed specially crafted data. oval:org.secpod.oval:def:68053 sox: Swiss army knife of sound processing SoX could be made to crash if it received a specially crafted MP3 file. oval:org.secpod.oval:def:68051 glib2.0: GLib Input, Output and Streaming Library GLib did not properly restrict directory and file permissions. oval:org.secpod.oval:def:68054 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:1900408 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900404 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function inImfZip.cpp could cause the application to crash. oval:org.secpod.oval:def:704375 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:47236 postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1902125 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. oval:org.secpod.oval:def:1902127 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. oval:org.secpod.oval:def:1902123 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements . T ... oval:org.secpod.oval:def:1902122 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan. oval:org.secpod.oval:def:47604 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:55225 gnutls28: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:34322 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer. Incorrect banked access bounds checking in vga module. oval:org.secpod.oval:def:1900101 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of tilibming-dev data using crafted packets. oval:org.secpod.oval:def:1901436 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition. oval:org.secpod.oval:def:1901414 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. oval:org.secpod.oval:def:54426 pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker. oval:org.secpod.oval:def:1900122 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of tilibming-dev data using crafted packets. oval:org.secpod.oval:def:66848 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:1900131 Directory Traversal with ../ sequences occurs in AccountsService before0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb in user.c. oval:org.secpod.oval:def:1900505 Integer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to cause a denial of service via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. oval:org.secpod.oval:def:61109 Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. oval:org.secpod.oval:def:61587 libexif: library to parse EXIF files Several security issues were fixed in libexif. oval:org.secpod.oval:def:61586 qtbase-opensource-src: Qt 5 libraries Several security issues were fixed in Qt. oval:org.secpod.oval:def:1901884 A flaw was found in the way pacemaker"s client-server authentication was implemented. A local attacker could use this flaw and combine it with other IPC weaknesses, to achieve local privilege escalation. oval:org.secpod.oval:def:1901881 A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS oval:org.secpod.oval:def:1900520 A vulnerability was found in libexif-dev. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service and Information Disclosure . oval:org.secpod.oval:def:1901858 Todd Miller"s sudo version 1.8.20p1 and earlier is vulnerable to an input validation in the get_process_ttyname function resulting in information disclosure and command execution. oval:org.secpod.oval:def:1900537 Heap-based buffer overflow in the DHCP client in BusyBox before1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. oval:org.secpod.oval:def:54091 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:703121 linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703125 libndp: Library for Neighbor Discovery Protocol libndp could be tricked into accepting an NDP message from outside the local network. oval:org.secpod.oval:def:703124 libksba: X.509 and CMS support library Libksba could be made to crash or run programs if it decoded specially crafted data. oval:org.secpod.oval:def:703123 linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:48685 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703113 firefox: Mozilla Open Source web browser Details: USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ... oval:org.secpod.oval:def:703111 libarchive: Library to read/write archive files libarchive could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:59741 libjpeg-turbo: library for handling JPEG files Several security issues were fixed in libjpeg-turbo. oval:org.secpod.oval:def:703118 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:58422 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:703107 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:46457 policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit. oval:org.secpod.oval:def:704414 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:1901375 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executio ... oval:org.secpod.oval:def:1900055 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:1900223 Use-after-free vulnerability in the clntudp_call function insunrpc/clnt_udp.c in the GNU C Library before 2.26allows remote attackers to have unspecified impact via vectors related to error path. oval:org.secpod.oval:def:49184 systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ... oval:org.secpod.oval:def:1900236 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900214 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution;it may result in denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:53642 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901585 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:1901950 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1901957 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:1901960 The EAP-pwd implementation in hostapd before 2.8 and wpasupplicant_supplicant before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference . This affects ea ... oval:org.secpod.oval:def:50590 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:50589 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. oval:org.secpod.oval:def:1901948 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:1901944 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:1901528 sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute ... oval:org.secpod.oval:def:50606 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing ... oval:org.secpod.oval:def:50607 An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability ... oval:org.secpod.oval:def:1900198 Vim 8.0 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted source file.NOTE: there might be a limited number of scenarios in which this has security relevance. oval:org.secpod.oval:def:1901499 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. oval:org.secpod.oval:def:1900160 A cache-based side channel in GnuTLS implementation that leads to plaintext recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. oval:org.secpod.oval:def:1901028 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. oval:org.secpod.oval:def:1901072 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming. oval:org.secpod.oval:def:54576 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:54577 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. oval:org.secpod.oval:def:1901058 FasterXML libjackson2-databind-java through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, ... oval:org.secpod.oval:def:1901223 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. oval:org.secpod.oval:def:1900741 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. oval:org.secpod.oval:def:1900791 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:703396 linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703399 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703398 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703392 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703390 linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703385 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file. oval:org.secpod.oval:def:703384 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703383 c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname. oval:org.secpod.oval:def:703381 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703376 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703375 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703370 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins Details: USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory GStreamer could be made to crash or run programs as your lo ... oval:org.secpod.oval:def:703379 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703361 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins GStreamer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703367 lxc: Linux Containers userspace tools LXC could be made to allow containers to access to the host filesystem. oval:org.secpod.oval:def:703366 moin: Collaborative hypertext environment Several security issues were fixed in MoinMoin. oval:org.secpod.oval:def:703369 python-cryptography: Cryptography Python library python-cryptography could generate incorrect keys. oval:org.secpod.oval:def:34282 ImageMagick allows to process files with external libraries. This feature is called 'delegate'. It is implemented as a system() with command string ('command') from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filteri ... oval:org.secpod.oval:def:34283 ImageMagick allows to make HTTP GET or FTP request. oval:org.secpod.oval:def:703355 linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703354 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:34286 ImageMagick allows to get content of the files from the server by using 'label' pseudo protocol. oval:org.secpod.oval:def:34284 ImageMagick allows to delete files by using 'ephemeral' pseudo protocol which deletes files after reading. oval:org.secpod.oval:def:34285 ImageMagick allows to move image files to file with any extension in any folder by using 'msl' pseudo protocol. oval:org.secpod.oval:def:703359 tar: GNU version of the tar archiving utility tar could be made to overwrite files. oval:org.secpod.oval:def:703358 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703343 memcached: high-performance memory object caching system Memcached could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703342 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-367: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to run programs as an administrator. oval:org.secpod.oval:def:703346 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703334 mailman: Powerful, web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:703333 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703332 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:703331 nginx: small, powerful, scalable web/proxy server Details: USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3114-1 introduc ... oval:org.secpod.oval:def:703338 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703337 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703339 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703323 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703327 nginx: small, powerful, scalable web/proxy server The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703329 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703328 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1901153 Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an ap ... oval:org.secpod.oval:def:703312 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703316 linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator. oval:org.secpod.oval:def:1901150 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:703318 linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703304 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703302 tracker: metadata database, indexer and search tool Tracker could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703308 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703306 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1901149 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:1901171 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac ... oval:org.secpod.oval:def:1901323 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:1901326 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. oval:org.secpod.oval:def:1901338 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1900840 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interact ... oval:org.secpod.oval:def:1900849 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c ... oval:org.secpod.oval:def:1900890 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:703493 php7.0: HTML-embedded scripting language interpreter Details: USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. Original advisory USN-3211- ... oval:org.secpod.oval:def:703499 network-manager-applet: GNOME frontend for NetworkManager The system could be made to expose sensitive information. oval:org.secpod.oval:def:703496 linux: Linux kernel - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703490 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703483 imagemagick: Image manipulation programs and library Details: USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-31 ... oval:org.secpod.oval:def:703487 libreoffice: Office productivity suite LibreOffice could be made to disclose files if it opened a specially crafted file. oval:org.secpod.oval:def:703473 python-crypto: cryptographic algorithms and protocols for Python Details: USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This up ... oval:org.secpod.oval:def:703471 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703470 python-crypto: cryptographic algorithms and protocols for Python Programs using the Python Cryptography Toolkit could be made to crash or run programs if they receive specially crafted network traffic or other input. oval:org.secpod.oval:def:703476 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900825 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. oval:org.secpod.oval:def:703479 tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703462 nova-lxd: Openstack Compute - LXD container hypervisor support Nova-LXD could allow unintended access to LXD instances over the network. oval:org.secpod.oval:def:703460 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:1900834 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit ... oval:org.secpod.oval:def:703467 libgc: Boehm-Demers-Weiser garbage collecting storage allocator library Applications using libgc could be made to crash or run programs as your login. oval:org.secpod.oval:def:703459 firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ... oval:org.secpod.oval:def:703440 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703444 iucode-tool: Intel processor microcode tool iucode-tool could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703443 libxpm: X11 pixmap library libXpm could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703446 ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to load kernel modules as an administrator. oval:org.secpod.oval:def:1901274 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attack ... oval:org.secpod.oval:def:703433 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash under certain conditions. oval:org.secpod.oval:def:703436 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:703435 pcsc-lite: Middleware to access a smart card using PC/SC PCSC-Lite could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:703434 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703439 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703422 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703421 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703426 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703425 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:703423 webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1901252 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703417 exim4: Exim is a mail transport agent Exim could be made to expose private DKIM signing keys. oval:org.secpod.oval:def:703416 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:1901269 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703400 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:1901264 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901261 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. oval:org.secpod.oval:def:1901292 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. oval:org.secpod.oval:def:1901434 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:1900564 A bug in the error handling of the send file code for the NIO HTTPconnector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant ... oval:org.secpod.oval:def:1900561 Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypas ... oval:org.secpod.oval:def:1900996 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to comp ... oval:org.secpod.oval:def:1900961 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:703199 ecryptfs-utils: eCryptfs cryptographic filesystem utilities eCryptfs could be made to expose sensitive information. oval:org.secpod.oval:def:703190 libimobiledevice: Library for communicating with iPhone and iPod Touch devices libimobiledevice would allow unintended access to devices over the network. oval:org.secpod.oval:def:703187 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703189 libusbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices libusbmuxd would allow unintended access to devices over the network. oval:org.secpod.oval:def:703183 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703176 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703175 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703174 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703171 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703170 wget: retrieves files from the web Wget could be made to overwrite files. oval:org.secpod.oval:def:703165 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:703169 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Dnsmasq could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703168 spice: SPICE protocol client and server library Several security issues were fixed in Spice. oval:org.secpod.oval:def:703166 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703154 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703156 linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703140 lxd: Container hypervisor based on LXC Several security issues were fixed in LXD. oval:org.secpod.oval:def:703146 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703145 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703130 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ... oval:org.secpod.oval:def:703139 dosfstools: utilities for making and checking MS-DOS FAT filesystems dosfstools could be made to crash or run programs if it processed a specially crafted filesystem. oval:org.secpod.oval:def:1900950 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ... oval:org.secpod.oval:def:703581 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:703579 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703563 dovecot: IMAP and POP3 email server Details: USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the & ... oval:org.secpod.oval:def:703562 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:703566 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703550 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory USN-3242-1 introduced a regression in Sam ... oval:org.secpod.oval:def:703554 nagios3: host/service/network monitoring and management system Several security issues were fixed in Nagios. oval:org.secpod.oval:def:1901394 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:703558 lightdm: Display Manager LightDM could be made to run programs as an administrator. oval:org.secpod.oval:def:703557 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703543 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to crash or run programs a ... oval:org.secpod.oval:def:703547 apparmor: Linux security system AppArmor could remove the confinement from some programs. oval:org.secpod.oval:def:703546 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703545 gst-plugins-base1.0: GStreamer Plugins - gst-plugins-base0.10: GStreamer Plugins GStreamer Base Plugins could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703549 firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox. oval:org.secpod.oval:def:703548 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins GStreamer Good Plugins could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703531 glibc: GNU C Library - eglibc: GNU C Library Details: USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that lo ... oval:org.secpod.oval:def:703535 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703533 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703538 linux-hwe: Linux hardware enablement kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703525 firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox. oval:org.secpod.oval:def:703524 nvidia-graphics-drivers-375: NVIDIA binary X.Org driver Details: USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340. This update provides the corresponding update for nvidia-graphics-drivers-375. Original advisory NVIDIA graphics drivers could be made to ... oval:org.secpod.oval:def:703523 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703529 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-375: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash under certain conditions. oval:org.secpod.oval:def:703526 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703516 libevent: Asynchronous event notification library Several security issues were fixed in libevent. oval:org.secpod.oval:def:703509 libarchive: Library to read/write archive files libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703508 lxc: Linux Containers userspace tools LXC could be made to create arbitrary virtual network interfaces as an administrator. oval:org.secpod.oval:def:703503 linux-hwe: Linux hardware enablement kernel for Ubuntu 16.04 LTS The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703502 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703507 linux-aws: Linux kernel for Amazon Web Services systems The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703506 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1901562 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1901514 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901520 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. oval:org.secpod.oval:def:703286 python-django: High-level Python web development framework Django could be made to set arbitrary cookies. oval:org.secpod.oval:def:703285 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703283 openssl: Secure Socket Layer cryptographic library and tools Details: USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-308 ... oval:org.secpod.oval:def:703289 samba: SMB/CIFS file, print, and login server for Unix Samba could be tricked into connecting to impersonated servers. oval:org.secpod.oval:def:1901506 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1901507 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. oval:org.secpod.oval:def:703281 irssi: terminal based IRC client Irssi could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703275 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703274 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703273 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703278 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703277 gdk-pixbuf: GDK-Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703270 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703264 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703263 webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703261 mysql-5.7: MySQL database - mysql-5.5: MySQL database MySQL could be made to run programs as an administrator. oval:org.secpod.oval:def:703252 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703250 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703257 file-roller: archive manager for GNOME File Roller could be made to delete files. oval:org.secpod.oval:def:703255 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703241 fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703240 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers. oval:org.secpod.oval:def:36753 The host is installed with Linux Kernel on Ubuntu 12.04, 14.04 and 16.04 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to hijack TCP sessions. oval:org.secpod.oval:def:703248 eog: Eye of GNOME graphics viewer program Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. oval:org.secpod.oval:def:703235 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:703239 postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703238 gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers. oval:org.secpod.oval:def:703236 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily ... oval:org.secpod.oval:def:703223 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703221 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703228 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703227 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703225 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703211 python-django: High-level Python web development framework A security issue was fixed in Django. oval:org.secpod.oval:def:703210 apache2: Apache HTTP server A security issue was fixed in the Apache HTTP Server. oval:org.secpod.oval:def:703217 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703215 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:703206 nspr: NetScape Portable Runtime Library NSPR could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:703208 libarchive: Library to read/write archive files libarchive could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1901038 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1901030 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901018 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. oval:org.secpod.oval:def:1901017 The C software implementation of AES Encryption and Decryption in wolfSSL before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. oval:org.secpod.oval:def:1901055 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ... oval:org.secpod.oval:def:1900349 A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed.This coul ... oval:org.secpod.oval:def:703837 git: fast, scalable, distributed revision control system Git be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:703836 firefox: Mozilla Open Source web browser Details: USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3435-1 caused a regression in Firefox. oval:org.secpod.oval:def:1901202 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703828 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq. oval:org.secpod.oval:def:703827 ca-certificates: Common CA certificates ca-certificates was updated to the 20170717 package. oval:org.secpod.oval:def:703826 nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703825 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703824 libidn: implementation of IETF IDN specifications Libidn could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:703816 emacs24: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703811 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:703814 libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703812 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900339 The error page mechanism of the Java Servlet Specification requires that,when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original H ... oval:org.secpod.oval:def:703808 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703807 qemu: Machine emulator and virtualizer Details: USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory USN ... oval:org.secpod.oval:def:703809 libplist: Library for handling Apple binary and XML property lists Libplist could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703804 bind9: Internet Domain Name Server Details: USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update ad ... oval:org.secpod.oval:def:1901233 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac ... oval:org.secpod.oval:def:1901692 A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. oval:org.secpod.oval:def:1900788 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serv ... oval:org.secpod.oval:def:1900773 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1900775 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703796 tcpdump: command-line network traffic analyzer Several security issues were fixed in tcpdump. oval:org.secpod.oval:def:703794 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703793 bluez: Bluetooth tools and daemons BlueZ could be made to expose sensitive information over bluetooth. oval:org.secpod.oval:def:703784 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:703786 linux-hwe: Linux hardware enablement kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703774 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703773 graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font. oval:org.secpod.oval:def:703772 augeas: Configuration editing tool Augeas could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:703771 libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack. oval:org.secpod.oval:def:703777 texlive-base: TeX Live: Essential programs and files TeX Live could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703775 cvs: Concurrent Versions System cvs could be made run programs as your login if it opened a specially crafted cvs repository. oval:org.secpod.oval:def:703779 python-pysaml2: Pure python implementation of SAML2 The system could be made to expose sensitive information. oval:org.secpod.oval:def:703763 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: USN-3378-1 fixed vulnerabilities in the Li ... oval:org.secpod.oval:def:703762 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55. oval:org.secpod.oval:def:703760 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703767 firefox: Mozilla Open Source web browser Details: USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3391-1 introduced a regression in Firefox. oval:org.secpod.oval:def:703765 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703752 libsoup2.4: HTTP client/server library for GNOME Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic. oval:org.secpod.oval:def:703756 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:703753 git: fast, scalable, distributed revision control system Git could be made run programs as your login if it opened a specially crafted git repository. oval:org.secpod.oval:def:703743 freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:703742 shotwell: digital photo organizer Shotwell could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703730 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:703734 imagemagick: Image manipulation programs and library Details: USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original ... oval:org.secpod.oval:def:703733 rabbitmq-server: AMQP server written in Erlang RabbitMQ could allow unintended access to network services. oval:org.secpod.oval:def:703732 openjdk-8: Open Source Java implementation Details: USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. We apologize for the inconvenience. Original advisory USN 3366-1 i ... oval:org.secpod.oval:def:703729 apache2: Apache HTTP server Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:703725 libiberty: library of utility functions used by GNU programs Several security issues were fixed in libiberty. oval:org.secpod.oval:def:703954 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703957 intel-microcode: Processor microcode for Intel CPUs Details: USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous ... oval:org.secpod.oval:def:1901321 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703943 linux: Linux kernel Details: USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown . Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3522-1 ... oval:org.secpod.oval:def:703946 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:703932 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ... oval:org.secpod.oval:def:703930 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Details: USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regr ... oval:org.secpod.oval:def:703935 awstats: powerful and featureful web server log analyzer AWStats could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703934 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:703918 linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware. oval:org.secpod.oval:def:703917 evince: Document viewer Evince could be made to run programs if it printed a specially crafted file. oval:org.secpod.oval:def:703916 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703915 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:703910 libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703913 libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files. oval:org.secpod.oval:def:1901361 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703907 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ... oval:org.secpod.oval:def:703906 libxml-libxml-perl: Perl interface to the libxml2 library XML::LibXML could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:703908 optipng: advanced PNG optimizer OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703901 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703900 ldns: ldns library for DNS programming Several security issues were fixed in ldns. oval:org.secpod.oval:def:1901336 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1901342 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703891 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:703890 apport: automatically generate crash reports for debugging Details: USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17 ... oval:org.secpod.oval:def:1901266 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server ... oval:org.secpod.oval:def:1902113 An error within the "parse_tiff_ifd" function in LibRaw versions before 0.18.2 can be exploited to corrupt memory. oval:org.secpod.oval:def:703888 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703887 apport: automatically generate crash reports for debugging Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation. oval:org.secpod.oval:def:703885 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703889 procmail: Versatile e-mail processor formail could be made to crash or run programs if it processed specially crafted mail. oval:org.secpod.oval:def:703872 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:703871 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:703862 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703861 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:703860 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant. oval:org.secpod.oval:def:703865 nvidia-graphics-drivers-384: Transitional package for libcuda1-384 NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703864 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703867 pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker. oval:org.secpod.oval:def:1901299 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve ... oval:org.secpod.oval:def:703851 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:703855 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703853 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703840 libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library Several security issues were fixed in libXfont. oval:org.secpod.oval:def:703843 openvswitch: Ethernet virtual switch Several security issues were fixed in Open vSwitch. oval:org.secpod.oval:def:1901462 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac ... oval:org.secpod.oval:def:1900964 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1901811 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901407 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:1900904 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ... oval:org.secpod.oval:def:703594 firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ... oval:org.secpod.oval:def:703599 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703583 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:703582 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted EMF file. oval:org.secpod.oval:def:703587 rtmpdump: small dumper for media content streamed over the RTMP protocol rtmpdump could be made to crash or run programs as your login if it processed a specially crafted stream. oval:org.secpod.oval:def:703585 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703584 shadow: system login tools su could be made to crash or stop programs as an administrator. oval:org.secpod.oval:def:1900956 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulne ... oval:org.secpod.oval:def:703588 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1900935 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit ... oval:org.secpod.oval:def:1901374 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. S ... oval:org.secpod.oval:def:1901381 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703982 firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ... oval:org.secpod.oval:def:703980 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703986 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703984 advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703971 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:703970 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703976 miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703975 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:703973 firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703961 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703965 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703964 gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703966 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703710 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703716 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703713 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:1901567 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve ... oval:org.secpod.oval:def:703706 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703700 evince: Document viewer Evince could be made run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703705 apport: automatically generate crash reports for debugging An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user. oval:org.secpod.oval:def:1900269 Integer overflow in the decode_digit function in puny_decode.c in Libidn2before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:50600 Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. oval:org.secpod.oval:def:703693 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703692 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703694 poppler: PDF rendering library poppler could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703699 nginx: small, powerful, scalable web/proxy server nginx could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703685 bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network. oval:org.secpod.oval:def:703670 linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703674 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703673 valgrind: instrumentation framework for building dynamic analysis tools Valgrind could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703672 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:703660 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703664 linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703662 exim4: Exim is a mail transport agent Exim could be made to run programs as an administrator. oval:org.secpod.oval:def:1901044 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of thi ... oval:org.secpod.oval:def:703666 linux-gke: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703665 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703669 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703653 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:703652 irssi: terminal based IRC client Irssi could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703650 linux-hwe: Linux hardware enablement kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703656 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703655 zziplib: library providing read access on ZIP-archives zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703654 libmwaw: import library for some old Mac text documents libmwaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703659 glibc: GNU C Library - eglibc: GNU C Library Gnu C library could be made to run programs as an administrator. oval:org.secpod.oval:def:703642 libnl3: library for dealing with netlink sockets libnl could be made to crash or run programs. oval:org.secpod.oval:def:703641 lintian: Debian package checker lintian could be made to run programs if it processed a specially crafted package. oval:org.secpod.oval:def:703647 nagios3: host/service/network monitoring and management system Details: USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3253-1 introduced a r ... oval:org.secpod.oval:def:703631 tiff: Tag Image File Format library Details: USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3 ... oval:org.secpod.oval:def:703639 libtasn1-6: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703638 openldap: OpenLDAP utilities OpenLDAP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703637 libsndfile: Library for reading/writing audio files Several security issues were fixed in libsndfile. oval:org.secpod.oval:def:703636 nvidia-graphics-drivers-375: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703620 miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703629 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703622 juju-core: next generation service orchestration system The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703621 firefox: Mozilla Open Source web browser Firefox was updated to a new version. oval:org.secpod.oval:def:703628 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703627 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703619 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator. oval:org.secpod.oval:def:703618 jbig2dec: JBIG2 decoder library Several security issues were fixed in jbig2dec. oval:org.secpod.oval:def:703612 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:703609 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703607 shadow: system login tools Details: USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory USN-3276-1 introduced a regression in su. oval:org.secpod.oval:def:703604 linux-hwe: Linux hardware enablement kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703603 ghostscript: PostScript and PDF interpreter Details: USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3272-1 introd ... oval:org.secpod.oval:def:704223 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:704211 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information. oval:org.secpod.oval:def:704212 sssd: System Security Services Daemon -- metapackage SSSD could be made to expose sensitive information. oval:org.secpod.oval:def:704213 mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code. oval:org.secpod.oval:def:704200 twisted: Event-based framework for internet applications Twisted could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704209 patch: Apply a diff file to an original Several security issues were fixed in Patch. oval:org.secpod.oval:def:704204 perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file. oval:org.secpod.oval:def:1900033 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. oval:org.secpod.oval:def:1902114 An error related to the "LibRaw::panasonic_load_raw" function in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. oval:org.secpod.oval:def:1900159 An issue was discovered in libjpeg 9a. The get_text_gray_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900120 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent a ... oval:org.secpod.oval:def:704096 nvidia-graphics-drivers-384: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:704091 procps: /proc file system utilities Several security issues were fixed in procps-ng. oval:org.secpod.oval:def:704082 firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ... oval:org.secpod.oval:def:704072 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:1901839 An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. oval:org.secpod.oval:def:704068 webkit2gtk: Web content engine library for GTK+ A security issue was fixed in WebKitGTK+. oval:org.secpod.oval:def:704066 qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF. oval:org.secpod.oval:def:704062 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704053 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704046 firefox: Mozilla Open Source web browser Details: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3596-1 ... oval:org.secpod.oval:def:704047 ubuntu-release-upgrader: manage release upgrades ubuntu-release-upgrader incorrectly opened as browser as an administrator. oval:org.secpod.oval:def:704048 wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704035 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:704037 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704031 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704032 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704034 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704039 python-crypto: cryptographic algorithms and protocols for Python Python Crypto could expose sensitive information. oval:org.secpod.oval:def:704024 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704027 screen-resolution-extra: Extension for the GNOME screen resolution applet Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations. oval:org.secpod.oval:def:704021 paramiko: Python SSH2 library Paramiko could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704029 icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704013 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704015 memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704012 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704002 qemu: Machine emulator and virtualizer Details: USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory USN-3575-1 introd ... oval:org.secpod.oval:def:704003 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:704004 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:704000 isc-dhcp: DHCP server and client Several security issues were fixed in DHCP. oval:org.secpod.oval:def:704001 memcached: high-performance memory object caching system Several security issues were fixed in Memcached. oval:org.secpod.oval:def:704006 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704008 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704009 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1900070 An issue was discovered in libjpeg 9a. The get_text_rgb_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:703990 libreoffice: Office productivity suite LibreOffice would allow unintended access to files over the network. oval:org.secpod.oval:def:703997 sensible-utils: Utilities for sensible alternative selection sensible-utils could be made to run programs as your login if it opened a malicious URL. oval:org.secpod.oval:def:703989 cups: Common UNIX Printing System CUPS could be made to provide access to printers over the network. oval:org.secpod.oval:def:1900091 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to7.0.88. oval:org.secpod.oval:def:1900224 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22,8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by th ... oval:org.secpod.oval:def:704196 transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code. oval:org.secpod.oval:def:704198 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704199 xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704192 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704193 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704194 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704195 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704190 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:704191 apport: automatically generate crash reports for debugging Details: USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory USN-3480-2 introduced regressions in A ... oval:org.secpod.oval:def:704189 python-werkzeug: collection of utilities for WSGI applications Werkzeug could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704188 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704182 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704183 poppler: PDF rendering library poppler could be made to crash if opened a specially crafted file. oval:org.secpod.oval:def:704184 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted PDF. oval:org.secpod.oval:def:704179 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704174 libvorbis: The Vorbis General Audio Compression Codec Several security issues were fixed in libvorbis. oval:org.secpod.oval:def:704175 icu: International Components for Unicode library ICU could be made to crash or run arbitrary code as your login if it received specially crafted input. oval:org.secpod.oval:def:704177 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704172 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704173 libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:704167 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:704168 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704164 clamav: Anti-virus utility for Unix ClamAV could be made to hang if it opened a specially crafted file. oval:org.secpod.oval:def:704166 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:704156 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:704157 dnsmasq: Small caching DNS proxy and DHCP/TFTP server The list of trust anchors has been updated. oval:org.secpod.oval:def:704158 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704159 dns-root-data: DNS root data including root zone and DNSSEC key The list of trust anchors has been updated. oval:org.secpod.oval:def:704153 firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704150 openslp-dfsg: Service Location Protocol library OpenSLP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704145 zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704147 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704124 gnupg2: GNU privacy guard - a free PGP replacement Details: USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory GnuPG 2 could be made to present validi ... oval:org.secpod.oval:def:704127 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704111 gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:704119 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704101 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704105 elfutils: collection of utilities to handle ELF objects elfutils could be made to crash or consume resources if it opened a specially crafted file. oval:org.secpod.oval:def:704108 unbound: validating, recursive, caching DNS resolver A security issue was fixed in Unbound. oval:org.secpod.oval:def:1901045 The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. oval:org.secpod.oval:def:1900320 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. oval:org.secpod.oval:def:704288 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message. oval:org.secpod.oval:def:704284 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704280 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704277 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:1900319 RubyGems version 2.6.12 and earlier fails to validate specification names,allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. oval:org.secpod.oval:def:704272 - gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. oval:org.secpod.oval:def:704252 lftp: Sophisticated command-line FTP/HTTP/BitTorrent client programs LFTP could be made to crash if it received specially crafted file. oval:org.secpod.oval:def:704250 libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704244 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704247 libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack. oval:org.secpod.oval:def:704233 sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704235 libtasn1-6: Library to manage ASN.1 structures Several security issues were fixed in Libtasn1. oval:org.secpod.oval:def:704236 gdk-pixbuf: GDK Pixbuf library Several security issues were fixed in GDK-PixBuf. oval:org.secpod.oval:def:704230 ruby2.3: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704232 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:704237 evolution-data-server: Evolution suite data server Evolution Data Server could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704238 clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We a ... oval:org.secpod.oval:def:704224 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704225 libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input. oval:org.secpod.oval:def:704221 python-pysaml2: Pure python implementation of SAML2 PySAML2 could allow authentication without a password. oval:org.secpod.oval:def:704227 perl: Practical Extraction and Report Language Perl could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704229 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704214 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704219 libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704216 wget: retrieves files from the web Wget could be made to inject arbitrary cookie values. oval:org.secpod.oval:def:704217 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. oval:org.secpod.oval:def:704398 firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704383 libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack. oval:org.secpod.oval:def:704384 gettext: GNU Internationalization utilities gettext could be made to execute arbitrary code if it received a specially crafted message. oval:org.secpod.oval:def:704385 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:704381 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:704382 pyopenssl: Python wrapper around the OpenSSL library Several security issues were fixed in pyOpenSSL. oval:org.secpod.oval:def:704376 spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin. oval:org.secpod.oval:def:704377 ppp: Point-to-Point Protocol ppp could be made to crash or bypass authentication if it received specially crafted network traffic. oval:org.secpod.oval:def:704372 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704373 systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704371 network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704369 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704356 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704350 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704351 moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:704352 libssh: A tiny C SSH library libssh could allow unintended access to network services. oval:org.secpod.oval:def:704353 paramiko: Python SSH2 library Paramiko could allow unintended access to network services. oval:org.secpod.oval:def:704358 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704344 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations. oval:org.secpod.oval:def:704340 libxkbcommon: library interface to the XKB compiler - development files Several security issues were fixed in libxkbcommon. oval:org.secpod.oval:def:704347 clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704348 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704349 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704335 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704337 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704339 apparmor: Linux security system Use a more restrictive blacklist in several policy abstractions. oval:org.secpod.oval:def:704323 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704320 glib2.0: GLib Input, Output and Streaming Library Several security issues were fixed in GLib. oval:org.secpod.oval:def:704326 mutt: text-based mailreader supporting MIME, GPG, PGP and threading Details: USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original a ... oval:org.secpod.oval:def:704327 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704310 transfig: Utilities for converting XFig figure files transfig could be made to execute arbitrary code if it received a specially crafted FIG file. oval:org.secpod.oval:def:704311 zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script. oval:org.secpod.oval:def:704314 firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ... oval:org.secpod.oval:def:704315 firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ... oval:org.secpod.oval:def:704316 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704317 clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3722-1 introduced a regressio ... oval:org.secpod.oval:def:704307 libx11: X11 client-side library Several security issues were fixed in libx11. oval:org.secpod.oval:def:704309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704306 poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file. oval:org.secpod.oval:def:1901807 device_tree: heap buffer overflow while loading device tree blob oval:org.secpod.oval:def:704432 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:704433 python-django: High-level Python web development framework Django could be made to expose spoofed information over the network. oval:org.secpod.oval:def:704439 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:704437 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:704421 cups: Common UNIX Printing System CUPS could be made to expose sensitive information. oval:org.secpod.oval:def:704422 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:704423 poppler: PDF rendering library Details: USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3837-1 introduced a regression in poppler. oval:org.secpod.oval:def:704425 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704417 ghostscript: PostScript and PDF interpreter Details: USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory USN-3831-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:704419 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack. oval:org.secpod.oval:def:704416 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704400 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704401 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:704406 libssh: A tiny C SSH library Details: USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory USN-3795-1 and USN-3795-2 introduced a regression in libssh. oval:org.secpod.oval:def:704407 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704402 systemd: system and service manager Details: USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this co ... oval:org.secpod.oval:def:704404 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation USN-3804-1 introduced a regression in OpenJDK. oval:org.secpod.oval:def:1900241 In ImageMagick before 6.9.7-10, there is a crash if the image dimensions are too large,as demonstrated by use of the mpc coder. oval:org.secpod.oval:def:704178 mutt: text-based mailreader supporting MIME, GPG, PGP and threading Several security issues were fixed in Mutt. oval:org.secpod.oval:def:704129 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:1901496 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:704941 postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1901676 GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may re ... oval:org.secpod.oval:def:1901684 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. oval:org.secpod.oval:def:50270 scp client spoofing via stderr oval:org.secpod.oval:def:50267 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50268 scp client missing received object name validation oval:org.secpod.oval:def:1900757 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. oval:org.secpod.oval:def:1900776 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:704660 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704651 ghostscript: PostScript and PDF interpreter Details: USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory USN-3866-2 introduced a regressi ... oval:org.secpod.oval:def:704652 ldb: LDAP-like embedded database - tools LDB could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704653 gnome-keyring: GNOME keyring services GNOME Keyring could be made to expose sensitive information. oval:org.secpod.oval:def:704654 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704655 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704657 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704658 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704805 openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete. oval:org.secpod.oval:def:1901787 In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small oval:org.secpod.oval:def:1900026 The GD Graphics Library 2.2.5 has a double free in thegdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE:PHP is unaffected. oval:org.secpod.oval:def:1900007 The libtiff-toolsFdOpen function in tif_unix.c in Liblibtiff-tools 4.0.10 has a memory leak,as demonstrated by pal2rgb. oval:org.secpod.oval:def:1900480 libical-dev 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1901708 XML parser class fails to trap exceptions on malformed XML declaration oval:org.secpod.oval:def:1901728 hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random function call. oval:org.secpod.oval:def:1901754 [Escape sequence injection vulnerability in verbose] oval:org.secpod.oval:def:1901756 [Escape sequence injection vulnerability in API response handling] oval:org.secpod.oval:def:1901760 [Delete directory using symlink when decompressing tar] oval:org.secpod.oval:def:1901739 [Escape sequence injection vulnerability in gem owner] oval:org.secpod.oval:def:1901742 [Installing a malicious gem may lead to arbitrary code execution] oval:org.secpod.oval:def:1901745 [Escape sequence injection vulnerability in errors] oval:org.secpod.oval:def:1900823 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. oval:org.secpod.oval:def:1900827 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. oval:org.secpod.oval:def:1900117 In Liblibtiff-tools 4.0.9, there is a NULL pointer dereference in the libtiff-toolsWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by libtiff-tools set. oval:org.secpod.oval:def:1900140 NULL pointer dereference in several CMS functions result ing in a denial of service oval:org.secpod.oval:def:1901806 An out-of-bounds heap read condition when scanning PE files oval:org.secpod.oval:def:1901808 Buffer overflow vulnerability oval:org.secpod.oval:def:1900529 An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the libfreeimage-dev library. A specially crafted XMPfile can cause an arbitrary memory overwrite result ing in code execution.An attacker can provide a malicious image to trigger this vulnerability. oval:org.secpod.oval:def:1901854 libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:704499 systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message. oval:org.secpod.oval:def:704493 python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704494 snapd: Daemon and tooling that enable snap packages snapd could be made to run programs as an administrator. oval:org.secpod.oval:def:704490 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704492 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704486 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:704487 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704489 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:704485 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704475 avahi: Avahi IPv4LL network address configuration daemon Several security issues were fixed in Avahi. oval:org.secpod.oval:def:704471 openvswitch: Ethernet virtual switch Several security issues were fixed in Open vSwitch. oval:org.secpod.oval:def:704473 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704474 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:704465 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704462 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel The system could be made unavailable if it received specially crafted network traffic. oval:org.secpod.oval:def:704463 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Details: USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement Kernel kernel for Ubuntu 16.04 LTS. Unfortunately, the f ... oval:org.secpod.oval:def:704468 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704450 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704451 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704452 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704440 libcaca: text mode graphics utilities Several security issues were fixed in libcaca. oval:org.secpod.oval:def:704441 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704447 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704448 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704449 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:1901803 An out-of-bounds heap read condition when scanning PDF documents oval:org.secpod.oval:def:1901804 An out-of-bounds heap write condition when scanning OLE2 files oval:org.secpod.oval:def:704899 libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:704882 systemd: system and service manager The systemd PAM module could be used to gain additional PolicyKit privileges. oval:org.secpod.oval:def:704883 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:704884 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant and hostapd. oval:org.secpod.oval:def:704880 lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script. oval:org.secpod.oval:def:704881 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704888 rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input. oval:org.secpod.oval:def:704889 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:1900077 A NULL pointer dereference in the function _libtiff-tools memcmp at tif_unix.c in Liblibtiff-tools 4.0.9 allows an attacker to cause a denial-of-service through a crafted libtiff-tools file. This vulnerability can be triggered by the executable libtiff-tool scp. oval:org.secpod.oval:def:704877 advancecomp: collection of recompression utilities AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704878 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:704861 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:704852 freeimage: Support library for graphics image formats FreeImage could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704853 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704855 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox. oval:org.secpod.oval:def:704856 gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704842 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704845 xmltooling: C++ XML parsing library with encryption support xmltooling could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704835 p7zip: 7z file archiver with high compression ratio p7zip could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704836 snapd: Daemon and tooling that enable snap packages An intended access restriction in snapd could be bypassed by strict mode snaps on 64 bit architectures. oval:org.secpod.oval:def:704838 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704833 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704834 ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to crash or potentially run programs as an administrator if executed with specially crafted arguments. oval:org.secpod.oval:def:704824 libvirt: Libvirt virtualization toolkit libvirt could be made to crash under certain conditions. oval:org.secpod.oval:def:704827 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:704822 walinuxagent: Windows Azure Linux Agent WALinuxAgent could be made to expose sensitive information. oval:org.secpod.oval:def:1900685 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. oval:org.secpod.oval:def:1901120 0-byte record padding oracle oval:org.secpod.oval:def:1901515 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. oval:org.secpod.oval:def:704501 ghostscript: PostScript and PDF interpreter Details: USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory USN-3866-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:704502 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:1901079 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. oval:org.secpod.oval:def:1900794 In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. oval:org.secpod.oval:def:1902089 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1902084 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service or possibly have unspecified other impact because it tries to decompress twice. oval:org.secpod.oval:def:1902085 Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. oval:org.secpod.oval:def:1902099 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. oval:org.secpod.oval:def:1902095 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. oval:org.secpod.oval:def:1902096 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. oval:org.secpod.oval:def:1902068 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes. oval:org.secpod.oval:def:1902063 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. oval:org.secpod.oval:def:1902070 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ... oval:org.secpod.oval:def:1902024 It was discovered the fix for CVE-2018-19758 was not complete and still allows a read beyond the limits of a buffer in wav_write_header function in wav.c. A local attacker may use this flaw to make the application crash. oval:org.secpod.oval:def:1901170 The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of ... oval:org.secpod.oval:def:1902037 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. oval:org.secpod.oval:def:1902036 An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn"t support that option , an authenticated user may block ... oval:org.secpod.oval:def:1902034 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. oval:org.secpod.oval:def:1901355 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. oval:org.secpod.oval:def:1901702 Jann Horn identified a problem in current versions of libseccomp-dev where the library did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators . oval:org.secpod.oval:def:1901755 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find located at Dict.cc, which can be triggered by passing a crafted pdf file to the pdfunite binary. oval:org.secpod.oval:def:1901762 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. oval:org.secpod.oval:def:1901761 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. oval:org.secpod.oval:def:1901744 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. oval:org.secpod.oval:def:1900896 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. oval:org.secpod.oval:def:1901743 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. oval:org.secpod.oval:def:1900414 The function GfxImageColorMap::getGray in GfxState.cc in libpoppler-dev 0.54.0allows remote attackers to cause a denial of service via a crafted PDF document, related to missing color-map validation in Image OutputDev.cc. oval:org.secpod.oval:def:1902102 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. oval:org.secpod.oval:def:1902107 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of ... oval:org.secpod.oval:def:1902106 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service because ebl_core_note does not reject malformed core file notes. oval:org.secpod.oval:def:1902111 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. oval:org.secpod.oval:def:1900105 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. oval:org.secpod.oval:def:1900114 In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:704916 tcpflow: TCP flow recorder tcpflow could be made to crash or expose sensitive information over the network if it opened a specially crafted file or received specially crafted network traffic. oval:org.secpod.oval:def:704917 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704902 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ... oval:org.secpod.oval:def:704903 ntfs-3g: read/write NTFS driver for FUSE Details: USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory A hardening measure was added to NTFS-3G. oval:org.secpod.oval:def:1900144 In libpoppler-dev 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extract PDFSubtype processing. oval:org.secpod.oval:def:1900146 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:1900143 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile1 1.0.28 that will cause a denial of service. oval:org.secpod.oval:def:1900149 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes result ing in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:1900154 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. oval:org.secpod.oval:def:1900123 An issue was discovered in libsndfile1 1.0.28. There is a NULL pointerdereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. oval:org.secpod.oval:def:1900130 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2a law_array in a law.c that will lead to a denial of service. oval:org.secpod.oval:def:1900137 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:1900501 python-web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. oval:org.secpod.oval:def:1901816 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. oval:org.secpod.oval:def:1901822 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. oval:org.secpod.oval:def:1901817 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. oval:org.secpod.oval:def:1900541 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service via a crafted bzip2 file,related to block ends set to before the start of the block. oval:org.secpod.oval:def:1900071 An issue was discovered in libpoppler-dev 0.71.0. There is a memory leak inGfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftolibcairo2-dev. oval:org.secpod.oval:def:1900042 In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. oval:org.secpod.oval:def:1900044 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. oval:org.secpod.oval:def:1900058 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:1900088 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service via a crafted PNG file. oval:org.secpod.oval:def:704814 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1900090 corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. oval:org.secpod.oval:def:1900275 In libsndfile1 1.0.25 , a divide-by-zero error exists in the function wav_w64_read_fmt_chunk in wav_w64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1901107 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. oval:org.secpod.oval:def:705050 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705049 znc: advanced modular IRC bouncer znc could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:705036 policykit-desktop-privileges: run common desktop actions without password A security improvement has been made to policykit-desktop-privileges. oval:org.secpod.oval:def:705037 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:705038 neutron: OpenStack Virtual Network Service A system hardening measure could be bypassed. oval:org.secpod.oval:def:1901931 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:1901930 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure via a crafted vcf file. oval:org.secpod.oval:def:1901927 The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:705029 web2py: High-level Python web development framework Several security issues were fixed in web2py. oval:org.secpod.oval:def:705010 dbus: simple interprocess messaging system DBus could allow unintended access to services. oval:org.secpod.oval:def:705013 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ... oval:org.secpod.oval:def:705007 glib2.0: GLib library of C routines GLib could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705009 elfutils: collection of utilities to handle ELF objects Several security issues were fixed in elfutils. oval:org.secpod.oval:def:1901913 A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. oval:org.secpod.oval:def:1901910 An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds r ... oval:org.secpod.oval:def:704993 db5.3: Berkeley DB Utilities Berkeley DB could be made to expose sensitive information. oval:org.secpod.oval:def:704999 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ... oval:org.secpod.oval:def:704981 doxygen: Documentation system for C, C++, Java, Python and other languages Doxygen could be made to run scripts as your login if it received a specially crafted query. oval:org.secpod.oval:def:1900165 In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImagefunction of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:704980 qtbase-opensource-src: Qt 5 libraries Several security issues were fixed in Qt. oval:org.secpod.oval:def:1900161 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:704970 keepalived: Failover and monitoring daemon for LVS clusters Keepalived could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704973 corosync: cluster engine daemon and utilities Corosync could be made to crash or execute arbitrary code if it received a specially crafted request. oval:org.secpod.oval:def:704974 evolution-data-server: Evolution suite data server Evolution Data Server would sometimes display email content as encrypted when it was not. oval:org.secpod.oval:def:704975 libseccomp: library for working with the Linux seccomp filter libseccomp could allow unintended access to system calls. oval:org.secpod.oval:def:704960 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1901078 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. oval:org.secpod.oval:def:704968 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3976-1 introduced a regression i ... oval:org.secpod.oval:def:704952 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:704955 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:704944 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:704939 vcftools: Collection of tools to work with VCF files VCFTools could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704934 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1900358 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly marklookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result ing in code execution. By default, the jinja2 templating ... oval:org.secpod.oval:def:1900326 An exploitable integer overflow vulnerability exists when creating a newRGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow result ing in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a special ... oval:org.secpod.oval:def:1901240 A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. oval:org.secpod.oval:def:705184 ibus: Intelligent Input Bus - core Details: USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory USN 4134-1 introduced a regression in IBus. oval:org.secpod.oval:def:705185 libreoffice: Office productivity suite LibreOffice could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705176 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:705177 apache2: Apache HTTP server Details: USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory ... oval:org.secpod.oval:def:705178 wpa: client support for WPA and WPA2 wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. oval:org.secpod.oval:def:705172 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - ... oval:org.secpod.oval:def:705173 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:705168 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat 8. oval:org.secpod.oval:def:705165 memcached: high-performance memory object caching system Memcached could be made to expose sensitive information if it received a specially crafted UNIX socket. oval:org.secpod.oval:def:705166 freetype: FreeType 2 is a font engine library FreeType could be made to expose sensitive information if if it opened a specially crafted font file. oval:org.secpod.oval:def:705150 dovecot: IMAP and POP3 email server Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. oval:org.secpod.oval:def:705151 ghostscript: PostScript and PDF interpreter Ghostscript could be made to access arbitrary files if it opened a specially crafted file. oval:org.secpod.oval:def:705152 dovecot: IMAP and POP3 email server Details: USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4110-1 introduced a regression in Dovecot. oval:org.secpod.oval:def:705132 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:705133 nltk: Python libraries for natural language processing NLTK could be made to overwrite files. oval:org.secpod.oval:def:705134 giflib: library for GIF images Several security issues were fixed in GIFLIB. oval:org.secpod.oval:def:705124 nova: OpenStack Compute cloud infrastructure Nova could be made to expose sensitive information. oval:org.secpod.oval:def:705126 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:705127 docker.io: Linux container runtime Details: Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Original advisory Docker could be made to crash o ... oval:org.secpod.oval:def:705128 kconfig: configuration settings framework for Qt - kde4libs: KDE 4 core applications and libraries KConfig and KDE libraries could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:705104 glib2.0: GLib Input, Output and Streaming Library Details: USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4049-1 introduced a re ... oval:org.secpod.oval:def:705101 sigil: multi-platform ebook editor Sigil could be made to overwrite files. oval:org.secpod.oval:def:705107 ruby-rack: modular Ruby webserver interface Rack could allow cross-site scripting attacks. oval:org.secpod.oval:def:705108 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:705109 ghostscript: PostScript and PDF interpreter Ghostscript could be made to access files if it opened a specially crafted file. oval:org.secpod.oval:def:705254 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705248 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:705241 tiff: Tag Image File Format library Several security issues were fixed in LibTIFF. oval:org.secpod.oval:def:705243 uw-imap: c-client library for mail protocols - library files UW IMAP could be made to execute programs if it received specially crafted input. oval:org.secpod.oval:def:705240 aspell: GNU Aspell spell-checker Aspell could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:1901765 [HTTP/2 DoS] oval:org.secpod.oval:def:705235 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:705239 libsdl1.2: Simple DirectMedia Layer Several security issues were fixed in SDL. oval:org.secpod.oval:def:705223 e2fsprogs: ext2/ext3/ext4 file system utilities e2fsprogs could be made to execute arbitrary code if it is running in a crafted ext4 partition. oval:org.secpod.oval:def:705224 libsdl2: Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces SDL 2.0 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705220 firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website. oval:org.secpod.oval:def:705221 file-roller: archive manager for GNOME File Roller could be made to overwrite sensitive files if it received a specially crafted TAR file. oval:org.secpod.oval:def:1900102 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->Running Code - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900989 In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker"s control, allowing to run arbitrary code as a result. oval:org.secpod.oval:def:705099 subversion: Advanced version control system Subversion could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705093 tmpreaper: cleans up files in directories based on their age tmpreaper could be made to overwrite files as the administrator. oval:org.secpod.oval:def:705084 patch: Apply a diff file to an original Several security issues were fixed in Patch. oval:org.secpod.oval:def:705086 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705077 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:705079 libmspack: library for Microsoft compression formats libmspack could be made to expose sensitive information if it received a specially crafted CHM file. oval:org.secpod.oval:def:1901963 Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a mount via rename which could result in local privilege escalation. Mounting via rename could potentially lead to a file being placed elsewhereon the filesystem hierarchy if the directory being cleaned up was on the same physica ... oval:org.secpod.oval:def:1900740 Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:705175 ibus: Intelligent Input Bus - core IBus would allow local users to capture key strokes of other locally logged in users. oval:org.secpod.oval:def:1900748 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage function in coders/pcl.c during writes of monochrome images. oval:org.secpod.oval:def:1900784 In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. oval:org.secpod.oval:def:1900306 In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read inReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. oval:org.secpod.oval:def:1902088 A NULL pointer dereference was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. oval:org.secpod.oval:def:1902086 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name, d_encoding, and d_local_name in cp-demangle.c. Remote attackers could leverage this vulnerability to c ... oval:org.secpod.oval:def:1902069 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. oval:org.secpod.oval:def:1902066 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual and cplus_demangle_type in cp-demangle.c. Remote attackers could leverage this vulnerability ... oval:org.secpod.oval:def:1902062 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many "P" characters. oval:org.secpod.oval:def:1902061 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. oval:org.secpod.oval:def:1902060 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_funct ... oval:org.secpod.oval:def:1902076 demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. oval:org.secpod.oval:def:1902075 An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_ ... oval:org.secpod.oval:def:1901151 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. oval:org.secpod.oval:def:1901168 ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901163 ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. oval:org.secpod.oval:def:1901141 The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. oval:org.secpod.oval:def:1900297 In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null PointerDereference occurs while transferring JPEG scanlines, related to aPixelPacket pointer. oval:org.secpod.oval:def:1900292 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data someti ... oval:org.secpod.oval:def:1901197 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. oval:org.secpod.oval:def:1901192 The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901194 WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901177 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service . oval:org.secpod.oval:def:1901351 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. oval:org.secpod.oval:def:1901352 GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile informat ... oval:org.secpod.oval:def:1900862 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. oval:org.secpod.oval:def:705297 graphicsmagick: collection of image processing tools Several security issues were fixed in GraphicsMagick. oval:org.secpod.oval:def:1900865 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:705285 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:705283 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:705284 postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to create arbitrary directories. oval:org.secpod.oval:def:1900856 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/libtiff-tools.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and til ... oval:org.secpod.oval:def:1900895 GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache files. oval:org.secpod.oval:def:1901251 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIF ... oval:org.secpod.oval:def:1901265 In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. oval:org.secpod.oval:def:1901440 The QuantumTransferMode function in coders/libtiff-tools.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file. oval:org.secpod.oval:def:1901477 GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. oval:org.secpod.oval:def:1901479 GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage function in coders/cmyk.c when processing multiple frames that have non-identical widths. oval:org.secpod.oval:def:1901470 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. oval:org.secpod.oval:def:1901452 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. oval:org.secpod.oval:def:1901469 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. oval:org.secpod.oval:def:1901814 A vulnerability in the Android media framework related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. oval:org.secpod.oval:def:1900963 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. oval:org.secpod.oval:def:1900962 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service via crafted JPEG files. oval:org.secpod.oval:def:705379 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:1901408 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external ... oval:org.secpod.oval:def:1900903 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. oval:org.secpod.oval:def:1900909 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:705311 libssh: A tiny C SSH library libssh could be made to run programs under certain conditions. oval:org.secpod.oval:def:705312 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705313 librabbitmq: Command-line utilities for interacting with AMQP servers Details: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory RabbitMQ could be made to execute arbitrary code if it received a s ... oval:org.secpod.oval:def:705314 libpcap: Library for for user-level network packet capture Applications using libpcap could be made to crash if given specially crafted data. oval:org.secpod.oval:def:705305 intel-microcode: Processor microcode for Intel CPUs Details: USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the ... oval:org.secpod.oval:def:1900947 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/libtiff-tools.c, in which LocaleNCompare reads heap data beyond the allocated region. oval:org.secpod.oval:def:1900949 ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901384 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. oval:org.secpod.oval:def:1900052 Input validation issue result ing in a denial of service oval:org.secpod.oval:def:1901555 ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901566 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. oval:org.secpod.oval:def:1900200 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26allows remote attackers to cause a denial of service during JNG read ing via a zero-length color_image data structure. oval:org.secpod.oval:def:1901548 There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901118 GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. oval:org.secpod.oval:def:1900260 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. oval:org.secpod.oval:def:1901109 The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed WPG image. oval:org.secpod.oval:def:1901967 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:1901969 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:1901928 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. oval:org.secpod.oval:def:1901518 GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage function in coders/rgb.c when processing multiple frames that have non-identical widths. oval:org.secpod.oval:def:1900676 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. oval:org.secpod.oval:def:1900679 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service because of an integer underflow in ReadPICTImage in coders/pict.c. oval:org.secpod.oval:def:705462 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:50605 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. oval:org.secpod.oval:def:705440 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information. oval:org.secpod.oval:def:705431 libiberty: library of utility functions used by GNU programs Several security issues were fixed in libiberty. oval:org.secpod.oval:def:705439 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:705421 apport: automatically generate crash reports for debugging Several security issues were fixed in Apport. oval:org.secpod.oval:def:705420 libpam-krb5: PAM module for MIT Kerberos pam-krb5 could be made to execute arbitrary code if it received a specially crafted response. oval:org.secpod.oval:def:705429 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705415 ibus: Intelligent Input Bus - core Details: USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize f ... oval:org.secpod.oval:def:1900181 When GraphicsMagick 1.3.25 processes a DPX image in coders/dpx.c, a denial of service can occur inReadDPXImage. oval:org.secpod.oval:def:1900182 When GraphicsMagick 1.3.25 processes an RGB libtiff-tools picture in coders/libtiff-tools.c, a buffer overflowoccurs, related to QuantumTransferMode. oval:org.secpod.oval:def:1901490 WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901054 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. oval:org.secpod.oval:def:1901052 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. oval:org.secpod.oval:def:705567 libssh: None libssh could be made to crash if it received a specially crafted request. oval:org.secpod.oval:def:705542 firefox: Mozilla Open Source web browser A X-Frame-Options bypass was discovered in Firefox. oval:org.secpod.oval:def:705543 snapd: Daemon and tooling that enable snap packages An intended access restriction in snapd could be bypassed by strict mode snaps. oval:org.secpod.oval:def:705540 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705528 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705524 glib-networking: Network extensions for GLib Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:705515 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:705516 libexif: library to parse EXIF files Several security issues were fixed in libexif. oval:org.secpod.oval:def:1900454 saned in libsane-dev 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. oval:org.secpod.oval:def:1900401 An issue was discovered in apng2gif 1.7. There is an integer overflow result ing in a heap-based buffer over-read, related to the load_a pngfunction and the imagesize variable. oval:org.secpod.oval:def:705630 storebackup: fancy compressing managing checksumming deduplicating hard-linkin StoreBackup could be made to stop executing or generate a race condition if it received a lock file in the default location. oval:org.secpod.oval:def:705631 qemu: Machine emulator and virtualizer QEMU could be made to crash or run programs. oval:org.secpod.oval:def:705634 pure-ftpd: Secure and efficient FTP server Pure-FTPd could be made to expose sensitive information if it recieved specially crafted input. oval:org.secpod.oval:def:705635 apng2gif: tool for converting APNG images to animated GIF format apng2gif could be made to expose sensitive information if it opened a specifically crafted APNG file. oval:org.secpod.oval:def:705620 milkytracker: music creation tool inspired by Fast Tracker 2 MilkyTracker could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705622 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:705627 ncmpc: ncurses-based audio player ncmpc could be made to crash if it received a long chat message. oval:org.secpod.oval:def:705629 libproxy: automatic proxy configuration management library libproxy could be made to crash if it received a specially crafted PAC file. oval:org.secpod.oval:def:705623 ruby-websocket-extensions: Generic extension manager for WebSocket connections websocket-extensions could be made to exhaust the server"s capacity to process incoming requests if it received specially crafted requests. oval:org.secpod.oval:def:705624 luajit: Just in time compiler for Lua programming language version 5.1 LuaJIT could be made crash or expose sensitive information if it received specially crafted input. oval:org.secpod.oval:def:705625 mcabber: small Jabber console client MCabber could be made to modify the roster and intercept messages if it received specially crafted XMPP packets. oval:org.secpod.oval:def:705626 libdbi-perl: Perl Database Interface Perl DBI module could be made to execute arbitrary code if it received a specially manipulated call. oval:org.secpod.oval:def:705615 ruby-loofah: manipulation and transformation of HTML/XML documents and fragments Loofah could be made to perform XSS attacks if a crafted SVG element is republished oval:org.secpod.oval:def:1900500 MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza oval:org.secpod.oval:def:1901209 The quicktime_read_dref_table function in dref.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900726 The lqt_frame_duration function in lqt_quicktime.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900728 In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. oval:org.secpod.oval:def:1900305 GNU libextractor-dev 1.6 allows remote attackers to cause a denial of service via a crafted GIF, IT, NSFE, S3M , SID, or XM file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. oval:org.secpod.oval:def:1902015 libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. oval:org.secpod.oval:def:1900288 In GNU libextractor-dev 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. oval:org.secpod.oval:def:1901139 The lqt_frame_duration function in lqt_quicktime.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1901317 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900479 The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. oval:org.secpod.oval:def:1901302 [Unknown description] oval:org.secpod.oval:def:1900483 The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible ... oval:org.secpod.oval:def:1901346 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. oval:org.secpod.oval:def:1901347 In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. oval:org.secpod.oval:def:1900018 The Debian python-python-rdflib-tools 4.2.2-1 package for python-rdflib 4.2.2 has CLItools that can load Python modules from the current working directory,allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scr ... oval:org.secpod.oval:def:1900888 The quicktime_video_width function in lqt_quicktime.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:705650 tnef: Tool to unpack MIME application/ms-tnef attachments TNEF could be made to crash or write arbitrary files to the filesystem. oval:org.secpod.oval:def:705647 libofx: client-side implementation of Open Financial Exchange specification LibOFX could be made to crash. oval:org.secpod.oval:def:705638 sa-exim: SpamAssassin filter for Exim Exim SpamAssassin could be made to execute aribitrary code if it received crafted .cf files/rules. oval:org.secpod.oval:def:705639 libpam-tacplus: PAM module for using TACACS+ as an authentication service pam_tacplus could be made to expose sensitive information. oval:org.secpod.oval:def:705637 pulseaudio: PulseAudio sound server PulseAudio could be made to crash or run programs as your login if it received specially crafted input. oval:org.secpod.oval:def:1900812 The quicktime_match_32 function in util.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:705617 openjpeg2: Open-source JPEG 2000 codec written in C language Several security issues were fixed in OpenJPEG. oval:org.secpod.oval:def:1900565 The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a differe ... oval:org.secpod.oval:def:1901898 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl ... oval:org.secpod.oval:def:1901899 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t ... oval:org.secpod.oval:def:1900126 GNU libextractor-dev through 1.8 has an out-of-bounds read vulnerability in the function history_extract in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. oval:org.secpod.oval:def:1900986 An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range arg ... oval:org.secpod.oval:def:1900991 An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when th ... oval:org.secpod.oval:def:1900516 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reachJMX ports. The issue exists because this listener wasn"t updated for consistency with ... oval:org.secpod.oval:def:1900999 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. oval:org.secpod.oval:def:1900514 When a Security Manager is configured, a web application"s ability to readsystem properties should be controlled by the Security Manager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configura ... oval:org.secpod.oval:def:1900966 An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnupl ... oval:org.secpod.oval:def:1900972 The quicktime_read_moov function in moov.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1901871 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:704044 libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900555 Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service via a largecompression method value in the central directory file header. oval:org.secpod.oval:def:705795 aptdaemon: transaction based package management service Several security issues were fixed in Aptdaemon. oval:org.secpod.oval:def:705798 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:705794 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it processed specially crafted input. oval:org.secpod.oval:def:705799 apt: Advanced front-end for dpkg APT could be made to crash or stop responding if it opened a specially crafted file. oval:org.secpod.oval:def:705770 libextractor: library used to extract metadata from files Several security issues were fixed in libextractor. oval:org.secpod.oval:def:705771 atftp: Advanced TFTP Server and Client atftp could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705772 pdfresurrect: tool for extracting versioning data from PDF documents PDFResurrect could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705769 pulseaudio: PulseAudio sound server PulseAudio could be made to expose sensitive information. oval:org.secpod.oval:def:705741 libytnef: Yerases TNEF Stream Reader library Yerase"s TNEF could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:1900932 mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. oval:org.secpod.oval:def:705748 pacemaker: Cluster resource manager Pacemaker could be made to run programs as an administrator. oval:org.secpod.oval:def:705747 openldap: Lightweight Directory Access Protocol OpenLDAP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900068 GNU libextractor-dev through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata in plugins/ole2_extractor.c. oval:org.secpod.oval:def:705730 gosa: Web Based LDAP Administration Program Several security issues were fixed in gosa. oval:org.secpod.oval:def:705731 ca-certificates: Common CA certificates The CA certificates in the ca-certificates package were updated. oval:org.secpod.oval:def:705732 pam-python: Enables PAM modules to be written in Python Details: USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. We apologize for the inconven ... oval:org.secpod.oval:def:705708 linux: Linux kernel - linux-raspi: Linux kernel for Raspberry Pi systems - linux-hwe-5.4: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux ... oval:org.secpod.oval:def:1900265 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allow sremote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its filen ... oval:org.secpod.oval:def:1901906 [Unknown description] oval:org.secpod.oval:def:1901905 [Unknown description] oval:org.secpod.oval:def:1901907 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS ... oval:org.secpod.oval:def:1901901 [Unknown description] oval:org.secpod.oval:def:1901904 [Unknown description] oval:org.secpod.oval:def:1901903 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto ... oval:org.secpod.oval:def:1901033 Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. oval:org.secpod.oval:def:705820 xawtv: X11 program for watching TV xawtv could be made to expose sensitive information and escalate user privileges if it received specially crafted input. oval:org.secpod.oval:def:1900172 gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLFSequences in HTTP Headers vulnerability in "process_headers" function in"gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have be enfixed ... oval:org.secpod.oval:def:705821 libemail-address-list-perl: RFC close address list parsing Email-Address-List could be made to remotely exhaust resources if it received specially crafted email data. oval:org.secpod.oval:def:1901077 In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. oval:org.secpod.oval:def:705819 gunicorn: Python HTTP/WSGI server Gunicorn could allow cross-site scripting attacks. oval:org.secpod.oval:def:705816 gst-plugins-base1.0: GStreamer plugins - gst-plugins-base0.10: GStreamer plugins GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705817 evince: Document viewer Evince could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705812 keystone: OpenStack identity service OpenStack Keystone would allow unintended access over the network. oval:org.secpod.oval:def:705813 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705800 python-apt: Python interface to libapt-pkg python-apt could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:705802 squirrelmail: Webmail for nuts SquirrelMail could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:1901060 In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. oval:org.secpod.oval:def:705920 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original a ... oval:org.secpod.oval:def:705921 wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705917 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisor ... oval:org.secpod.oval:def:705919 tiff: Tag Image File Format library Several security issues were fixed in LibTIFF. oval:org.secpod.oval:def:705910 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory USN-4698-1 introdu ... oval:org.secpod.oval:def:705906 openldap: Lightweight Directory Access Protocol OpenLDAP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705907 qemu: Machine emulator and virtualizer Details: USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4467-1 introduced a regression in QEMU. oval:org.secpod.oval:def:705908 xterm: X terminal emulator xterm could be made to crash or run programs if it handled specially crafted character sequences. oval:org.secpod.oval:def:705909 screen: terminal multiplexer with VT100/ANSI terminal emulation GNU Screen could be made to crash or run programs if it processed specially crafted character sequences. oval:org.secpod.oval:def:1900035 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:1900436 A deserialization flaw was discovered in the libjackson2-databind-java, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. oval:org.secpod.oval:def:1902109 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Me ... oval:org.secpod.oval:def:1900576 Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. oval:org.secpod.oval:def:1901541 A deserialization flaw was discovered in the libjackson2-databind-java in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw C ... oval:org.secpod.oval:def:1900218 Heap-based Buffer Overflow in the psf_binheader_writef function in common.cin libsndfile1 through 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:50591 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system ba ... oval:org.secpod.oval:def:70680 The commands below change password encryption from md5 to sha512 (a much stronger hashing algorithm). All existing accounts will need to perform a password change to upgrade the stored hashes to the new algorithm. Rationale: The SHA-512 algorithm provides much stronger hashing than M ... oval:org.secpod.oval:def:70644 /etc/hosts.allow file is present. oval:org.secpod.oval:def:70645 This variable limits the types of ciphers that SSH can use during communication. oval:org.secpod.oval:def:70675 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:46268 The prelinking feature changes binaries in an attempt to decrease their startup time. oval:org.secpod.oval:def:46269 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. oval:org.secpod.oval:def:70730 Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, this ability is called No Execute (NX), while on Intel processors it is called Execute Disable (XD). This ability can help prevent exploitation of buffer o ... oval:org.secpod.oval:def:70731 UsePAM Enables the Pluggable Authentication Module interface. If set to yes this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types oval:org.secpod.oval:def:70725 All users should have a password change date in the past. Rationale: If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:70726 The default TMOUT determines the shell timeout for users. The TMOUT value is measured in seconds. Rationale: Having no timeout value associated with a shell could allow an unauthorized user access to another user's shell session (e.g. user walks away from their computer and doesn' ... oval:org.secpod.oval:def:70727 The contents of the file /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:70728 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudoers_log. Any time a command ... oval:org.secpod.oval:def:70721 The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network. Rationale: Unless a system is specifically designated to act as a DNS server, it is recommended that the package be dele ... oval:org.secpod.oval:def:70722 HTTP or web servers provide the ability to host web site content. Rationale: Unless there is a need to run the system as a web server, it is recommended that the package be deleted to reduce the potential attack surface. oval:org.secpod.oval:def:70723 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. Rationale: Time synchronization is important to support time sens ... oval:org.secpod.oval:def:70724 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion. oval:org.secpod.oval:def:70720 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. The NIS client ( ypbind ) was used to bind a machine to an NIS server and receive the distributed configuration files. Ration ... oval:org.secpod.oval:def:70729 MAC algorithms being used during ssh can be limited by defining them in sshd_config file. oval:org.secpod.oval:def:70714 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. The nftables service reads the /etc/nftables.conf file for a nftables file or files to include in the nftables ruleset. A nftables ruleset containing the input, forward, and outp ... oval:org.secpod.oval:def:70715 Data from journald may be stored in volatile memory or persisted locally on the server. Utilities exist to accept remote export of journald logs, however, use of the rsyslog service provides a consistent means of log collection and export. Rationale: Storing log data on a remote ho ... oval:org.secpod.oval:def:70716 The journald system includes the capability of compressing overly large files to avoid filling up the system with logs or making the logs unmanageably large. Rationale: Uncompressed large files may unexpectedly fill a filesystem leading to resource unavailability. Compressing log ... oval:org.secpod.oval:def:70717 Data from journald may be stored in volatile memory or persisted locally on the server. Logs in memory will be lost upon a system reboot. By persisting logs to local disk on the server they are protected from loss. Rationale: Writing log data to disk will provide the ability to fo ... oval:org.secpod.oval:def:70710 Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passwd file and change the UID field. Rationale: Users must be assigned unique UIDs for accountability and to ensure appropriate access pro ... oval:org.secpod.oval:def:70711 Although the groupadd program will not let you create a duplicate Group ID (GID), it is possible for an administrator to manually edit the /etc/group file and change the GID field. Rationale: User groups must be assigned unique GIDs for accountability and to ensure appropriate a ... oval:org.secpod.oval:def:70712 Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name. Rationale: If a user is assigned a duplicate user name, it will create and have access to files with the ... oval:org.secpod.oval:def:70713 Although the groupadd program will not let you create a duplicate group name, it is possible for an administrator to manually edit the /etc/group file and change the group name. Rationale: If a group is assigned a duplicate group name, it will create and have access to files with ... oval:org.secpod.oval:def:70718 autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. RAtionale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themse ... oval:org.secpod.oval:def:70719 The nftables service allows for the loading of nftables rulesets during boot, or starting of the nftables service. Rationale: The nftables service restores the nftables rules from the rules files referenced in the /etc/sysconfig/nftables.conf file during boot or the starting of th ... oval:org.secpod.oval:def:70703 While no .rhosts files are shipped by default, users can easily create them. Rationale: This action is only meaningful if .rhosts support is permitted in the file /etc/pam.conf . Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf , they may have ... oval:org.secpod.oval:def:70704 The .netrc file contains data for logging into a remote host for file transfers via FTP. Rationale: The .netrc file presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrc files from ... oval:org.secpod.oval:def:70705 The .forward file specifies an email address to forward the user's mail to. Rationale: Use of the .forward file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The .forward file also poses a risk as it can be used to execut ... oval:org.secpod.oval:def:70706 While the system administrator can establish secure permissions for users' "dot" files, the users can easily override these. Rationale: Group or world-writable user configuration files may enable malicious users to steal or modify other users' data or to gain another user's syste ... oval:org.secpod.oval:def:70700 An account with an empty password field means that anybody may log in as that user without providing a password. Rationale: All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:70701 Users can be defined in /etc/passwd without a home directory or with a home directory that does not actually exist. Rationale: If the user's home directory does not exist or is unassigned, the user will be placed in "/" and will not be able to write any files or have local envir ... oval:org.secpod.oval:def:70702 While the system administrator can establish secure permissions for users' home directories, the users can easily override these. Rationale: Group or world-writable user home directories may enable malicious users to steal or modify other users' data or to gain another user's system ... oval:org.secpod.oval:def:70707 While the system administrator can establish secure permissions for users' .netrc files, the users can easily override these. Rationale: .netrcfiles may contain unencrypted passwords that may be used to attack other systems. oval:org.secpod.oval:def:70708 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. Rationale: If chrony is in use on the system proper configuration is vital to ensuring time synchroniza ... oval:org.secpod.oval:def:70709 Over time, system administration errors and changes can lead to groups being defined in /etc/passwd but not in /etc/group. Rationale: Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly ma ... oval:org.secpod.oval:def:46271 The talk software makes it possible for users to send and receive messages across systems through a terminal session. oval:org.secpod.oval:def:46270 The rsh package contains the client commands for the rsh services. oval:org.secpod.oval:def:46273 The DPKG package 'xserver-xorg-core' should be removed. oval:org.secpod.oval:def:46278 The DPKG package 'aide' should be installed. oval:org.secpod.oval:def:46275 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. oval:org.secpod.oval:def:46274 The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server. oval:org.secpod.oval:def:46277 The DPKG package 'rsyslog' should be installed. oval:org.secpod.oval:def:46276 TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that can support tcp wrappers ... oval:org.secpod.oval:def:46282 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:46281 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:46284 The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed. oval:org.secpod.oval:def:46283 The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveInterval variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax variable is set, sshd will send client alive ... oval:org.secpod.oval:def:46280 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:46286 Install and turn on the auditd daemon to record system events. The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring oval:org.secpod.oval:def:46285 The file /etc/securetty contains a list of valid terminals that may be logged in directly as root. oval:org.secpod.oval:def:73986 A default deny all policy on connections ensures that any unconfigured network usage will be rejected.With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to white list acceptable usage than to black list unacceptable usage. oval:org.secpod.oval:def:73985 A default deny all policy on connections ensures that any unconfigured network usage will be rejected.With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to white list acceptable usage than to black list unacceptable usage. oval:org.secpod.oval:def:91357 IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively ... oval:org.secpod.oval:def:70864 The eXtended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no xinetd servic ... oval:org.secpod.oval:def:70836 The eXtended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no xinetd servic ... oval:org.secpod.oval:def:73991 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:73992 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:70699 Any account with UID 0 has superuser privileges on the system. Rationale: This access must be limited to only the default root account and only from the system console. Administrative access must be through an unprivileged account using an approved mechanism as noted in Item 5.6 ... oval:org.secpod.oval:def:70695 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: The ... oval:org.secpod.oval:def:70696 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: The ... oval:org.secpod.oval:def:70697 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: Thes ... oval:org.secpod.oval:def:70698 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. Rationale: Any users assigned to the shadow group would be granted read access to the /etc/shadow file. If attackers can gain re ... oval:org.secpod.oval:def:70691 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Rationale: If the /etc/issue.net file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:70692 Log files stored in /var/log/ contain logged information from many services on the system, or on log hosts others as well. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. oval:org.secpod.oval:def:70693 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and h ... oval:org.secpod.oval:def:70694 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:70688 The /etc/passwd file contains user account information that is used by many system utilities and therefore must be readable for these utilities to operate. Rationale: It is critical to ensure that the /etc/passwd file is protected from unauthorized write access. Although it is pro ... oval:org.secpod.oval:def:70689 The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. Rationale: If attackers can gain read access to the /etc/shadow file, they can easily run a pass ... oval:org.secpod.oval:def:70684 The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. Rationale: If the /etc/motd file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading informa ... oval:org.secpod.oval:def:70685 The contents of the /etc/issue file are displayed to users prior to login for local terminals. Rationale: If the /etc/issue file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:70686 Rsyslog will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and ... oval:org.secpod.oval:def:70687 The /etc/gshadow file is used to store the information about groups that is critical to the security of those accounts, such as the hashed password and other security information Rationale: If attackers can gain read access to the /etc/gshadow file, they can easily run a password ... oval:org.secpod.oval:def:70681 The usermod command can be used to specify which group the root user belongs to. This affects permissions of files that are created by the root user. Rationale: Using GID 0 for the root account helps prevent root-owned files from accidentally becoming accessible to non-privileged users. oval:org.secpod.oval:def:70682 AppArmor profiles define what resources applications are able to access. oval:org.secpod.oval:def:70683 Ensure all apparmor profiles are in enforce or complain mode. Rationale: Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that any p ... oval:org.secpod.oval:def:70690 The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else. Rationale: The /etc/group file needs to be protected from unauthorized changes by non-privileged users, but nee ... oval:org.secpod.oval:def:70659 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /tmp. oval:org.secpod.oval:def:70655 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them. oval:org.secpod.oval:def:70656 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file system prevents users from executing programs from shared memory. This deters users from introducing potentially malicious software on the system. oval:org.secpod.oval:def:70657 The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making /tmp its own file system allows an administrator to set the noexec option on the mount, making /tmp useless for an attacker to install executable code. ... oval:org.secpod.oval:def:70658 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /tmp. oval:org.secpod.oval:def:70651 The auditing daemon, auditd , stores log data in the /var/log/audit directory. Rationale: There are two important reasons to ensure that data gathered by auditd is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large ... oval:org.secpod.oval:def:70652 The /home directory is used to support disk storage needs of local users. Rationale: If the system is intended to support local users, create a separate partition for the /home directory to protect against resource exhaustion and restrict the type of files that can be stored und ... oval:org.secpod.oval:def:70653 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:70654 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /dev/shm filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create special devices in /dev/shm partitions. oval:org.secpod.oval:def:70650 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. Rationale: sudo supports a plugin arch ... oval:org.secpod.oval:def:70648 Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by manual selection from the bootloader. Rationale: Requiring authentication in single user mode (rescue mode) prevents an unauthorized user from rebooting the system into single user ... oval:org.secpod.oval:def:70649 The /var/log directory is used by system services to store log data. Rationale: There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data. oval:org.secpod.oval:def:70646 USB storage provides a means to transfer and store files insuring persistence and availability of the files independent of network connection status. Its popularity and utility has led to USB-based malware being a simple and common means for network infiltration and a first step to establishing a pe ... oval:org.secpod.oval:def:70647 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /var/tmp . oval:org.secpod.oval:def:70642 The /etc/hosts.deny file specifies which IP addresses are not permitted to connect to the host. It is intended to be used in conjunction with the /etc/hosts.allow file. oval:org.secpod.oval:def:70643 'biosdevname' is an external tool that works with the udev framework for naming devices. 'biosdevname' uses three methods to determine NIC names: 1. PCI firmware spec.3.1 2. smbios (matches # after "em" to OEM # printed on board or housing) 3. PCI IRQ Routing Table (uses # of NIC position in t ... oval:org.secpod.oval:def:70677 SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into ... oval:org.secpod.oval:def:70678 The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Rationale: To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartu ... oval:org.secpod.oval:def:70679 The MaxSessions parameter specifies the maximum number of open sessions permitted from a given connection. Rationale: To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of s ... oval:org.secpod.oval:def:70673 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occ ... oval:org.secpod.oval:def:70674 Backlog limit represents the number of logs it will hold. Rationale: During boot if audit=1, then the backlog will hold specified number of records. If records more than are created during boot, auditd records will be lost and potential malicious activity could go undetected. oval:org.secpod.oval:def:70676 The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the Grace period is the more open unauthenticated connections can exist. Like other session controls in this session the Grace Period should be limited to appropriate organizational li ... oval:org.secpod.oval:def:70670 The telnet package contains the telnet client, which allows users to start connections to other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow an unauthorized user to steal cred ... oval:org.secpod.oval:def:70671 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. Rationale: If the system will not need to act as an LDAP client, it is recommended that the softw ... oval:org.secpod.oval:def:70672 A Firewall package should be selected. Most firewall configuration utilities operate as a front end to nftables or iptables. Rationale: A Firewall package is required for firewall management and configuration. oval:org.secpod.oval:def:70666 sudo can use a custom log file. Rationale: A sudo log file simplifies auditing of sudo commands. oval:org.secpod.oval:def:70667 SOMETHING HERE oval:org.secpod.oval:def:70668 Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. Rationale: AppArmor must be enabled at boot time in your bootloader configuration to ensure that the controls it provides are not overridden. Note: This re ... oval:org.secpod.oval:def:70669 The inetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no inetd services required, it is recommended that the daemon be removed. oval:org.secpod.oval:def:70662 The /var/tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Since the /var/tmp directory is intended to be world-writable, there is a risk of resource exhaustion if it is not bound to a separate partition. In additi ... oval:org.secpod.oval:def:70663 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/tmp. oval:org.secpod.oval:def:70664 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var/tmp. oval:org.secpod.oval:def:70665 sudo can be configured to run only from a psuedo-pty. Rationale: Attackers can run a malicious program using sudo which would fork a background process that remains even when the main program has finished executing. oval:org.secpod.oval:def:70660 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp. oval:org.secpod.oval:def:70661 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. Rationale: Since the /var directory may contain world-writable files and directories, there is a risk of resource e ... oval:org.secpod.oval:def:703513 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:1901675 Directory Traversal vulnerability in salt-common-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. oval:org.secpod.oval:def:1901680 SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-common-api. oval:org.secpod.oval:def:1901880 An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block "/" characters in the gplot rootname argument potentially leading to path traversal and arbitrary file overwrite. oval:org.secpod.oval:def:1901887 Leptonica through 1.75.3 uses hardcoded /tmp pathnames which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. oval:org.secpod.oval:def:1901886 An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes ... oval:org.secpod.oval:def:1901883 An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input can overflow a buffer leading potentially to arbitrary code execution or possibly unspecified other impact. oval:org.secpod.oval:def:1901885 Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. oval:org.secpod.oval:def:1901201 It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. oval:org.secpod.oval:def:1901205 It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. oval:org.secpod.oval:def:1900761 It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703340 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:1901185 It was discovered that the Remote Method Invocation component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. oval:org.secpod.oval:def:1901183 It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703724 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:1901318 Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:1901343 Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt discovered that the Security component in OpenJDK did not sufficiently protect password-based encryption keys in key stores. An attacker could use this to expose sensitive information. oval:org.secpod.oval:def:1901253 Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703882 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:1901447 It was discovered that the Networking component of OpenJDK did not properly set timeouts on FTP client actions. A remote attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703596 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:1900690 Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. oval:org.secpod.oval:def:1900180 Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and RiccardoFocardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializingobjects from Java Cryptography Extension KeyStore . An attacker could use this to cause a denial ... oval:org.secpod.oval:def:1901015 It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:1900743 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900731 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous ... oval:org.secpod.oval:def:1900792 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. oval:org.secpod.oval:def:1901162 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. oval:org.secpod.oval:def:1901312 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1900468 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. oval:org.secpod.oval:def:1900474 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901332 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900883 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. oval:org.secpod.oval:def:703059 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1900824 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901284 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. oval:org.secpod.oval:def:1900581 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. oval:org.secpod.oval:def:1900582 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. oval:org.secpod.oval:def:1900562 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. oval:org.secpod.oval:def:1901418 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1900566 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. oval:org.secpod.oval:def:1901428 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. oval:org.secpod.oval:def:1900578 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. oval:org.secpod.oval:def:1901007 Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. oval:org.secpod.oval:def:1900138 libtiff-toolsWriteScanline in tif_write.c in Liblibtiff-tools 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2libtiff-tools. oval:org.secpod.oval:def:1900502 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. oval:org.secpod.oval:def:1900510 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. oval:org.secpod.oval:def:1900518 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; OracleMySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name ... oval:org.secpod.oval:def:1900525 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. oval:org.secpod.oval:def:1900524 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. oval:org.secpod.oval:def:1900519 Heap-based buffer overflow in tif_packbits.c in libtiff-tools 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. oval:org.secpod.oval:def:1900530 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. oval:org.secpod.oval:def:1900924 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. oval:org.secpod.oval:def:704820 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900689 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. oval:org.secpod.oval:def:1901110 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901121 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. oval:org.secpod.oval:def:1900677 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. oval:org.secpod.oval:def:703213 mysql-5.7: MySQL database - mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704136 jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer. oval:org.secpod.oval:def:703615 jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer. oval:org.secpod.oval:def:704442 haproxy: fast and reliable load balancing reverse proxy Several security issues were fixed in HAProxy. oval:org.secpod.oval:def:705310 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:705514 dbus: simple interprocess messaging system DBus could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:705085 ansible: Configuration management, deployment, and task execution system Several security issues were fixed in Ansible. oval:org.secpod.oval:def:704220 w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m. oval:org.secpod.oval:def:703731 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1902120 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:703717 linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703715 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1901573 A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:1901106 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:1900156 In Apache libbatik-java 1.x before 1.10, when deserializing subclass of`AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.Fix was to check the class type before calling newInstance in deserialization. oval:org.secpod.oval:def:1901789 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. oval:org.secpod.oval:def:1901129 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle-dev handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases ... oval:org.secpod.oval:def:705636 samba: SMB/CIFS file, print, and login server for Unix Samba would allow unintended access to files over the network. oval:org.secpod.oval:def:703542 eject: ejects CDs and operates CD-Changers under Linux Eject could be made to run programs as an administrator. oval:org.secpod.oval:def:1901678 When apr_time_exp* or apr_os_exp_time* functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value ... oval:org.secpod.oval:def:1901677 Apache Portable Runtime Utility 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm* functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a ... oval:org.secpod.oval:def:704215 ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Ruby could be made to execute arbitrary commands if opened a specially crafted file. oval:org.secpod.oval:def:704205 ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby. oval:org.secpod.oval:def:1901777 mod_auth_digest access control bypass oval:org.secpod.oval:def:1901778 Apache HTTP Server privilege escalation from modules" scripts oval:org.secpod.oval:def:1901781 Apache httpd URL normalization inconsistincy oval:org.secpod.oval:def:704052 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:45092 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:54095 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1900079 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:704180 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704176 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:705739 python-cryptography: Cryptography Python library python-cryptography could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703083 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:703064 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703067 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703157 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703114 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703512 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:703279 thunderbird: Mozilla Open Source mail and newsgroup client Thunderbird could be made to crash or run programs as your login if it opened a malicious message. oval:org.secpod.oval:def:37674 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:703691 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:703212 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703201 nss: Network Security Service library NSS could be made to crash or run programs if it processed specially crafted network traffic. oval:org.secpod.oval:def:41305 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41306 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41304 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41307 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:703357 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1900464 inftrees.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. oval:org.secpod.oval:def:1900506 The crc32_big function in crc32.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. oval:org.secpod.oval:def:1900548 inffast.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. oval:org.secpod.oval:def:1900534 The inflateMark function in inflate.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. oval:org.secpod.oval:def:703707 expat: XML parsing C library Expat could be made to hang if it received specially crafted input. oval:org.secpod.oval:def:703701 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:703702 heimdal: Heimdal Kerberos Network Authentication Protocol Heimdal could allow unintended access to network services. oval:org.secpod.oval:def:704170 db5.3: Berkeley v5.3 Database Documentation [html] Berkeley DB could be made to expose sensitive information. oval:org.secpod.oval:def:1900175 The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. oval:org.secpod.oval:def:49230 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704275 openjdk-8: Open Source Java implementation Java applications could be made to use excessive memory. oval:org.secpod.oval:def:704201 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could allow access to sensitive information. oval:org.secpod.oval:def:703792 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:45754 Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. oval:org.secpod.oval:def:703931 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703912 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704361 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server X.Org X server could be made to overwrite files as the administrator. oval:org.secpod.oval:def:704322 lcms2: Little CMS color management library Several security issues were fixed in Little CMS. oval:org.secpod.oval:def:703469 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703458 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703457 nettle: low level cryptographic library Nettle could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703414 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703886 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703407 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703406 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703873 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703877 linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703863 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1901444 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:704060 linux-euclid: Linux kernel for Intel Euclid systems The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:48570 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704472 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Java applets or applications could be made to expose sensitive information. oval:org.secpod.oval:def:46446 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:703561 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703560 linux-hwe: Linux hardware enablement kernel - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703565 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703559 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-snapdragon: Linux kernel for Snapdragon Processors - linux-ti-omap4: Linux kernel for OMAP4 The system ... oval:org.secpod.oval:def:704874 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:703987 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703988 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:703972 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1900085 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:54967 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705057 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:704185 libpng1.6: PNG library - development - libpng: PNG file library Several security issues were fixed in libpng. oval:org.secpod.oval:def:704152 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:704151 libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705461 edk2: UEFI firmware for 64-bit x86 virtual machines Several security issues were fixed in edk2. oval:org.secpod.oval:def:703686 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ... oval:org.secpod.oval:def:59839 sqlite3: C library that implements an SQL database engine Several security issues were fixed in SQLite. oval:org.secpod.oval:def:703630 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:705810 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:703611 linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703602 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703601 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:705616 libxmlrpc3-java: XML-RPC implementation in Java Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server. oval:org.secpod.oval:def:1900570 An input validation vulnerability was found in Ansible"s mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. oval:org.secpod.oval:def:703441 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703445 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:704418 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1901874 Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e in the image path as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. oval:org.secpod.oval:def:45661 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:705912 python3.8: Interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-or ... oval:org.secpod.oval:def:705423 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:705080 evince: Document viewer Evince could be made to crash or run arbitrary code if it received a specially crafted PDF file. oval:org.secpod.oval:def:705056 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:39003 squid3: Web proxy cache server Squid could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704837 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:703405 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1901815 An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard librar ... oval:org.secpod.oval:def:705746 netqmail: a secure, reliable, efficient, simple message transfer agent netqmail could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:705566 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:57565 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:59843 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:1900768 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:703196 tomcat8: Servlet and JSP engine Tomcat could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703188 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:45289 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:1900352 vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. oval:org.secpod.oval:def:1900382 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when read ing a corrupted undo file, which may lead to resultant buffer overflows. oval:org.secpod.oval:def:62227 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:62226 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:703368 vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900452 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when read ing a corrupted undo file, which may lead to resultant buffer overflows. oval:org.secpod.oval:def:1900870 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group , which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned b ... oval:org.secpod.oval:def:55459 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:705733 openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705245 exiv2: EXIF/IPTC/XMP metadata manipulation tool Exiv2 could be made to crash if it received a specially crafted file. oval:org.secpod.oval:def:704434 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:704181 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:705768 firefox: Mozilla Open Source web browser Details: USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705100 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:1900038 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman keyexchange, ... oval:org.secpod.oval:def:1901438 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. oval:org.secpod.oval:def:1901991 In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. oval:org.secpod.oval:def:1901982 In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. oval:org.secpod.oval:def:1901986 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. oval:org.secpod.oval:def:1901988 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. oval:org.secpod.oval:def:704345 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository. oval:org.secpod.oval:def:704107 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:703937 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703848 linux-gcp: Linux kernel for Google Cloud Platform systems The system could be made to crash under certain conditions. oval:org.secpod.oval:def:1900493 The mailSend function in the is Mail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted Sender property. oval:org.secpod.oval:def:1900892 An issue was discovered in PHPMailer before 5.2.22. PHPMailer"s msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base dire ... oval:org.secpod.oval:def:1901127 The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: ... oval:org.secpod.oval:def:703087 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:705621 bsdiff: generate/apply a patch between two binary files bsdiff could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703150 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703519 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703335 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703764 libgd2: GD Graphics Library The system could be made to expose sensitive information. oval:org.secpod.oval:def:703488 php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704014 php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703803 apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703676 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1900805 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. oval:org.secpod.oval:def:1901278 Expat allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. oval:org.secpod.oval:def:1901405 os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service , or have unspecified other impact by leveraging use of the current working directory for temporary files. oval:org.secpod.oval:def:703167 expat: XML parsing C library Several security issues were fixed in Expat. oval:org.secpod.oval:def:703112 expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1901383 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-201 ... oval:org.secpod.oval:def:703220 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705441 openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:703883 postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703452 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703898 linux-azure: Linux kernel for Microsoft Azure Cloud systems The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703897 linux-hwe: Linux hardware enablement kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703896 linux-gcp: Linux kernel for Google Cloud Platform systems The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:1901193 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:1902041 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. oval:org.secpod.oval:def:1902027 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:1902030 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:705282 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1901753 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. oval:org.secpod.oval:def:1901766 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. oval:org.secpod.oval:def:704338 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1900108 In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x360x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails.Remote attack ... oval:org.secpod.oval:def:1900084 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901561 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. oval:org.secpod.oval:def:704155 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:704122 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1900170 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.cin GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:62298 libgd2: Open source code library for the dynamic creation of images Several security issues were fixed in GD Graphics Library. oval:org.secpod.oval:def:67763 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703945 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705693 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-lts-xenial: Linux hardware enablement ker ... oval:org.secpod.oval:def:705694 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux k ... oval:org.secpod.oval:def:704491 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704481 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705527 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:705365 sudo: Provide limited super user privileges to specific users Sudo could allow unintended access to the administrator account. oval:org.secpod.oval:def:704867 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705180 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - ... oval:org.secpod.oval:def:705271 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:705250 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - lin ... oval:org.secpod.oval:def:705249 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704864 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ... oval:org.secpod.oval:def:61659 Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. oval:org.secpod.oval:def:61669 It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service . oval:org.secpod.oval:def:61667 Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service . oval:org.secpod.oval:def:61666 Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service . oval:org.secpod.oval:def:61665 It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service . oval:org.secpod.oval:def:61664 It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. oval:org.secpod.oval:def:61671 It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service . oval:org.secpod.oval:def:68052 zeromq3: lightweight messaging kernel ZeroMQ could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:50967 In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. oval:org.secpod.oval:def:705088 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705017 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - li ... oval:org.secpod.oval:def:703959 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. Thi ... oval:org.secpod.oval:def:704806 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ... oval:org.secpod.oval:def:703958 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-euclid: Linux kernel for Intel Euclid systems Details: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. T ... oval:org.secpod.oval:def:703940 nvidia-graphics-drivers-384: NVIDIA binary X.Org driver The system could be made to expose sensitive information. oval:org.secpod.oval:def:703947 webkit2gtk: Web content engine library for GTK+ WebKitGTK+ could be made to expose sensitive information. oval:org.secpod.oval:def:703933 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:1902136 Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. oval:org.secpod.oval:def:704010 linux-hwe: Linux hardware enablement kernel Details: USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations fo ... oval:org.secpod.oval:def:704483 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703969 linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:43415 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ... oval:org.secpod.oval:def:705081 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1901995 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. oval:org.secpod.oval:def:704990 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704997 apparmor: Linux security system Details: USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may ... oval:org.secpod.oval:def:704950 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704951 libvirt: Libvirt virtualization toolkit Several issues were addressed in libvirt. oval:org.secpod.oval:def:704959 intel-microcode: Processor microcode for Intel CPUs Details: USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry ... oval:org.secpod.oval:def:704949 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704947 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704948 qemu: Machine emulator and virtualizer Several issues were addressed in QEMU. oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:704991 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems A system hardening measure could be bypassed. oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:1901693 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happ ... oval:org.secpod.oval:def:41755 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:705114 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image. oval:org.secpod.oval:def:1902044 heap-buffer-overflow on php_jpg_get16 oval:org.secpod.oval:def:1902040 Out-of-bounds read in iconv.c:_php_iconv_mime_decode due to integer overflow oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:1901700 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. oval:org.secpod.oval:def:704318 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704304 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704912 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901894 Heap-buffer-overflow in exif_iif_add_value in EXIF oval:org.secpod.oval:def:1901893 Heap-buffer-overflow in php_ifd_get32s oval:org.secpod.oval:def:61590 php7.3: server-side, HTML-embedded scripting language - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704846 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901536 memory-based DoS in libtiff-tools2bw oval:org.secpod.oval:def:1902877 env_path_info underflow in fpm_main.c can lead to RCE oval:org.secpod.oval:def:51007 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901966 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. oval:org.secpod.oval:def:704995 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901285 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:1901810 Issue related to CVE-2019-10906, str.format vulnerability oval:org.secpod.oval:def:1901824 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:704998 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:1900013 An issue was discovered in NumPy 1.16.0 and earlier. It uses the picklePython module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. oval:org.secpod.oval:def:705097 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:54969 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:1901979 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:1901902 png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. oval:org.secpod.oval:def:704972 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704957 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1900150 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:704328 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704319 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:1900388 In libsndfile1 version 1.0.28, an error in the "aiff_read_chanmap"function can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. oval:org.secpod.oval:def:1900314 The function d2a law_array in a law.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245. oval:org.secpod.oval:def:1900119 A stack-based buffer overflow in psf_memset in common.c in libsndfile11.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.The vulnerability can be triggered by the executable sndfile-deinterleave. oval:org.secpod.oval:def:1900267 An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900273 An out of bounds read in the function d2a law_array in a law.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900256 In libsndfile1 1.0.28, a divide-by-zero error exists in the function double64_init in double64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:705008 libsndfile: Library for reading/writing audio files Several security issues were fixed in libsndfile. oval:org.secpod.oval:def:704298 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704281 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704231 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704203 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:703948 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704394 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704331 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704301 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704305 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704090 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:704089 linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704084 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:704054 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704042 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704466 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704460 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704461 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704454 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704456 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704457 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704459 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703993 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Details: Mohamed Ghannam discovered that the IPv4 raw socket impl ... oval:org.secpod.oval:def:703991 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Details: USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This up ... oval:org.secpod.oval:def:704826 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703978 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:703977 qemu: Machine emulator and virtualizer Spectre mitigations were added to QEMU. oval:org.secpod.oval:def:704140 linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704131 amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704139 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704120 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704115 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704116 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704118 libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt. oval:org.secpod.oval:def:1901241 TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. oval:org.secpod.oval:def:704095 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704071 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703805 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ... oval:org.secpod.oval:def:703923 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703893 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ... oval:org.secpod.oval:def:703875 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ... oval:org.secpod.oval:def:704040 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703645 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the Linux ker ... oval:org.secpod.oval:def:703800 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703781 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ... oval:org.secpod.oval:def:703755 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ... oval:org.secpod.oval:def:703754 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703740 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ... oval:org.secpod.oval:def:703739 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703927 linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703924 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703922 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704354 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703850 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ... oval:org.secpod.oval:def:703847 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704057 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors The system could be made to crash under certain conditions. oval:org.secpod.oval:def:704056 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704464 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704455 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703122 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:704428 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1902564 The client creates multiple request streams and continually shuffles the priority of the streams in a way which causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Resource Loop / Priority Shuffling". oval:org.secpod.oval:def:1902570 The client can request a large amount of data from a specified resource over multiple streams. It can manipulate window sizes and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, po ... oval:org.secpod.oval:def:705174 expat: XML parsing C library Expat could be made to expose sensitive information if it received a specially crafted XML file. oval:org.secpod.oval:def:1900750 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:705162 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1900785 The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstra ... oval:org.secpod.oval:def:705120 firefox: Mozilla Open Source web browser A local attacker could obtain saved passwords. oval:org.secpod.oval:def:705119 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703360 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:704208 python2.7: An interactive high-level object-oriented language Python could be made to run arbitrary code. oval:org.secpod.oval:def:1901134 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has b ... oval:org.secpod.oval:def:703769 c-ares: library for asynchronous name resolution c-ares could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901770 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call. oval:org.secpod.oval:def:703928 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1901335 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of No ... oval:org.secpod.oval:def:1900875 The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. oval:org.secpod.oval:def:705251 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:37387 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:1900819 The `"path"` module in the Node.js 4.x release line contains a potential regular expression denial of service vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `"p ... oval:org.secpod.oval:def:703438 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:1901412 Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. oval:org.secpod.oval:def:1901002 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding , `Buffer#write` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input byt ... oval:org.secpod.oval:def:1901008 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. oval:org.secpod.oval:def:1901830 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:1901831 NULL pointer dereference using a specially crafted X509 certificate oval:org.secpod.oval:def:1901833 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:58423 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:703578 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:705076 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:49173 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:58063 This sends a stream of SETTINGS frames to the server. Since the RFC requires that the server reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, o ... oval:org.secpod.oval:def:58064 This sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially le ... oval:org.secpod.oval:def:58065 This opens the HTTP/2 window so the server can send without constraint; however, it leaves the TCP window closed so the server cannot actually write (many of) the bytes on the wire. The client could then send a stream of requests for a large response object. Depending on how the servers queue the re ... oval:org.secpod.oval:def:58060 This opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the servers queue the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a Denial-of-Service. Also known ... oval:org.secpod.oval:def:704187 python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory Python could be made to run ... oval:org.secpod.oval:def:703299 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:704134 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:705443 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1900190 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0,v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8snapshots enab ... oval:org.secpod.oval:def:1901493 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security deci ... oval:org.secpod.oval:def:703489 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704026 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704020 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1901123 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900806 swt/motif/browser.c in White_dune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901841 ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ... oval:org.secpod.oval:def:1900783 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. oval:org.secpod.oval:def:703955 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C library. oval:org.secpod.oval:def:704308 libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc. oval:org.secpod.oval:def:1901879 libc does not account for all the possible return values from the kernel getcwd syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd libary function. oval:org.secpod.oval:def:1900219 The DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. oval:org.secpod.oval:def:1900380 The cr_input_new_from_uri function in cr-input.c in libcroco3-dev 0.6.11 and0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900390 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco3-dev 0.6.12 allow sremote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:704282 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:1900403 The cr_parser_parse_selector_core function in cr-parser.c in libcroco3-dev0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900970 ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco3-dev 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a c ... oval:org.secpod.oval:def:703960 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:703095 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703093 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703092 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703485 linux: Linux kernel - linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:37430 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703151 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703572 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703575 linux-hwe: Linux hardware enablement kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:36685 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:34860 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703521 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703711 linux-hwe: Linux hardware enablement kernel - linux-meta-hwe: Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:34931 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:704125 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:703232 xmlrpc-epi: a XML-RPC request library xmlrpc-epi could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:703226 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703200 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703684 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703799 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:705735 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705157 linux: Linux kernel - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-azure: Linux kernel for Microsoft Azure Cloud systems ... oval:org.secpod.oval:def:705158 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705155 linux-aws: Linux kernel for Amazon Web Services systems - linux-aws-hwe: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. |