Download
| Alert*
|
oval:org.secpod.oval:def:1900920
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. oval:org.secpod.oval:def:1900531 The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1900417 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:65734 File permissions for '/boot/grub/grub.cfg' should be set appropriate. oval:org.secpod.oval:def:51257 Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The file /var/log/tallylog maintains ... oval:org.secpod.oval:def:51271 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log. Any time a command is ... oval:org.secpod.oval:def:51280 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. oval:org.secpod.oval:def:51278 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:51297 Install and turn on the auditd daemon to record system events. The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring oval:org.secpod.oval:def:51233 The rsyncd service can be used to synchronize files between systems over network links. oval:org.secpod.oval:def:51237 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Small Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:51239 Squid is a standard proxy server used in many distributions and environments. oval:org.secpod.oval:def:51238 The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system. oval:org.secpod.oval:def:51341 Dovecot is an open source IMAP and POP3 server for Linux based systems. oval:org.secpod.oval:def:51340 The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses. oval:org.secpod.oval:def:51332 echo is a network service that responds to clients with the data sent to it by the client. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:51331 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:51333 daytime is a network service that responds with the server's current date and time. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:51338 The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network. oval:org.secpod.oval:def:51343 The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files. oval:org.secpod.oval:def:704064 Ubuntu 18.04 is installed oval:org.secpod.oval:def:51312 The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME. oval:org.secpod.oval:def:51314 chargen is a network service that responds with 0 to 512 ASCII characters for each connection it receives. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:51316 Once the rsyslog package is installed it needs to be activated. If the rsyslog service is not activated the system will not have a syslog service running oval:org.secpod.oval:def:51318 The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initiate of talk sessions) is installed by default. oval:org.secpod.oval:def:51319 The Berkeley rsh-server (rsh, rlogin, rcp) package contains legacy services that exchange credentials in clear-text. oval:org.secpod.oval:def:51330 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. oval:org.secpod.oval:def:51320 The eXtended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. oval:org.secpod.oval:def:51324 Implement periodic file checking, in compliance with site policy. oval:org.secpod.oval:def:51326 The cron daemon is used to execute batch jobs on the system. oval:org.secpod.oval:def:51329 discard is a network service that responds to clients with the data sent to it by the client. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:51328 time is a network service that responds with the server's current date and time as a 32 bit integer. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:68682 SEOMTHIGNDS HERE oval:org.secpod.oval:def:1901137 Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1902121 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. oval:org.secpod.oval:def:1901075 scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900104 An Amazon Web Services developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon MachineImage from the ... oval:org.secpod.oval:def:704811 nvidia-graphics-drivers-390: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to expose sensitive information. oval:org.secpod.oval:def:1900577 The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause a denial of service via a crafted jpeg file. oval:org.secpod.oval:def:704479 linux: Linux kernel Details: USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems. We apologize for the ... oval:org.secpod.oval:def:704163 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors Deta ... oval:org.secpod.oval:def:1900835 Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. in the embedded layer data in an image. oval:org.secpod.oval:def:1900429 Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, orCAML_BYTE_CPLUGINS environment variable. oval:org.secpod.oval:def:1901828 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those securit ... oval:org.secpod.oval:def:1902026 An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service via a malformed file. oval:org.secpod.oval:def:1900489 docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. oval:org.secpod.oval:def:1900107 Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. Workaround: Do not enable "PreferHTML to plain text" in KMail settings. oval:org.secpod.oval:def:1900574 The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1901946 treeRead in hdf/btree.c in libmysofa0 before 0.7 does not properly validate multiplications and additions. oval:org.secpod.oval:def:704495 gvfs: userspace virtual filesystem - GIO module GVfs could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:1900049 libcairo2-dev 1.16.0, in libcairo2-dev_ft_apply_variations in libcairo2-dev-ft-font.c, would free memory using a free function incompatible with WebKit"s fastMalloc, leading to an application crash with a "free: invalid pointer" error. oval:org.secpod.oval:def:1900424 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." oval:org.secpod.oval:def:1900402 Red Hat JBoss EAP version 3.0.7 through 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component result ing in a moderate impact. oval:org.secpod.oval:def:1901306 Scrapy 1.4 allows remote attackers to cause a denial of service via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dat ... oval:org.secpod.oval:def:706179 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems Details: USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update intro ... oval:org.secpod.oval:def:1901616 In libaubio-dev 0.4.6, a divide-by-zero error exists in the function new_libaubio-dev_source_wavread in source_wavread.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1900463 The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allow sremote attackers to cause denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1900473 The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0allows remote attackers to cause a denial of service via a crafted jpeg file. oval:org.secpod.oval:def:1900820 In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. oval:org.secpod.oval:def:1901467 The ff_h2645_extract_rbsp function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1900668 getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:706149 linux: Linux kernel - linux-hwe-5.11: Linux hardware enablement kernel - linux-hwe-5.4: Linux hardware enablement kernel - linux-hwe: Linux hardware enablement kernel IBM s390x systems could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:706000 mariadb-10.5: MariaDB database development files - mariadb-10.3: MariaDB database - mariadb-10.1: MariaDB database Several security issues were fixed in MariaDB. oval:org.secpod.oval:def:706024 apport: automatically generate crash reports for debugging Several security issues were fixed in Apport. oval:org.secpod.oval:def:706102 openssh: secure shell for secure access to remote machines Details: USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisor ... oval:org.secpod.oval:def:706046 rpcbind: converts RPC program numbers into universal addresses Details: USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4986-1 c ... oval:org.secpod.oval:def:706112 firefox: Mozilla Open Source web browser Details: USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5037-1 caused a regressi ... oval:org.secpod.oval:def:706115 openssl1.0: Secure Socket Layer cryptographic library and tools Details: USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Original advisory OpenSSL could be made to crash or expose sensitive information if it ... oval:org.secpod.oval:def:706016 python-babel: tools for internationalizing Python applications Babel code be made to execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:706146 curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5079-1 introduced a regression in curl. oval:org.secpod.oval:def:706152 ca-certificates: Common CA certificates A certificate about to expire was removed from ca-certificates. oval:org.secpod.oval:def:705523 nvidia-graphics-drivers-390: NVIDIA binary X.Org driver - nvidia-graphics-drivers-440: NVIDIA binary X.Org driver Several security issues were fixed in NVIDIA graphics drivers. oval:org.secpod.oval:def:705169 systemd: system and service manager Details: USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4120-1 cause ... oval:org.secpod.oval:def:705315 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4202-1 caused a regression ... oval:org.secpod.oval:def:54264 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:704253 lxc: Linux Containers userspace tools LXC would allow unintended access to files. oval:org.secpod.oval:def:704313 openjdk-lts: Open Source Java implementation Details: USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize ... oval:org.secpod.oval:def:704343 webkit2gtk: Web content engine library for GTK+ Details: USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3781-1 i ... oval:org.secpod.oval:def:704346 texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live. oval:org.secpod.oval:def:1901764 A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString method on an object even if not allowed by the security policy in place. oval:org.secpod.oval:def:1900133 A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. oval:org.secpod.oval:def:1900092 A heap corruption of type CWE-120 exists in quassel version 0.12.4 inquasselcore in void DataStreamPeer::processMessagedatastreampeer.cpp line 62 that allows an attacker to execute code remotely. oval:org.secpod.oval:def:54574 gnome-shell: graphical shell for the GNOME desktop GNOME Shell could be made to execute keyboard shortcuts and other actions while the workstation was locked. oval:org.secpod.oval:def:62297 bluez: Bluetooth tools and daemons Several security issues were fixed in BlueZ. oval:org.secpod.oval:def:62225 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:49228 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:49782 linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:61589 php7.3: server-side, HTML-embedded scripting language - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:705987 exim4: Exim is a mail transport agent Several security issues were fixed in Exim. oval:org.secpod.oval:def:1902124 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service by leveraging the ability to run arbitrary SQL statements . oval:org.secpod.oval:def:54575 ffmpeg: Tools for transcoding, streaming and playing of multimedia files FFmpeg could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1901291 FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vu ... oval:org.secpod.oval:def:61588 libexif: library to parse EXIF files Several security issues were fixed in libexif. oval:org.secpod.oval:def:62914 openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705632 gnupg2: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. oval:org.secpod.oval:def:704994 exim4: Exim is a mail transport agent Exim could be made to run commands if it received specially crafted network traffic. oval:org.secpod.oval:def:704207 python-cryptography: Cryptography Python library python-cryptography could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:65699 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:707830 shadow: system login tools Details: USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending furth ... oval:org.secpod.oval:def:54266 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant and hostapd. oval:org.secpod.oval:def:705646 debian-lan-config: FAI config space for the Debian-LAN system Debian-LAN could be made to change Kerberos user passwords or run programs as an administrator. oval:org.secpod.oval:def:707880 firefox: Mozilla Open Source web browser Details: USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5782-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704290 base-files: Debian base system miscellaneous files base-files could be made to hang or overwrite files as the administrator. oval:org.secpod.oval:def:704391 postgresql-10: Object-relational SQL database PostgreSQL could be made to run SQL statements as the administrator. oval:org.secpod.oval:def:707737 sosreport: Set of tools to gather troubleshooting data from a system SoS could be made do expose sensitive information. oval:org.secpod.oval:def:707688 jupyter-notebook: Jupyter interactive notebook Several security issues were fixed in Jupyter Notebook. oval:org.secpod.oval:def:706261 firefox: Mozilla Open Source web browser Details: USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5186-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:706181 ardour: the digital audio workstation Ardour could be made to crash or possibly arbitrary code execute if it received a specially crafted XML file. oval:org.secpod.oval:def:1901074 An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. oval:org.secpod.oval:def:707826 shadow: system login tools shadow could be made to overwrite files. oval:org.secpod.oval:def:1900848 Cross-site scripting vulnerability in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. oval:org.secpod.oval:def:1901856 SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. oval:org.secpod.oval:def:55226 gnutls28: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:1901829 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a quoted font family value. oval:org.secpod.oval:def:705105 bwa: Software package for mapping DNA sequences against a large reference genome BWA could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1901768 BWA before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. oval:org.secpod.oval:def:71923 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library. oval:org.secpod.oval:def:707692 schroot: Execute commands in a chroot environment Schroot could be made to denial of service if certain schroot names are used. oval:org.secpod.oval:def:707681 exim4: Exim is a mail transport agent Exim could be made to crash of execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:707781 barbican: OpenStack Key Management Service - API Server Barbican could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1901551 An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. oval:org.secpod.oval:def:1900688 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. oval:org.secpod.oval:def:1901524 Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a "system" entrypoint from fbudf.so. oval:org.secpod.oval:def:705745 phpldapadmin: A web-based LDAP client phpLDAPadmin could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:1900207 phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. oval:org.secpod.oval:def:1900226 In libtag1-dev 1.11.1, the rebuildAggregateFrames function inid3v2frame factory.cpp has a pointer to cast vulnerability, which allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. oval:org.secpod.oval:def:1901350 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:1901239 Telegram Desktop 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. oval:org.secpod.oval:def:49175 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:704069 dpdk: set of libraries for fast packet processing DPDK could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704218 xapian-core: Development files for Xapian search engine library Xapian-core could be made to execute arbitrary code if it received a specially crafted file. oval:org.secpod.oval:def:704276 gdm3: GNOME Display Manager GDM could be made to crash or run programs as the administrator. oval:org.secpod.oval:def:1901169 An issue was discovered in libtskbase.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unm ... oval:org.secpod.oval:def:1901275 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmappe ... oval:org.secpod.oval:def:1900695 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me ... oval:org.secpod.oval:def:1901068 An issue was discovered in libtskimg.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory caus ... oval:org.secpod.oval:def:704294 pango1.0: Layout and rendering of internationalized text - gir bindings Pango could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1900047 okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive" in"core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. ... oval:org.secpod.oval:def:704226 devscripts: scripts to make the life of a Debian Package maintainer easier devscripts could be made to run arbitrary code if it received a specially crafted YAML file. oval:org.secpod.oval:def:1902048 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:1902049 An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:708090 firefox: Mozilla Open Source web browser Details: USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6010-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:708106 firefox: Mozilla Open Source web browser Details: USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6010-2 caused some minor reg ... oval:org.secpod.oval:def:1901546 An attacker could send an email with a malicious link to an OTRS system or an agent. If a logged in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. oval:org.secpod.oval:def:708114 openssl-ibmca: libica based hardware acceleration engine for OpenSSL OpenSSL-ibmca could be made to expose sensitive information. oval:org.secpod.oval:def:708150 firefox: Mozilla Open Source web browser Details: USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-6074-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:705644 busybox: Tiny utilities for small and embedded systems Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:704154 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1901771 Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlli ... oval:org.secpod.oval:def:704913 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:1901868 [eap-pwd: authentication bypass via an invalid curve attack] oval:org.secpod.oval:def:1901866 [eap-pwd: fake authentication using reflection] oval:org.secpod.oval:def:704325 udisks2: service to access and manipulate storage devices Udisks could be made to crash or expose sensitive information. oval:org.secpod.oval:def:1900008 It was discovered that the gnome-shell lock screen since version 3.15.91did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. oval:org.secpod.oval:def:65737 This variable limits the types of ciphers that SSH can use during communication. oval:org.secpod.oval:def:65736 /etc/hosts.allow file is present. oval:org.secpod.oval:def:50021 The Set Lockout Time For Failed Password Attempts should be set correctly. oval:org.secpod.oval:def:50030 The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root. oval:org.secpod.oval:def:50031 The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root. oval:org.secpod.oval:def:50032 File permission for '/etc/ssh/sshd_config' is set to appropriate values. oval:org.secpod.oval:def:50022 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:50023 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:50024 The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the pam_cracklib.so options. * retr ... oval:org.secpod.oval:def:50025 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:50026 The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else. oval:org.secpod.oval:def:50027 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:50028 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:50029 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:707875 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704123 bind9: Internet Domain Name Server Bind could incorrectly enable recursion. oval:org.secpod.oval:def:1901445 In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. oval:org.secpod.oval:def:1901652 The Gluster file system through version 4.1.4 is vulnerable to abuse of the "features/index" translator. A remote attacker with access to mount volumes could exploit this via the "GF_XATTROP_ENTRY_IN_KEY" xattrop to create arbitrary, empty files on the target server. oval:org.secpod.oval:def:1901595 A flaw was found in glusterfs-common server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of gluster ... oval:org.secpod.oval:def:1900039 keepalived 2.0.8 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to0, as demonstrated by a symlink from /tmp/keepalived.data or/tmp/keepalived. ... oval:org.secpod.oval:def:1900100 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:1900121 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. oval:org.secpod.oval:def:704436 gnupg2: GNU privacy guard - a free PGP replacement GnuPG could allow unintended access to network services. oval:org.secpod.oval:def:1900012 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. oval:org.secpod.oval:def:1900004 www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter.This affects other web sites in the same domain. oval:org.secpod.oval:def:1901244 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the oval:org.secpod.oval:def:1901461 In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. oval:org.secpod.oval:def:708275 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:706205 icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:84706 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:707658 libxml2: GNOME XML library libxml2 could be made to execute arbitrary code if it received a specially crafted file. oval:org.secpod.oval:def:707626 python-ldap: LDAP interface module for Python3 Python LDAP could be made to denial of service if it received a specially crafted regular expression. oval:org.secpod.oval:def:708134 neutron: OpenStack Virtual Network Service Several security issues were fixed in OpenStack Neutron. oval:org.secpod.oval:def:708115 libcommons-net-java: Apache Commons Net - Java client API for basic Internet protocols Apache Commons Net could be made to expose sensitive information over the network. oval:org.secpod.oval:def:708154 node-eventsource: EventSource client for Node.js and Browser EventSource could leak sensitive information if it opened a specially crafted input file. oval:org.secpod.oval:def:1900917 An issue was discovered in GNU libcdio-dev before 2.0.0. There is a double free in get_cdtext_generic in lib/driver/_cdio_generic.c. oval:org.secpod.oval:def:705738 gdm3: GNOME Display Manager GDM could be made to create privileged users. oval:org.secpod.oval:def:68050 isc-dhcp: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1900024 Resource exhaustion via TCP connection to port serving the SSL endpoint oval:org.secpod.oval:def:1901949 In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:705377 yubico-piv-tool: Command line tool for the YubiKey PIV applet Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:707653 nvidia-graphics-drivers-390: NVIDIA binary X.Org driver - nvidia-graphics-drivers-450-server: NVIDIA server driver - nvidia-graphics-drivers-470: NVIDIA binary X.Org driver - nvidia-graphics-drivers-470-server: NVIDIA server driver - nvidia-graphics-drivers-510: NVIDIA binary X.Org driver - nvidia-g ... oval:org.secpod.oval:def:707660 mod-wsgi: Python WSGI adapter module for Apache mod-wsgi could allow unintended access to network services. oval:org.secpod.oval:def:705149 ceph: distributed storage and file system Ceph could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:707647 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:707694 systemd: system and service manager systemd could be made to crash or run programs if it received specially crafted DNS request. oval:org.secpod.oval:def:705269 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:50984 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:1901437 QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. oval:org.secpod.oval:def:47255 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704245 python-django: High-level Python web development framework Django could be used as an open redirect. oval:org.secpod.oval:def:1900087 A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying file system may have changed since the time lstat was called in usb_mtp_object_alloc, a classi ... oval:org.secpod.oval:def:1901190 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was document ... oval:org.secpod.oval:def:1901390 GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage function in coders/png.c. oval:org.secpod.oval:def:1901729 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in ... oval:org.secpod.oval:def:708132 heat: OpenStack Orchestration Service OpenStack Heat could be made to expose sensitive information. oval:org.secpod.oval:def:707827 sysstat: system performance tools for Linux Sysstat could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:707746 strongswan: IPsec VPN solution strongSwan could be made do denial of service if it received a specially crafted certificate. oval:org.secpod.oval:def:707804 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:707823 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it processed specially crafted regular expressions. oval:org.secpod.oval:def:707750 isc-dhcp: DHCP server and client Several security issues were fixed in DHCP. oval:org.secpod.oval:def:707682 open-vm-tools: Open VMware Tools for virtual machines hosted on VMware open-vm-tools could be made to run programs as an administrator. oval:org.secpod.oval:def:707656 gnutls28: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:707633 libhttp-daemon-perl: simple http server class HTTP-Daemon could allow HTTP Request Smuggling attacks. oval:org.secpod.oval:def:706276 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:706274 apache-log4j2: Apache Log4j - Logging Framework for Java Several security issues were fixed in Apache Log4j 2. oval:org.secpod.oval:def:706185 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:706111 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:708188 linuxptp: Precision Time Protocol implementation for Linux Linux PTP could be made to crash, run arbitrary code, or expose sensitive information if it received specially crafted input. oval:org.secpod.oval:def:706023 nginx: small, powerful, scalable web/proxy server nginx could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:706025 libx11: X11 client-side library libx11 could allow unintended access to services. oval:org.secpod.oval:def:706019 runc: Open Container Project runC could be made to overwrite files as the administrator. oval:org.secpod.oval:def:706026 isc-dhcp: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:706047 libimage-exiftool-perl: library and program to read and write meta information in multime libimage-exiftool-perl could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:706007 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705740 spice-vdagent: Spice agent for Linux Several security issues were fixed in SPICE vdagent. oval:org.secpod.oval:def:706116 uwsgi: fast, self-healing application container server uWSGI could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:707802 golang-1.13: Go programming language compiler Go applications could be made to hang or crash if they received specially crafted input. oval:org.secpod.oval:def:705541 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK. oval:org.secpod.oval:def:705526 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705628 libphp-phpmailer: full featured email transfer class for PHP Attachments with specially crafted filenames could bypass filename-based mail attachment filters. oval:org.secpod.oval:def:708439 opendmarc: Open Source implementation of the DMARC specification Several security issues were fixed in OpenDMARC. oval:org.secpod.oval:def:705433 libssh: A tiny C SSH library libssh could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705426 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 request. oval:org.secpod.oval:def:706109 inetutils: GNU network utilities Inetutils could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:705416 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:705306 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 header. oval:org.secpod.oval:def:705280 dpdk: set of libraries for fast packet processing DPDK could be made to consume resources if it received specially crafted input. oval:org.secpod.oval:def:705118 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information over the network. oval:org.secpod.oval:def:705110 poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF. oval:org.secpod.oval:def:1902110 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. oval:org.secpod.oval:def:1902039 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn"t implement query_info_on_read/write. oval:org.secpod.oval:def:1902035 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file"s user and group ownership during move operations from admin:// to file:// URIs, because root privileges are unavailable. oval:org.secpod.oval:def:1902038 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. oval:org.secpod.oval:def:704924 memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901952 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will b ... oval:org.secpod.oval:def:1901955 It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially differe ... oval:org.secpod.oval:def:705818 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it received a specially crafted file. oval:org.secpod.oval:def:704967 gnome-desktop3: Introspection data for GnomeDesktop gnome-desktop could be made to escape the thumbnailer sandbox. oval:org.secpod.oval:def:1901973 An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:1901974 An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:704953 libmediainfo: library reading metadata from media files MediaInfo could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1901759 [buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media] oval:org.secpod.oval:def:1901747 critical use after free vulnerability in verify_crt oval:org.secpod.oval:def:1900019 Stored DOM cross-site scripting attack via crafted URL oval:org.secpod.oval:def:1900720 python3-slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having b ... oval:org.secpod.oval:def:1901872 etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name which matches a valid RBAC username a remote attacker ... oval:org.secpod.oval:def:704334 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1900733 FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. oval:org.secpod.oval:def:1901136 FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. oval:org.secpod.oval:def:1901329 FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. oval:org.secpod.oval:def:1901552 A flaw was found in qemu Media Transfer Protocol before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead d ... oval:org.secpod.oval:def:1900168 In the GNU C Library through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex function. oval:org.secpod.oval:def:1900109 In The Sleuth Kit through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:1901393 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:1900938 A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. oval:org.secpod.oval:def:704333 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to crash if it received a specially crafted request. oval:org.secpod.oval:def:704210 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704171 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPackXXX-APP-XXX. oval:org.secpod.oval:def:1900139 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go1.10rc2 allow "go get" remote command execution during source code build,by leveraging the gcc or clang plugin feature, because -fplugin= and-plugin= arguments were not blocked. oval:org.secpod.oval:def:1901639 A NULL pointer dereference Vulnerability was found in the function libaubio-dev_source_avcodec_readframe in io/source_avcodec.c of libaubio-dev 0.4.6, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1901731 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:707824 jbigkit: JBIG1 data compression library JBIG-KIT could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1901042 Multiple integer overflows in webp allows attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:704435 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704403 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:705171 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:705564 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK. oval:org.secpod.oval:def:705270 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704901 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704496 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704961 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:705996 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:706100 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:706203 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:706281 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:707623 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:707648 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:707685 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:707801 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:706226 freerdp2: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:706118 grilo: Framework for discovering and browsing media - GObject introspect grilo could be made to allow MITM attacks. oval:org.secpod.oval:def:708138 node-css-what: A CSS selector parser Several security issues were fixed in css-what. oval:org.secpod.oval:def:1901945 A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:1901388 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of ... oval:org.secpod.oval:def:1901614 ChaCha20-Poly1305 with long nonces oval:org.secpod.oval:def:705170 vlc: multimedia player and streamer Several security issues were fixed in VLC. oval:org.secpod.oval:def:68055 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705905 python-django: High-level Python web development framework Django could allow unintended access to network services. oval:org.secpod.oval:def:707779 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:708131 openvswitch: Ethernet virtual switch Open vSwitch could be made to stop forwarding packets if it received specially crafted network traffic. oval:org.secpod.oval:def:707780 openvswitch: Ethernet virtual switch Open vSwitch could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704146 php7.2: HTML-embedded scripting language interpreter PHP could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704149 php7.2: HTML-embedded scripting language interpreter Details: USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. We apologize for the inconvenience. Original advisory PHP could be made to c ... oval:org.secpod.oval:def:705163 node-fstream: Advanced filesystem streaming tools for Node.js npm/fstream could be made to overwrite files. oval:org.secpod.oval:def:1901134 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has b ... oval:org.secpod.oval:def:1901335 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of No ... oval:org.secpod.oval:def:1900816 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to ma ... oval:org.secpod.oval:def:1901002 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding , `Buffer#write` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input byt ... oval:org.secpod.oval:def:1901008 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. oval:org.secpod.oval:def:58058 The client can send continual pings to an HTTP/2 server, causing the server to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Ping Flood". oval:org.secpod.oval:def:58065 This opens the HTTP/2 window so the server can send without constraint; however, it leaves the TCP window closed so the server cannot actually write (many of) the bytes on the wire. The client could then send a stream of requests for a large response object. Depending on how the servers queue the re ... oval:org.secpod.oval:def:1901493 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security deci ... oval:org.secpod.oval:def:707635 python2.7: An interactive high-level object-oriented language - python3.10: Interactive high-level object-oriented language - python3.9: Interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.6: An interactive high-level object-ori ... oval:org.secpod.oval:def:707678 postgresql-14: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database PostgreSQL could be made to run programs when creating or updating extensions. oval:org.secpod.oval:def:705997 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK. oval:org.secpod.oval:def:708159 node-minimatch: A glob matcher in javascript minimatch could be made to crash if it opened a specially crafted input file. oval:org.secpod.oval:def:707630 uriparser: Strictly RFC 3986 compliant URI parsing library uriparser could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:707624 php7.2: HTML-embedded scripting language interpreter Details: USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5479-1 was incomplete and ... oval:org.secpod.oval:def:707820 xorg-server: X.Org X11 server - xwayland: X server for running X clients under Wayland - xorg-server-hwe-18.04: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server Several security issues were fixed in X.Org X Server. oval:org.secpod.oval:def:1900023 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks. oval:org.secpod.oval:def:1900027 python3-sqlalchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:1900028 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "". This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:1900001 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory on ... oval:org.secpod.oval:def:1900002 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ... oval:org.secpod.oval:def:1900000 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. oval:org.secpod.oval:def:1900009 An issue was discovered in the function mark_beginning_as_normal in nfa.cin flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vul ... oval:org.secpod.oval:def:1900005 python3-sqlalchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:1900011 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. oval:org.secpod.oval:def:1900017 A Denial of Service issue was discovered in the LIVE555 Strealibming-dev Media libraries as used in Live555 Media Server 0.93. It can cause an RTSP Server crash in handle HTTPCmd_Tunneling POST, when RTSP-over-HTTP tunneling is supported, via x-session cookie HTTP headers in a GET request and a POST ... oval:org.secpod.oval:def:704500 gdm3: GNOME Display Manager GDM could give unauthorized access to a different user. oval:org.secpod.oval:def:1900034 Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. oval:org.secpod.oval:def:1900036 ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. oval:org.secpod.oval:def:1900030 The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ... oval:org.secpod.oval:def:1900032 Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. oval:org.secpod.oval:def:1900103 Netwide Assembler 2.14rc15 has a buffer over-read in x86/regflags.c. oval:org.secpod.oval:def:1900106 Netwide Assembler 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. oval:org.secpod.oval:def:1900111 In libjs-dojo-core Toolkit before 1.14, there is unescaped string injection in libjs-dojo-corex/Grid/DataGrid. oval:org.secpod.oval:def:1900113 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade an ... oval:org.secpod.oval:def:1900115 NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption of nasm when handling a crafted file due to function assemble_file at asm/nasm.c:482. vulnerability in function assemble_file at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appe ... oval:org.secpod.oval:def:1900118 Ceph does not properly sanitize encryption keys in debug logging for v4auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. oval:org.secpod.oval:def:1900141 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:1900142 An exploitable code execution vulnerability exists in the HTTPpacket-parsing functionality of the LIVE555 RTSP server library version0.92. A specially crafted packet can cause a stack-based buffer overflow,result ing in code execution. An attacker can send a packet to trigger this vulnerability. oval:org.secpod.oval:def:1900148 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode,but not in m ... oval:org.secpod.oval:def:1900155 The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900157 A bug in Bluez may allow for the Bluetooth Discoverable state being set toon when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. oval:org.secpod.oval:def:1900151 In libwpd-dev 0.10.2, there is a NULL pointer dereference in the functionWP6Content Listener::defineTable in WP6Content Listener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. oval:org.secpod.oval:def:1900124 The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html. oval:org.secpod.oval:def:1900129 When read ing a specially crafted ZIP archive, the read method of ApacheCommons Compress 1.7 to 1.17"s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an in finitestream, ... oval:org.secpod.oval:def:1900128 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis-dev 1.3.6 has a stack-based buffer over-read. oval:org.secpod.oval:def:1900135 Netwide Assembler before 2.13.02 has a use-after-free in detoken atasm/preproc.c. oval:org.secpod.oval:def:1900132 Netwide Assembler 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a global line no integer overflow. oval:org.secpod.oval:def:704438 gnome-bluetooth: GNOME Bluetooth tools GNOME Bluetooth could allow unintended access to devices. oval:org.secpod.oval:def:1900067 An issue was discovered in GEGL through 0.3.32. Thegegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in ... oval:org.secpod.oval:def:1900069 Netwide Assembler 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. oval:org.secpod.oval:def:1900064 An issue was discovered in zziplib-bin 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900062 The caml_ba_deserialize function in byterun/big array.c in the standardlibrary in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafte ... oval:org.secpod.oval:def:1900078 Incorrect returning of an error code in the index.c:read_entry function leads to a double free in libgit2-dev before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:1900075 An issue was discovered in login 4.5. new gidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator h ... oval:org.secpod.oval:def:1900074 The html package through 2018-09-25 in Go mishandles<table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. oval:org.secpod.oval:def:1900073 Integer overflow in the index.c:read_entry function while decompressing a compressed prefix length in libgit2-dev before v0.26.2 allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:1900072 nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. oval:org.secpod.oval:def:1900046 Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $and ! characters. oval:org.secpod.oval:def:1900045 Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. oval:org.secpod.oval:def:1900048 prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a usersession remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the ... oval:org.secpod.oval:def:1900043 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an ar ... oval:org.secpod.oval:def:1900056 There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer. oval:org.secpod.oval:def:1900059 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in PrivateDNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages we refixed, but later u ... oval:org.secpod.oval:def:1900053 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps-dev through 0.3.0because it does not reject negative return values from ag_input_stream_read call. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900054 An issue was discovered in GEGL through 0.3.32. Thegegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to thebabl_format ... oval:org.secpod.oval:def:1900051 An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900089 mapping0_forward in mapping0.c in Xiph.Org libvorbis-dev 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900086 Open Chinese Convert 1.0.5 allows attackers to cause a denial of service because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. oval:org.secpod.oval:def:1900081 asm/labels.c in Netwide Assembler is prone to NULL PointerDereference, which allows the attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900083 zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service orarbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed i ... oval:org.secpod.oval:def:1900080 libpam-kwallet4 in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. oval:org.secpod.oval:def:1900098 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps-dev through 0.3.0. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900094 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. oval:org.secpod.oval:def:1900183 In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900167 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900166 Directory traversal vulnerability in zziplib-bin 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. oval:org.secpod.oval:def:1900169 The libaudiofile-dev Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. oval:org.secpod.oval:def:1900162 Netwide Assembler 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. oval:org.secpod.oval:def:1900164 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before1. ... oval:org.secpod.oval:def:1900178 In ncurses-bin 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900173 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:1900176 In ncurses-bin 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900171 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. oval:org.secpod.oval:def:1900321 XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. oval:org.secpod.oval:def:1900323 It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions. oval:org.secpod.oval:def:1900324 Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a cha ... oval:org.secpod.oval:def:1900327 ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. oval:org.secpod.oval:def:1900300 In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brunfunction in plug-ins/file-fli/fli.c. oval:org.secpod.oval:def:1900307 The function d2ulaw_array in ulaw.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246. oval:org.secpod.oval:def:1900302 In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. oval:org.secpod.oval:def:1900304 In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:1900310 In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c via an unexpected bits-per-pixel value for an RGBA image. oval:org.secpod.oval:def:1900312 In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:1900311 The swri_audio_convert function in audio convert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, libaubio-dev 0.4.6, and other products,allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:1900317 In python-yaml before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used. oval:org.secpod.oval:def:1900286 A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadBytefunction of the gifread.c file. oval:org.secpod.oval:def:1900282 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 , if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application rootfolder to a file of choice and querying passenger-status --show=xml. oval:org.secpod.oval:def:1900299 The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19edoes not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. oval:org.secpod.oval:def:1900290 A vulnerability was found in openstack-cinder-common releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIOvolumes using thin volumes and zero padding. This could lead to leakage of sensit ... oval:org.secpod.oval:def:707825 libice: X11 Inter-Client Exchange library Weak session cookies generated using libICE could allow sensitive information to be exposed. oval:org.secpod.oval:def:1900229 DokuWiki through 2017-02-19b has XSS in the at parameter to doku.php. oval:org.secpod.oval:def:1900225 The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900228 Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. oval:org.secpod.oval:def:1900227 The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900232 The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900235 There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900234 There is an infinite loop in the next_char function in comp_scan.c in ncurses-bin 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900230 There is a stack consumption issue in libsass-dev 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900239 There is an illegal address access in the function _nc_read_entry_source in progs/tic.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900202 There is an illegal address access in ast.cpp of libsass-dev 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900201 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: CPU consumption might be relevant when using the--background option. oval:org.secpod.oval:def:1900209 There is a heap based buffer over-read in lexer.hpp of libsass-dev 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900204 An out-of-bounds read and write flaw was found in the way SIPcrack 0.2processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. oval:org.secpod.oval:def:1900203 The _tokenize_matrix function in audio_out.c in Xiph.Org libao-dev 1.2.0 allow sremote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1900205 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900211 main.c in Tinyproxy 1.8.4 and earlier creates a/run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-rootaccount, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kil ... oval:org.secpod.oval:def:1900210 A memory leak was found in the way SIPcrack 0.2 handled processing of SIPtraffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. oval:org.secpod.oval:def:1900213 The SdpContents::Session::Medium::parse function inresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service by triggering many media connections. oval:org.secpod.oval:def:1900212 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900217 The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900216 The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900262 The _zip_read_eocd64 function in zip_open.c in libzip-dev before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service via a crafted ZIP archive. oval:org.secpod.oval:def:1900277 Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 oval:org.secpod.oval:def:1900279 Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. oval:org.secpod.oval:def:1900274 backintime-common before 1.1.24 did improper escaping/quoting of file paths used as arguments to the "notify-send" command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notify plugin.py. This could allow an attacker to craft an unreadab ... oval:org.secpod.oval:def:1900270 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets. oval:org.secpod.oval:def:1900244 There is an illegal address access in the function post process_termcap in parse_entry.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900246 There is an illegal address access in the function dump_uses in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900245 There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses-bin 6.0. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900240 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900254 The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. oval:org.secpod.oval:def:1900252 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:1900189 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CASserver. oval:org.secpod.oval:def:1900188 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relyi ... oval:org.secpod.oval:def:1900185 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service via a file that begins with many "\0"characters. oval:org.secpod.oval:def:1900187 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-16355. Reason: This candidate is a reservation duplicate of CVE-2017-16355. Notes: All CVE users should reference CVE-2017-16355instead of this candidate. All references and descriptions in this candidate have been removed to prevent ... oval:org.secpod.oval:def:1900196 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. oval:org.secpod.oval:def:1900195 yadm 1.10.0 has a race condition , which potentially allows access to SSH and PGP keys. oval:org.secpod.oval:def:1900191 In ncurses-bin 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900194 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the--background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. oval:org.secpod.oval:def:1900193 In ncurses-bin 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900342 The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors. oval:org.secpod.oval:def:1900354 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900355 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900386 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900385 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email addr ... oval:org.secpod.oval:def:1900381 In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900380 The cr_input_new_from_uri function in cr-input.c in libcroco3-dev 0.6.11 and0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900398 The TNEFFillMapi function in lib/ytnef.c in libytnef0 in ytnef through 1.9.2does not ensure a nonzero count value before a certain memory allocation,which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted tnef file. oval:org.secpod.oval:def:1900394 The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900390 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco3-dev 0.6.12 allow sremote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900392 PoDoFo 0.9.5 allows denial of service via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure . oval:org.secpod.oval:def:1900365 The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted archive. oval:org.secpod.oval:def:1900367 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900366 In libsamplerate0-dev before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. oval:org.secpod.oval:def:1900361 It was found that a mock CMC authentication plugin with a hard coded secret was accidentally enabled by default in the pki-core package before 10.6.4.An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. oval:org.secpod.oval:def:1900363 The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. oval:org.secpod.oval:def:1900378 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900372 The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while read ing section contents in a corrupt binary, leading to a program crash. oval:org.secpod.oval:def:1900371 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900373 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:1900461 The parser_get_next_char function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900477 xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability ... oval:org.secpod.oval:def:1900472 Integer overflow in X.org libxfixes-dev before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX,which triggers the client to stop read ing data and get out of sync. oval:org.secpod.oval:def:1900442 The dex_load code function in libr/bin/p/bin_dex.c in radare2 1.2.1 allow sremote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900444 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header,which could potentially lead to clickjacking. oval:org.secpod.oval:def:1900455 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash when parsing an invalid file. oval:org.secpod.oval:def:1900450 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900458 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. oval:org.secpod.oval:def:1900497 Cross-site scripting vulnerability in flash/Flashlibjs-mediaelement.as in libjs-mediaelement.js before 2.21.0, as used in WordPress before 4.5.2, allow sremote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by"jsinitfunctio%gn ... oval:org.secpod.oval:def:1900422 The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. oval:org.secpod.oval:def:1900428 The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900427 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900423 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900425 Memory leak in the vcard_apdu_new function in card_7816.c in libcacard0before 2.5.3 allows local guest OS users to cause a denial of service via vectors related to allocating a new APDU object. oval:org.secpod.oval:def:1900430 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user"s preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit th ... oval:org.secpod.oval:def:1900405 objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads while handling corrupt STABS enum typestrings in a crafted object file, leading to program crash. oval:org.secpod.oval:def:1900403 The cr_parser_parse_selector_core function in cr-parser.c in libcroco3-dev0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900413 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900412 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900507 Apache libtika-java before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity attacks via vectors involving spreadsheets in OOXML files and XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175 ... oval:org.secpod.oval:def:1900512 Buffer underflow in X.org libxvmc-dev before 1.0.10 allows remote X servers to have unspecified impact via an empty string. oval:org.secpod.oval:def:1900508 The icaltime_from_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900522 The icalparser_parse_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1900747 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. oval:org.secpod.oval:def:1900746 GNOME Web 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. oval:org.secpod.oval:def:1900744 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. oval:org.secpod.oval:def:1900750 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:1900759 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. oval:org.secpod.oval:def:1900754 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1900753 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. oval:org.secpod.oval:def:1900756 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none. oval:org.secpod.oval:def:1900723 In Long Range Zip 0.631, there is an infinite loop and application hang in the get_fileinfo function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1900719 In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream in sass_context.cpp. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900732 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1900780 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , HTTP/0.9 is handled poorly. An HTTP/1 style request line that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version , then the ... oval:org.secpod.oval:def:1900786 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900790 An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user"s session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_sess ... oval:org.secpod.oval:def:1900797 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1900799 The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1900762 The elf_object_p function in elfcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service or possibly have unspecif ... oval:org.secpod.oval:def:1900765 WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c ... oval:org.secpod.oval:def:1900767 There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. oval:org.secpod.oval:def:1900772 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot"s AES-CBC encryption feature using environment encryption read environment variables from disk as the encrypted disk image is processed. An attacker with physical access ... oval:org.secpod.oval:def:1900771 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900774 An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op is due to a failure to check a pointer for being in bounds . oval:org.secpod.oval:def:1900779 A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. oval:org.secpod.oval:def:1900715 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. oval:org.secpod.oval:def:1900710 Prevent a MITM from forcing a NULL cipher for UDP oval:org.secpod.oval:def:1900711 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service , related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. oval:org.secpod.oval:def:1900707 An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. oval:org.secpod.oval:def:1900709 There is a stack consumption vulnerability in the lex function in parser.hpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:1900821 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900831 bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_ ... oval:org.secpod.oval:def:1900803 In Long Range Zip 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:1900815 In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. oval:org.secpod.oval:def:1900809 In Long Range Zip 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1900569 The XvQueryAdaptors and XvQueryEncodings functions in X.org libxv-dev before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. oval:org.secpod.oval:def:1900573 X.org libxi-dev before 1.7.7 allows remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1900579 The icalproperty_new_clone function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted icsfile. oval:org.secpod.oval:def:1900556 Tilibming-dev attack vulnerability oval:org.secpod.oval:def:1900684 In Apache Tika 1.19 , we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. ... oval:org.secpod.oval:def:1900697 An issue was discovered in liburiparser1 before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. oval:org.secpod.oval:def:1900699 etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. oval:org.secpod.oval:def:1900662 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:1900666 The spice-client-gtk widget allows remote authenticated users to obtain information from the host clipboard. oval:org.secpod.oval:def:1900672 There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900674 libical-dev allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:1900670 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1900861 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a IIS header that lets users override the path in the request URL via the X-Origina ... oval:org.secpod.oval:def:1900868 HTTPoxy oval:org.secpod.oval:def:1900867 rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. oval:org.secpod.oval:def:1900864 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service , which could be relevant if unrarlib is used as library code for a long-running application. oval:org.secpod.oval:def:1900873 The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "o ... oval:org.secpod.oval:def:1900874 It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the "System: Read Stage Users" permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclo ... oval:org.secpod.oval:def:1900877 Multiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. oval:org.secpod.oval:def:1900876 An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not norm ... oval:org.secpod.oval:def:1900853 QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:1900852 Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. oval:org.secpod.oval:def:1900889 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. oval:org.secpod.oval:def:1900886 SimpleXML is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. oval:org.secpod.oval:def:1900899 GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow while attempting to unget an EOF character from the input stream, potentially leading to a program crash. oval:org.secpod.oval:def:1901003 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1900980 Async Http Client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a "?" character occurs in a fragment identifier. Similar bugs were previously identified in cURL and Oracle Java 8 java.net.URL. oval:org.secpod.oval:def:1900982 opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900984 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn"t stop when it should after no match is found; inste ... oval:org.secpod.oval:def:1900987 phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. oval:org.secpod.oval:def:1900994 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900998 A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. oval:org.secpod.oval:def:1900960 The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. oval:org.secpod.oval:def:1900969 The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html. oval:org.secpod.oval:def:1900977 In ng_pkt in transports/smart_pkt.c in libgit2-dev before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS. oval:org.secpod.oval:def:1900974 In the GNU C Library through 2.29, the memcmp function for the x32 architecture can incorrectly return zero because the RDX most significant bit is mishandled. oval:org.secpod.oval:def:1900976 cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. oval:org.secpod.oval:def:1900901 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. oval:org.secpod.oval:def:1900900 opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900911 Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. oval:org.secpod.oval:def:1900913 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. oval:org.secpod.oval:def:1900905 In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. oval:org.secpod.oval:def:1900907 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. oval:org.secpod.oval:def:1900942 An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be ... oval:org.secpod.oval:def:1900939 There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:1900925 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Web Assembly file. oval:org.secpod.oval:def:1900916 The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1900918 dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on ... oval:org.secpod.oval:def:1900927 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. oval:org.secpod.oval:def:1901037 An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. oval:org.secpod.oval:def:1901034 ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. oval:org.secpod.oval:def:1901047 In Moodle 3.3, the course overview block reveals activities in hidden courses. oval:org.secpod.oval:def:1901014 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. oval:org.secpod.oval:def:1901010 In Moodle 3.x, course creators are able to change system default settings for courses. oval:org.secpod.oval:def:1901011 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1901025 There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor"s CVE-2017-11555 fix . oval:org.secpod.oval:def:1901029 The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to decrypt hashed passwords by leveraging knowledge of client registration codes or gain login access by eavesdropping on login messages and re-using the hashed passwords. oval:org.secpod.oval:def:1901050 An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web ap ... oval:org.secpod.oval:def:1901200 rsyslog librelp0 version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by se ... oval:org.secpod.oval:def:1901207 The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901236 In SWFTools, a memcpy buffer overflow was found in swfc. oval:org.secpod.oval:def:1901243 FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fix ... oval:org.secpod.oval:def:1901214 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901213 In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901210 DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonst ... oval:org.secpod.oval:def:1901218 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. oval:org.secpod.oval:def:1901222 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901152 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. oval:org.secpod.oval:def:1901164 OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c oval:org.secpod.oval:def:1901133 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901132 An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1901142 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. oval:org.secpod.oval:def:1901144 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901143 There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. Th ... oval:org.secpod.oval:def:1901196 In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. oval:org.secpod.oval:def:1901195 liblibvips-dev before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. oval:org.secpod.oval:def:1901175 Moodle 3.x has user fullname disclosure on the user preferences page. oval:org.secpod.oval:def:1901174 Cross-site scripting vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NO ... oval:org.secpod.oval:def:1901184 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the yr_re_exec function. oval:org.secpod.oval:def:1900469 Arbitrary File Write oval:org.secpod.oval:def:1901273 The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. oval:org.secpod.oval:def:1901255 The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. oval:org.secpod.oval:def:1901254 In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. oval:org.secpod.oval:def:704925 python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg oval:org.secpod.oval:def:1901111 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability. oval:org.secpod.oval:def:1901125 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901103 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. oval:org.secpod.oval:def:1901100 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware . The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attack ... oval:org.secpod.oval:def:1901099 The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an inco ... oval:org.secpod.oval:def:1901092 In Apache libuima-core-java prior to 2.10.2, Apache libuima-core-java 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion capability of various XML parsers. UIMA ... oval:org.secpod.oval:def:1901073 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. oval:org.secpod.oval:def:1901070 The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. oval:org.secpod.oval:def:1901087 [improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt] oval:org.secpod.oval:def:1901088 The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html. oval:org.secpod.oval:def:1901082 There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901080 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901056 The authentication protocol allows an oracle attack that could potentially be exploited. oval:org.secpod.oval:def:1901069 FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially c ... oval:org.secpod.oval:def:1901062 In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901311 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. oval:org.secpod.oval:def:1901324 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the "&" character is mishandled in certain contexts. oval:org.secpod.oval:def:1901325 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, a ... oval:org.secpod.oval:def:1901300 DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. oval:org.secpod.oval:def:1901307 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. oval:org.secpod.oval:def:1901356 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c ... oval:org.secpod.oval:def:1901359 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. oval:org.secpod.oval:def:1901365 GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:1901368 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901362 In Long Range Zip 0.631, there is a use-after-free in the ucompthread function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1901364 The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service via an empty field that should have contained a hostname or IP address. oval:org.secpod.oval:def:1901363 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. oval:org.secpod.oval:def:1901360 The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901333 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901334 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901344 The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901345 In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no "\0" character after the version string. oval:org.secpod.oval:def:1901340 batteriesConfig.mlp in OCaml Batteries Included 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901341 An accessibility flaw was found in the OpenStack Workflow service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. oval:org.secpod.oval:def:1901349 A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. oval:org.secpod.oval:def:1901279 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. oval:org.secpod.oval:def:1901288 Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp1 library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets. oval:org.secpod.oval:def:1901287 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. oval:org.secpod.oval:def:1901286 DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. oval:org.secpod.oval:def:1901281 i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is n ... oval:org.secpod.oval:def:1901298 Cross-site request forgery vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. oval:org.secpod.oval:def:1901431 readelf in GNU Binutils 2.28 has a use-after-free error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. oval:org.secpod.oval:def:1901433 In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. oval:org.secpod.oval:def:1901430 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. oval:org.secpod.oval:def:1901442 The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during " ... oval:org.secpod.oval:def:1901446 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot"s use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt th ... oval:org.secpod.oval:def:1901448 The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write while disassembling a corrupt binary that contains an empty function name, leading to a program crash. oval:org.secpod.oval:def:1901410 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. oval:org.secpod.oval:def:1901419 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. oval:org.secpod.oval:def:1901413 In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. oval:org.secpod.oval:def:1901416 Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp1 library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. oval:org.secpod.oval:def:1901420 In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. oval:org.secpod.oval:def:1901422 In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. oval:org.secpod.oval:def:1901429 The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file dur ... oval:org.secpod.oval:def:1901425 In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can"t access. oval:org.secpod.oval:def:1901424 In Long Range Zip 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. oval:org.secpod.oval:def:1901427 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x , and 9.4.x , when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored . If an intermediary decided on the shorter length, but ... oval:org.secpod.oval:def:1901426 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901476 Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp1 library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. oval:org.secpod.oval:def:1901474 An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user"s valid phpMyAdmin token. All 4.0.x versions are affected. oval:org.secpod.oval:def:1901489 There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. oval:org.secpod.oval:def:1901483 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. oval:org.secpod.oval:def:1901480 GNU linker in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of "\0" termination of a name field in ldlex.l. oval:org.secpod.oval:def:1901450 X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service via a reply in the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied category without a client sequence and with attached data. oval:org.secpod.oval:def:1901459 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. oval:org.secpod.oval:def:1901460 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule. oval:org.secpod.oval:def:1901463 JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. oval:org.secpod.oval:def:1901401 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. oval:org.secpod.oval:def:1901399 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. oval:org.secpod.oval:def:1901398 The pe_ILF_object_p function in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and ... oval:org.secpod.oval:def:1901371 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901370 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. oval:org.secpod.oval:def:1901387 XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. oval:org.secpod.oval:def:1901389 readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901530 libcgroup1 up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. oval:org.secpod.oval:def:1901532 readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. oval:org.secpod.oval:def:1901538 liblivemedia-dev in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash or possibly have unspecified other impact. oval:org.secpod.oval:def:1901534 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:1901537 libundertow-java before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access ... oval:org.secpod.oval:def:1901542 The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fi ... oval:org.secpod.oval:def:1901517 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. oval:org.secpod.oval:def:1901516 In Moodle 3.x, there is XSS in the assignment submission page. oval:org.secpod.oval:def:1901529 The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901523 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:1901491 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" c ... oval:org.secpod.oval:def:1901673 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. oval:org.secpod.oval:def:1901670 Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. oval:org.secpod.oval:def:1901682 A cross site scripting vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts ... oval:org.secpod.oval:def:1901689 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PNG file. oval:org.secpod.oval:def:1901651 Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lo ... oval:org.secpod.oval:def:1901653 SQL injection in multiple remote calls oval:org.secpod.oval:def:1901650 A flaw was found in RPC request using gfs2_create_req in glusterfs-common server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs-common server nodes. oval:org.secpod.oval:def:1901664 In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity attacks, as demonstrated by /ServerView. oval:org.secpod.oval:def:1901660 A cross site scripting vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/ht ... oval:org.secpod.oval:def:1901696 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service via a crafted web site, as demonstrated by GNOME Web . oval:org.secpod.oval:def:1901691 In SWFTools, a stack overflow was found in pdf2swf. oval:org.secpod.oval:def:1901694 When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load function in lib/png.c. oval:org.secpod.oval:def:1901600 Remote code execution in lspci_process oval:org.secpod.oval:def:1901638 A flaw was found in RPC request using gfs3_rename_req in glusterfs-common server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. oval:org.secpod.oval:def:1901637 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ... oval:org.secpod.oval:def:1901635 A flaw was found in RPC request using gfs3_symlink_req in glusterfs-common server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary c ... oval:org.secpod.oval:def:1901640 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create ... oval:org.secpod.oval:def:1901643 The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901649 An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerab ... oval:org.secpod.oval:def:1901648 glusterfs-common is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool ... oval:org.secpod.oval:def:1901645 A flaw was found in RPC request using gfs3_lookup_req in glusterfs-common server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. oval:org.secpod.oval:def:1901647 DoS in process_demand_active oval:org.secpod.oval:def:1901618 It was found that usage of snprintf function in feature/locks translator of glusterfs-common server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. oval:org.secpod.oval:def:1901611 DoS in sec_parse_crypt_info and in sec_recv oval:org.secpod.oval:def:1901621 FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provide ... oval:org.secpod.oval:def:1901627 glusterfs-common server before versions 3.10.12, 4.0.2 is vulnerable when using "auth.allow" option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. oval:org.secpod.oval:def:1901629 rbenv is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution oval:org.secpod.oval:def:1901622 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. oval:org.secpod.oval:def:1901619 It was found that glusterfs-common server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient ... oval:org.secpod.oval:def:1901773 In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. oval:org.secpod.oval:def:1901782 Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 . Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. oval:org.secpod.oval:def:1901788 mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1901715 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." oval:org.secpod.oval:def:1901714 When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup function in lib/q.c. oval:org.secpod.oval:def:1901717 In SWFTools, an address access exception was found in swfdump swf_GetBits. oval:org.secpod.oval:def:1901716 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. oval:org.secpod.oval:def:1901710 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer ... oval:org.secpod.oval:def:1901712 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a." oval:org.secpod.oval:def:1901707 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." oval:org.secpod.oval:def:1901726 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service via a crafted WAV file. oval:org.secpod.oval:def:1901725 When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite function in lib/rxfswf.c. oval:org.secpod.oval:def:1901727 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by s ... oval:org.secpod.oval:def:1901722 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901721 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF oval:org.secpod.oval:def:1901724 SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. oval:org.secpod.oval:def:1901723 SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS . oval:org.secpod.oval:def:1901719 In SWFTools, a memcpy buffer overflow was found in gif2swf. oval:org.secpod.oval:def:1901718 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter function in lib/modules/swffilter.c. oval:org.secpod.oval:def:1901704 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono function in lib/wav.c. oval:org.secpod.oval:def:1901706 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate function in lib/modules/swftools.c. oval:org.secpod.oval:def:1901705 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596." oval:org.secpod.oval:def:1901701 In SWFTools, a memory leak was found in wav2swf. oval:org.secpod.oval:def:1901751 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901752 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. oval:org.secpod.oval:def:1901757 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. oval:org.secpod.oval:def:1901763 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:1901769 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. oval:org.secpod.oval:def:1901733 Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901749 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... oval:org.secpod.oval:def:1901553 In Long Range Zip 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1901558 the web framework using ljharb"s qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. oval:org.secpod.oval:def:1901564 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a p ... oval:org.secpod.oval:def:1901568 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata is due to a failure to check a pointer for being in bounds and a failure in a check in dwarf_attr_list. oval:org.secpod.oval:def:1901597 It was found that an attacker could issue a xattr request via glusterfs-common FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. oval:org.secpod.oval:def:1901596 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. oval:org.secpod.oval:def:1901599 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs-common server node ... oval:org.secpod.oval:def:1901592 Major information leak in ui_clip_handle_data oval:org.secpod.oval:def:1901594 It was found that the "mknod" call derived from mknod can create files pointing to devices on a glusterfs-common server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs-common server node. oval:org.secpod.oval:def:1901591 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs-common server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs-common server node. oval:org.secpod.oval:def:1901574 An information disclosure vulnerability was discovered in glusterfs-common server. An attacker could issue a xattr request via glusterfs-common FUSE to determine the existence of any file. oval:org.secpod.oval:def:1901577 The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901571 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901579 A flaw was found in the way dic_unserialize function of glusterfs-common does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:1901587 Memory corruption in rdp_in_unistr oval:org.secpod.oval:def:1901581 DoS in mcs_recv_connect_response and in mcs_parse_domain_params oval:org.secpod.oval:def:1901584 It was found that glusterfs-common server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed bu ... oval:org.secpod.oval:def:1901580 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1(POI bugs 61338 and 61294 oval:org.secpod.oval:def:1902087 A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of se ... oval:org.secpod.oval:def:1902083 A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF a ... oval:org.secpod.oval:def:1902080 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1902082 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated ... oval:org.secpod.oval:def:1902081 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1902091 concat_filename in dwarf2.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service via a crafted binary file, as demonstrated by nm-new. oval:org.secpod.oval:def:1902090 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. oval:org.secpod.oval:def:1902093 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. oval:org.secpod.oval:def:1902092 The bfd_section_from_shdr function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service via a large attribute section. oval:org.secpod.oval:def:1902065 binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be ex ... oval:org.secpod.oval:def:1902067 load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. oval:org.secpod.oval:def:1902064 The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of *edd so that the address exceeds its own memory region, resul ... oval:org.secpod.oval:def:1902077 finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. oval:org.secpod.oval:def:1902079 The ignore_section_sym function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service vi ... oval:org.secpod.oval:def:1902078 An issue was discovered in the Binary File Descriptor library , as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. oval:org.secpod.oval:def:1902073 The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service , as demonstrated by nm. oval:org.secpod.oval:def:1902072 process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service via a crafted binary file, as demonstrated by readelf. oval:org.secpod.oval:def:1902074 A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. oval:org.secpod.oval:def:1902071 An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote atta ... oval:org.secpod.oval:def:1902005 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass." oval:org.secpod.oval:def:1902014 Certain function pointers in Trusted Boot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module by hooking these function pointers. oval:org.secpod.oval:def:1902017 OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. oval:org.secpod.oval:def:1902016 Unrestricted file upload in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. oval:org.secpod.oval:def:1902010 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. oval:org.secpod.oval:def:1902019 OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec call in the PHP code. Authentication is needed in order to exploit this vulnerability ... oval:org.secpod.oval:def:1902018 OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. oval:org.secpod.oval:def:1902047 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. oval:org.secpod.oval:def:1902042 In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. oval:org.secpod.oval:def:1902059 An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote ... oval:org.secpod.oval:def:1902055 Yubico libpam-u2f 1.0.7 attempts parsing of the configured authfile as root , and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be ... oval:org.secpod.oval:def:1902051 In Yubico libpam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it ... oval:org.secpod.oval:def:1902053 An issue was discovered in phpMyAdmin before 4.8.6. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. oval:org.secpod.oval:def:1902052 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim"s phpMyAdmin database, and the attacker can ... oval:org.secpod.oval:def:1902025 The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902029 libsoundtouch-dev version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open malicious file in soundstretch utility. oval:org.secpod.oval:def:1902033 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902032 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:1902031 Capstone 3.0.4 has an out-of-bounds vulnerability in X86_insn_reg_intel in arch/X86/X86Mapping.c. oval:org.secpod.oval:def:1902126 libqb-dev before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames without O_EXCL. oval:org.secpod.oval:def:1902128 URI_FUNC in UriParse.c in liburiparser1 before 0.9.1 has an out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. oval:org.secpod.oval:def:1902116 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service . The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list ... oval:org.secpod.oval:def:1902115 SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. oval:org.secpod.oval:def:1902117 MathJax version prior to version 2.7.4 contains a Cross Site Scripting vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed us ... oval:org.secpod.oval:def:1902119 In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 ... oval:org.secpod.oval:def:1901896 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. oval:org.secpod.oval:def:1901892 A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs. oval:org.secpod.oval:def:1901897 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. oval:org.secpod.oval:def:704909 pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker. oval:org.secpod.oval:def:1901838 The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. oval:org.secpod.oval:def:1901834 Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. oval:org.secpod.oval:def:1901840 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901809 ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service via invalid encoding. oval:org.secpod.oval:def:1901825 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. oval:org.secpod.oval:def:1901827 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. oval:org.secpod.oval:def:1901826 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. oval:org.secpod.oval:def:1901821 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. oval:org.secpod.oval:def:1901820 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. oval:org.secpod.oval:def:1901823 FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. oval:org.secpod.oval:def:1901873 DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost and trick the browser into sending requests to localhost . oval:org.secpod.oval:def:1901876 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:1901875 In GraphicsMagick 1.4 snapshot-20181209 Q8 there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specific ... oval:org.secpod.oval:def:1901878 A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe but POST allows creating in-order keys that an attacker can send. oval:org.secpod.oval:def:1901882 stb stb_image.h 2.19 as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. oval:org.secpod.oval:def:1901861 Hard coded domain name in example web service named StockQuoteService.jws leading to remote code execution oval:org.secpod.oval:def:1901863 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server resulting in weak encryption of data. oval:org.secpod.oval:def:1901862 In HDF5 1.10.1 there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901869 In GraphicsMagick 1.3.31 the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:1901864 In HDF5 1.10.1 there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:705303 graphicsmagick: collection of image processing tools Several security issues were fixed in GraphicsMagick. oval:org.secpod.oval:def:1901951 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. oval:org.secpod.oval:def:1901959 Byobu Apport hook may disclose sensitive information since it automatically uploads the local user"s .screenrc which may contain private hostnames, usernames and passwords. oval:org.secpod.oval:def:1901954 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are bui ... oval:org.secpod.oval:def:1901961 A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial"s path-checking logic and write files outside a repository. oval:org.secpod.oval:def:1901935 Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. oval:org.secpod.oval:def:1901937 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/ ... oval:org.secpod.oval:def:1901936 Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. oval:org.secpod.oval:def:1901940 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnera ... oval:org.secpod.oval:def:1901942 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulner ... oval:org.secpod.oval:def:1901941 gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. oval:org.secpod.oval:def:1901939 Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension. oval:org.secpod.oval:def:1901938 Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonR ... oval:org.secpod.oval:def:1901993 systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE check is mishandled. oval:org.secpod.oval:def:1901971 Persistent cross-site scripting in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _view ... oval:org.secpod.oval:def:1901970 An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. oval:org.secpod.oval:def:1901972 A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service . oval:org.secpod.oval:def:1901978 cleartext message spoofing oval:org.secpod.oval:def:1901981 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. oval:org.secpod.oval:def:1901980 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter ... oval:org.secpod.oval:def:705442 binutils: GNU assembler, linker and binary utilities Several security issues were fixed in GNU binutils. oval:org.secpod.oval:def:1901900 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. oval:org.secpod.oval:def:704079 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1900533 The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. oval:org.secpod.oval:def:45546 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1900095 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messingup terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:1902877 env_path_info underflow in fpm_main.c can lead to RCE oval:org.secpod.oval:def:1900174 In the cron package through 3.0pl1-128 on Debian, and through3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:1900353 libexif-dev through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif-dev/exif-data.c caused by improper length computation of the allocated data of an ExifMnoteentry which can cause denial-of-service or possibly information disclosure. oval:org.secpod.oval:def:66659 accountsservice: query and manipulate user account information Several security issues were fixed in AccountsService. oval:org.secpod.oval:def:50269 scp client spoofing via stderr oval:org.secpod.oval:def:50278 irssi: terminal based IRC client Irssi could be made to crash or execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:50279 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1901604 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exis ... oval:org.secpod.oval:def:69260 The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). oval:org.secpod.oval:def:49675 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:1901612 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:705102 sox: Swiss army knife of sound processing Details: USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. Original advisory SoX could be made to crash if it received a specially crafted MP3 file. oval:org.secpod.oval:def:68045 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:68046 libapache2-mod-perl2: Integration of perl with the Apache2 web server mod_perl could be made to run programs contrary to expectations. oval:org.secpod.oval:def:68049 freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:47530 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1902054 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables. oval:org.secpod.oval:def:1902050 Modelines allow arbitrary code execution by opening a specially crafted text file oval:org.secpod.oval:def:1902022 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress and results in a memory corruption and probably even a remote code execution. oval:org.secpod.oval:def:1902021 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update and results in a memory corruption and probably even a remote code execution. oval:org.secpod.oval:def:1902023 FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service . oval:org.secpod.oval:def:1902020 FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode that results in a memory corruption and possibly even a remote code execution. oval:org.secpod.oval:def:1900466 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:1900470 run user in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:1901770 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call. oval:org.secpod.oval:def:1900453 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900031 Squid before 4.4, when SNMP is enabled, allows a denial of service via an SNMP packet. oval:org.secpod.oval:def:48010 libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ... oval:org.secpod.oval:def:1901720 get_8bit_row in rdbmp.c in libturbojpeg through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. oval:org.secpod.oval:def:50337 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a la ... oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:68051 glib2.0: GLib Input, Output and Streaming Library GLib did not properly restrict directory and file permissions. oval:org.secpod.oval:def:68054 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704387 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1900408 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900404 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function inImfZip.cpp could cause the application to crash. oval:org.secpod.oval:def:704375 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:47236 postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:705641 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:1902125 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. oval:org.secpod.oval:def:1902127 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. oval:org.secpod.oval:def:1902123 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements . T ... oval:org.secpod.oval:def:1902122 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan. oval:org.secpod.oval:def:47604 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:1900101 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of tilibming-dev data using crafted packets. oval:org.secpod.oval:def:1900122 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of tilibming-dev data using crafted packets. oval:org.secpod.oval:def:1901457 The flv_write_packet function in libav-toolsformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure. oval:org.secpod.oval:def:1900131 Directory Traversal with ../ sequences occurs in AccountsService before0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb in user.c. oval:org.secpod.oval:def:1901831 NULL pointer dereference using a specially crafted X509 certificate oval:org.secpod.oval:def:1901833 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:61109 Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. oval:org.secpod.oval:def:61586 qtbase-opensource-src: Qt 5 libraries Several security issues were fixed in Qt. oval:org.secpod.oval:def:705381 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1901884 A flaw was found in the way pacemaker"s client-server authentication was implemented. A local attacker could use this flaw and combine it with other IPC weaknesses, to achieve local privilege escalation. oval:org.secpod.oval:def:1901881 A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS oval:org.secpod.oval:def:1900520 A vulnerability was found in libexif-dev. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service and Information Disclosure . oval:org.secpod.oval:def:705309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:48685 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:59741 libjpeg-turbo: library for handling JPEG files Several security issues were fixed in libjpeg-turbo. oval:org.secpod.oval:def:58423 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:46457 policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit. oval:org.secpod.oval:def:704414 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704873 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:1900055 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:1900214 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution;it may result in denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:53641 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901585 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:1901950 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1901957 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:1901960 The EAP-pwd implementation in hostapd before 2.8 and wpasupplicant_supplicant before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference . This affects ea ... oval:org.secpod.oval:def:58063 This sends a stream of SETTINGS frames to the server. Since the RFC requires that the server reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, o ... oval:org.secpod.oval:def:58060 This opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the servers queue the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a Denial-of-Service. Also known ... oval:org.secpod.oval:def:50590 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:50589 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. oval:org.secpod.oval:def:1901948 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:1901944 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:1901943 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted HEVC data. oval:org.secpod.oval:def:705012 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:61666 Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service . oval:org.secpod.oval:def:1901979 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:1900160 A cache-based side channel in GnuTLS implementation that leads to plaintext recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. oval:org.secpod.oval:def:704971 freerdp: RDP client for Windows Terminal Services Details: USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:1901072 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming. oval:org.secpod.oval:def:54577 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. oval:org.secpod.oval:def:704956 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:1901153 Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an ap ... oval:org.secpod.oval:def:706009 awstats: powerful and featureful web server log analyzer Several security issues were fixed in AWStats. oval:org.secpod.oval:def:1902113 An error within the "parse_tiff_ifd" function in LibRaw versions before 0.18.2 can be exploited to corrupt memory. oval:org.secpod.oval:def:1901811 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:50600 Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. oval:org.secpod.oval:def:704295 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:704204 perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file. oval:org.secpod.oval:def:1900033 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. oval:org.secpod.oval:def:1902114 An error related to the "LibRaw::panasonic_load_raw" function in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. oval:org.secpod.oval:def:1900159 An issue was discovered in libjpeg 9a. The get_text_gray_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900120 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent a ... oval:org.secpod.oval:def:704095 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704091 procps: /proc file system utilities Several security issues were fixed in procps-ng. oval:org.secpod.oval:def:704082 firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ... oval:org.secpod.oval:def:704071 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1901839 An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. oval:org.secpod.oval:def:704068 webkit2gtk: Web content engine library for GTK+ A security issue was fixed in WebKitGTK+. oval:org.secpod.oval:def:704063 mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in MySQL. oval:org.secpod.oval:def:46447 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:1900070 An issue was discovered in libjpeg 9a. The get_text_rgb_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900091 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to7.0.88. oval:org.secpod.oval:def:1900224 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22,8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by th ... oval:org.secpod.oval:def:704199 xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704192 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704190 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:704188 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704184 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted PDF. oval:org.secpod.oval:def:704173 libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:704164 clamav: Anti-virus utility for Unix ClamAV could be made to hang if it opened a specially crafted file. oval:org.secpod.oval:def:704158 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704153 firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704145 zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704147 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704127 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704128 mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey. oval:org.secpod.oval:def:704111 gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:704119 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704108 unbound: validating, recursive, caching DNS resolver A security issue was fixed in Unbound. oval:org.secpod.oval:def:1900320 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. oval:org.secpod.oval:def:47086 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:1900395 Integer overflow in io-ico.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. oval:org.secpod.oval:def:706044 rpcbind: converts RPC program numbers into universal addresses rpcbind could be made to consume resources and crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704288 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message. oval:org.secpod.oval:def:704284 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704277 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:1900319 RubyGems version 2.6.12 and earlier fails to validate specification names,allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. oval:org.secpod.oval:def:704252 lftp: Sophisticated command-line FTP/HTTP/BitTorrent client programs LFTP could be made to crash if it received specially crafted file. oval:org.secpod.oval:def:704244 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704247 libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack. oval:org.secpod.oval:def:704238 clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We a ... oval:org.secpod.oval:def:704225 libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input. oval:org.secpod.oval:def:704229 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704214 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704216 wget: retrieves files from the web Wget could be made to inject arbitrary cookie values. oval:org.secpod.oval:def:1900446 The make_available_at_least function in io-libtiff-tools.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a large libtiff-tools file. oval:org.secpod.oval:def:704398 firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704396 systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ... oval:org.secpod.oval:def:704383 libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack. oval:org.secpod.oval:def:704384 gettext: GNU Internationalization utilities gettext could be made to execute arbitrary code if it received a specially crafted message. oval:org.secpod.oval:def:704381 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:704376 spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin. oval:org.secpod.oval:def:704377 ppp: Point-to-Point Protocol ppp could be made to crash or bypass authentication if it received specially crafted network traffic. oval:org.secpod.oval:def:704372 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704373 systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704374 libxkbcommon: library interface to the XKB compiler - development files Details: USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in libxkbcommon. oval:org.secpod.oval:def:704371 network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900409 Integer underflow in the load_resources function in io-icns.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a crafted image entry size in anICO file. oval:org.secpod.oval:def:704369 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704356 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704350 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704351 moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:704352 libssh: A tiny C SSH library libssh could allow unintended access to network services. oval:org.secpod.oval:def:704353 paramiko: Python SSH2 library Paramiko could allow unintended access to network services. oval:org.secpod.oval:def:704358 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704347 clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704348 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704349 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704335 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704339 apparmor: Linux security system Use a more restrictive blacklist in several policy abstractions. oval:org.secpod.oval:def:704323 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704320 glib2.0: GLib Input, Output and Streaming Library Several security issues were fixed in GLib. oval:org.secpod.oval:def:704327 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704328 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704311 zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script. oval:org.secpod.oval:def:704314 firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ... oval:org.secpod.oval:def:704315 firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ... oval:org.secpod.oval:def:704316 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704317 clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3722-1 introduced a regressio ... oval:org.secpod.oval:def:704307 libx11: X11 client-side library Several security issues were fixed in libx11. oval:org.secpod.oval:def:704308 libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc. oval:org.secpod.oval:def:704309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704304 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704306 poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file. oval:org.secpod.oval:def:1901807 device_tree: heap buffer overflow while loading device tree blob oval:org.secpod.oval:def:47256 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:704432 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:704433 python-django: High-level Python web development framework Django could be made to expose spoofed information over the network. oval:org.secpod.oval:def:704439 php-pear: PHP Extension and Application Repository XXX FILL ME IN: Summary for regular users XXX XXX LOCAL TEMPLATES XXX PEAR could be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:704437 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:704421 cups: Common UNIX Printing System CUPS could be made to expose sensitive information. oval:org.secpod.oval:def:704422 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:704423 poppler: PDF rendering library Details: USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3837-1 introduced a regression in poppler. oval:org.secpod.oval:def:704425 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704417 ghostscript: PostScript and PDF interpreter Details: USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory USN-3831-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:704419 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack. oval:org.secpod.oval:def:704416 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704400 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704406 libssh: A tiny C SSH library Details: USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory USN-3795-1 and USN-3795-2 introduced a regression in libssh. oval:org.secpod.oval:def:704407 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704404 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation USN-3804-1 introduced a regression in OpenJDK. oval:org.secpod.oval:def:1900222 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server,could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-client-gtk versions through 0.34are ... oval:org.secpod.oval:def:704178 mutt: text-based mailreader supporting MIME, GPG, PGP and threading Several security issues were fixed in Mutt. oval:org.secpod.oval:def:704129 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:1901496 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:47871 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704941 postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1901676 GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may re ... oval:org.secpod.oval:def:1901684 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:50270 scp client spoofing via stderr oval:org.secpod.oval:def:50267 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50268 scp client missing received object name validation oval:org.secpod.oval:def:1900757 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. oval:org.secpod.oval:def:704251 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ... oval:org.secpod.oval:def:1900776 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:704660 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704651 ghostscript: PostScript and PDF interpreter Details: USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory USN-3866-2 introduced a regressi ... oval:org.secpod.oval:def:704652 ldb: LDAP-like embedded database - tools LDB could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704654 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704655 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704657 openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704658 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901135 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. oval:org.secpod.oval:def:704805 openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete. oval:org.secpod.oval:def:1901787 In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small oval:org.secpod.oval:def:1900026 The GD Graphics Library 2.2.5 has a double free in thegdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE:PHP is unaffected. oval:org.secpod.oval:def:1900006 rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command vulnerability in allow scppermission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allow scp permission. oval:org.secpod.oval:def:1900007 The libtiff-toolsFdOpen function in tif_unix.c in Liblibtiff-tools 4.0.10 has a memory leak,as demonstrated by pal2rgb. oval:org.secpod.oval:def:1900480 libical-dev 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1900014 Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, result ing in the execution of arbitrary shell commands. oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:1901708 XML parser class fails to trap exceptions on malformed XML declaration oval:org.secpod.oval:def:1901700 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. oval:org.secpod.oval:def:1901754 [Escape sequence injection vulnerability in verbose] oval:org.secpod.oval:def:1901756 [Escape sequence injection vulnerability in API response handling] oval:org.secpod.oval:def:1901760 [Delete directory using symlink when decompressing tar] oval:org.secpod.oval:def:1901739 [Escape sequence injection vulnerability in gem owner] oval:org.secpod.oval:def:1901742 [Installing a malicious gem may lead to arbitrary code execution] oval:org.secpod.oval:def:1901745 [Escape sequence injection vulnerability in errors] oval:org.secpod.oval:def:1900823 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. oval:org.secpod.oval:def:1900827 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. oval:org.secpod.oval:def:1900117 In Liblibtiff-tools 4.0.9, there is a NULL pointer dereference in the libtiff-toolsWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by libtiff-tools set. oval:org.secpod.oval:def:1900140 NULL pointer dereference in several CMS functions result ing in a denial of service oval:org.secpod.oval:def:1901473 Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. oval:org.secpod.oval:def:1901806 An out-of-bounds heap read condition when scanning PE files oval:org.secpod.oval:def:1901808 Buffer overflow vulnerability oval:org.secpod.oval:def:1901854 libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:704499 systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message. oval:org.secpod.oval:def:704493 python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704494 snapd: Daemon and tooling that enable snap packages snapd could be made to run programs as an administrator. oval:org.secpod.oval:def:704490 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704492 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704487 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704489 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:704485 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704475 avahi: Avahi IPv4LL network address configuration daemon Several security issues were fixed in Avahi. oval:org.secpod.oval:def:704473 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704474 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:704468 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704450 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704451 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704452 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704440 libcaca: text mode graphics utilities Several security issues were fixed in libcaca. oval:org.secpod.oval:def:704441 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704447 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704448 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704449 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:1901803 An out-of-bounds heap read condition when scanning PDF documents oval:org.secpod.oval:def:1901804 An out-of-bounds heap write condition when scanning OLE2 files oval:org.secpod.oval:def:704899 libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:704882 systemd: system and service manager The systemd PAM module could be used to gain additional PolicyKit privileges. oval:org.secpod.oval:def:704883 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:704880 lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script. oval:org.secpod.oval:def:704881 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704408 linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704888 rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input. oval:org.secpod.oval:def:704889 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:1900077 A NULL pointer dereference in the function _libtiff-tools memcmp at tif_unix.c in Liblibtiff-tools 4.0.9 allows an attacker to cause a denial-of-service through a crafted libtiff-tools file. This vulnerability can be triggered by the executable libtiff-tool scp. oval:org.secpod.oval:def:704877 advancecomp: collection of recompression utilities AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704878 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:704861 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:1900040 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This als ... oval:org.secpod.oval:def:704853 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704855 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox. oval:org.secpod.oval:def:704856 gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704846 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704842 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704845 xmltooling: C++ XML parsing library with encryption support xmltooling could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704836 snapd: Daemon and tooling that enable snap packages An intended access restriction in snapd could be bypassed by strict mode snaps on 64 bit architectures. oval:org.secpod.oval:def:704838 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704834 ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to crash or potentially run programs as an administrator if executed with specially crafted arguments. oval:org.secpod.oval:def:704824 libvirt: Libvirt virtualization toolkit libvirt could be made to crash under certain conditions. oval:org.secpod.oval:def:704827 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:704822 walinuxagent: Windows Azure Linux Agent WALinuxAgent could be made to expose sensitive information. oval:org.secpod.oval:def:1900685 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. oval:org.secpod.oval:def:1901120 0-byte record padding oracle oval:org.secpod.oval:def:50568 openvswitch: Ethernet virtual switch Several security issues were fixed in Open vSwitch. oval:org.secpod.oval:def:50592 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribu ... oval:org.secpod.oval:def:1901515 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. oval:org.secpod.oval:def:704501 ghostscript: PostScript and PDF interpreter Details: USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory USN-3866-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:1901079 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. oval:org.secpod.oval:def:1900794 In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. oval:org.secpod.oval:def:1900314 The function d2a law_array in a law.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245. oval:org.secpod.oval:def:1902089 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1902084 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service or possibly have unspecified other impact because it tries to decompress twice. oval:org.secpod.oval:def:1902085 Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. oval:org.secpod.oval:def:1902099 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. oval:org.secpod.oval:def:1902095 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. oval:org.secpod.oval:def:1902096 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. oval:org.secpod.oval:def:1902068 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes. oval:org.secpod.oval:def:1902063 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. oval:org.secpod.oval:def:1902070 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ... oval:org.secpod.oval:def:1902044 heap-buffer-overflow on php_jpg_get16 oval:org.secpod.oval:def:1902043 AdminURLFieldWidget XSS oval:org.secpod.oval:def:1902040 Out-of-bounds read in iconv.c:_php_iconv_mime_decode due to integer overflow oval:org.secpod.oval:def:1902024 It was discovered the fix for CVE-2018-19758 was not complete and still allows a read beyond the limits of a buffer in wav_write_header function in wav.c. A local attacker may use this flaw to make the application crash. oval:org.secpod.oval:def:1901170 The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of ... oval:org.secpod.oval:def:1902037 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. oval:org.secpod.oval:def:1902036 An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn"t support that option , an authenticated user may block ... oval:org.secpod.oval:def:1902034 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. oval:org.secpod.oval:def:1901355 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. oval:org.secpod.oval:def:1901702 Jann Horn identified a problem in current versions of libseccomp-dev where the library did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators . oval:org.secpod.oval:def:1901755 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find located at Dict.cc, which can be triggered by passing a crafted pdf file to the pdfunite binary. oval:org.secpod.oval:def:1901762 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. oval:org.secpod.oval:def:1901761 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. oval:org.secpod.oval:def:1901744 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. oval:org.secpod.oval:def:1900896 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. oval:org.secpod.oval:def:1901743 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. oval:org.secpod.oval:def:1902102 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. oval:org.secpod.oval:def:1902107 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of ... oval:org.secpod.oval:def:1902106 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service because ebl_core_note does not reject malformed core file notes. oval:org.secpod.oval:def:1902111 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. oval:org.secpod.oval:def:1900105 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. oval:org.secpod.oval:def:1900114 In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:1900119 A stack-based buffer overflow in psf_memset in common.c in libsndfile11.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.The vulnerability can be triggered by the executable sndfile-deinterleave. oval:org.secpod.oval:def:704916 tcpflow: TCP flow recorder tcpflow could be made to crash or expose sensitive information over the network if it opened a specially crafted file or received specially crafted network traffic. oval:org.secpod.oval:def:704917 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:704912 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901894 Heap-buffer-overflow in exif_iif_add_value in EXIF oval:org.secpod.oval:def:1901893 Heap-buffer-overflow in php_ifd_get32s oval:org.secpod.oval:def:704902 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ... oval:org.secpod.oval:def:704903 ntfs-3g: read/write NTFS driver for FUSE Details: USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory A hardening measure was added to NTFS-3G. oval:org.secpod.oval:def:1900144 In libpoppler-dev 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extract PDFSubtype processing. oval:org.secpod.oval:def:1900146 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:1900143 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile1 1.0.28 that will cause a denial of service. oval:org.secpod.oval:def:1900149 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes result ing in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:1900154 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. oval:org.secpod.oval:def:1900123 An issue was discovered in libsndfile1 1.0.28. There is a NULL pointerdereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. oval:org.secpod.oval:def:1900130 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2a law_array in a law.c that will lead to a denial of service. oval:org.secpod.oval:def:1900137 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:1901816 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. oval:org.secpod.oval:def:1901824 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:1901822 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. oval:org.secpod.oval:def:1901817 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. oval:org.secpod.oval:def:1900071 An issue was discovered in libpoppler-dev 0.71.0. There is a memory leak inGfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftolibcairo2-dev. oval:org.secpod.oval:def:1900042 In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. oval:org.secpod.oval:def:1900044 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. oval:org.secpod.oval:def:1900058 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:1900088 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service via a crafted PNG file. oval:org.secpod.oval:def:704814 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1900090 corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. oval:org.secpod.oval:def:1900696 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. oval:org.secpod.oval:def:1900267 An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900273 An out of bounds read in the function d2a law_array in a law.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900256 In libsndfile1 1.0.28, a divide-by-zero error exists in the function double64_init in double64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1901107 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. oval:org.secpod.oval:def:705050 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705049 znc: advanced modular IRC bouncer znc could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:1901966 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. oval:org.secpod.oval:def:705036 policykit-desktop-privileges: run common desktop actions without password A security improvement has been made to policykit-desktop-privileges. oval:org.secpod.oval:def:1901931 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:1901930 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure via a crafted vcf file. oval:org.secpod.oval:def:1901927 The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:705010 dbus: simple interprocess messaging system DBus could allow unintended access to services. oval:org.secpod.oval:def:705013 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ... oval:org.secpod.oval:def:705007 glib2.0: GLib library of C routines GLib could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705008 libsndfile: Library for reading/writing audio files Several security issues were fixed in libsndfile. oval:org.secpod.oval:def:705009 elfutils: collection of utilities to handle ELF objects Several security issues were fixed in elfutils. oval:org.secpod.oval:def:1901913 A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. oval:org.secpod.oval:def:1901910 An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds r ... oval:org.secpod.oval:def:704993 db5.3: Berkeley DB Utilities Berkeley DB could be made to expose sensitive information. oval:org.secpod.oval:def:704995 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704998 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:704999 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ... oval:org.secpod.oval:def:1900165 In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImagefunction of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:704980 qtbase-opensource-src: Qt 5 libraries Several security issues were fixed in Qt. oval:org.secpod.oval:def:1900161 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:704970 keepalived: Failover and monitoring daemon for LVS clusters Keepalived could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704973 corosync: cluster engine daemon and utilities Corosync could be made to crash or execute arbitrary code if it received a specially crafted request. oval:org.secpod.oval:def:704974 evolution-data-server: Evolution suite data server Evolution Data Server would sometimes display email content as encrypted when it was not. oval:org.secpod.oval:def:704975 libseccomp: library for working with the Linux seccomp filter libseccomp could allow unintended access to system calls. oval:org.secpod.oval:def:704960 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1901078 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. oval:org.secpod.oval:def:704968 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3976-1 introduced a regression i ... oval:org.secpod.oval:def:704952 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:704955 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:704944 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:704934 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1902564 The client creates multiple request streams and continually shuffles the priority of the streams in a way which causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Resource Loop / Priority Shuffling". oval:org.secpod.oval:def:1901240 A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. oval:org.secpod.oval:def:1902570 The client can request a large amount of data from a specified resource over multiple streams. It can manipulate window sizes and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, po ... oval:org.secpod.oval:def:705184 ibus: Intelligent Input Bus - core Details: USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory USN 4134-1 introduced a regression in IBus. oval:org.secpod.oval:def:705185 libreoffice: Office productivity suite LibreOffice could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705179 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:705176 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:705177 apache2: Apache HTTP server Details: USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory ... oval:org.secpod.oval:def:705178 wpa: client support for WPA and WPA2 wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. oval:org.secpod.oval:def:705172 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - ... oval:org.secpod.oval:def:705173 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:705168 tomcat8: Servlet and JSP engine Several security issues were fixed in Tomcat 8. oval:org.secpod.oval:def:705165 memcached: high-performance memory object caching system Memcached could be made to expose sensitive information if it received a specially crafted UNIX socket. oval:org.secpod.oval:def:705162 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705150 dovecot: IMAP and POP3 email server Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. oval:org.secpod.oval:def:705151 ghostscript: PostScript and PDF interpreter Ghostscript could be made to access arbitrary files if it opened a specially crafted file. oval:org.secpod.oval:def:705152 dovecot: IMAP and POP3 email server Details: USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4110-1 introduced a regression in Dovecot. oval:org.secpod.oval:def:705132 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:705133 nltk: Python libraries for natural language processing NLTK could be made to overwrite files. oval:org.secpod.oval:def:705134 giflib: library for GIF images Several security issues were fixed in GIFLIB. oval:org.secpod.oval:def:705124 nova: OpenStack Compute cloud infrastructure Nova could be made to expose sensitive information. oval:org.secpod.oval:def:705126 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:705127 docker.io: Linux container runtime Details: Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Original advisory Docker could be made to crash o ... oval:org.secpod.oval:def:705120 firefox: Mozilla Open Source web browser A local attacker could obtain saved passwords. oval:org.secpod.oval:def:705128 kconfig: configuration settings framework for Qt - kde4libs: KDE 4 core applications and libraries KConfig and KDE libraries could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:705114 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image. oval:org.secpod.oval:def:705115 mariadb-10.1: MariaDB database Details: USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.41. In addition to security fixes ... oval:org.secpod.oval:def:705119 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705101 sigil: multi-platform ebook editor Sigil could be made to overwrite files. oval:org.secpod.oval:def:705107 ruby-rack: modular Ruby webserver interface Rack could allow cross-site scripting attacks. oval:org.secpod.oval:def:705108 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:705109 ghostscript: PostScript and PDF interpreter Ghostscript could be made to access files if it opened a specially crafted file. oval:org.secpod.oval:def:1900459 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in libgif-dev 5.1.2 allows remote attackers to cause a denial of service via the background color index in a GIF file. oval:org.secpod.oval:def:705254 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705248 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:705241 tiff: Tag Image File Format library Several security issues were fixed in LibTIFF. oval:org.secpod.oval:def:705243 uw-imap: c-client library for mail protocols - library files UW IMAP could be made to execute programs if it received specially crafted input. oval:org.secpod.oval:def:705240 aspell: GNU Aspell spell-checker Aspell could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:1901765 [HTTP/2 DoS] oval:org.secpod.oval:def:705235 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:705239 libsdl1.2: Simple DirectMedia Layer Several security issues were fixed in SDL. oval:org.secpod.oval:def:705223 e2fsprogs: ext2/ext3/ext4 file system utilities e2fsprogs could be made to execute arbitrary code if it is running in a crafted ext4 partition. oval:org.secpod.oval:def:705224 libsdl2: Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces SDL 2.0 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705220 firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website. oval:org.secpod.oval:def:705221 file-roller: archive manager for GNOME File Roller could be made to overwrite sensitive files if it received a specially crafted TAR file. oval:org.secpod.oval:def:1900102 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->Running Code - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900989 In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker"s control, allowing to run arbitrary code as a result. oval:org.secpod.oval:def:1900093 ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. oval:org.secpod.oval:def:705093 tmpreaper: cleans up files in directories based on their age tmpreaper could be made to overwrite files as the administrator. oval:org.secpod.oval:def:705084 patch: Apply a diff file to an original Several security issues were fixed in Patch. oval:org.secpod.oval:def:705086 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705076 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705077 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:705079 libmspack: library for Microsoft compression formats libmspack could be made to expose sensitive information if it received a specially crafted CHM file. oval:org.secpod.oval:def:58064 This sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially le ... oval:org.secpod.oval:def:1901963 Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a mount via rename which could result in local privilege escalation. Mounting via rename could potentially lead to a file being placed elsewhereon the filesystem hierarchy if the directory being cleaned up was on the same physica ... oval:org.secpod.oval:def:705175 ibus: Intelligent Input Bus - core IBus would allow local users to capture key strokes of other locally logged in users. oval:org.secpod.oval:def:1902088 A NULL pointer dereference was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. oval:org.secpod.oval:def:1902086 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name, d_encoding, and d_local_name in cp-demangle.c. Remote attackers could leverage this vulnerability to c ... oval:org.secpod.oval:def:1902069 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. oval:org.secpod.oval:def:1902066 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual and cplus_demangle_type in cp-demangle.c. Remote attackers could leverage this vulnerability ... oval:org.secpod.oval:def:1902062 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many "P" characters. oval:org.secpod.oval:def:1902061 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. oval:org.secpod.oval:def:1902060 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_funct ... oval:org.secpod.oval:def:1902076 demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. oval:org.secpod.oval:def:1902075 An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_ ... oval:org.secpod.oval:def:1901163 ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. oval:org.secpod.oval:def:705285 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:705283 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:705284 postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to create arbitrary directories. oval:org.secpod.oval:def:705379 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:705365 sudo: Provide limited super user privileges to specific users Sudo could allow unintended access to the administrator account. oval:org.secpod.oval:def:705311 libssh: A tiny C SSH library libssh could be made to run programs under certain conditions. oval:org.secpod.oval:def:705312 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705313 librabbitmq: Command-line utilities for interacting with AMQP servers Details: USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory RabbitMQ could be made to execute arbitrary code if it received a s ... oval:org.secpod.oval:def:705314 libpcap: Library for for user-level network packet capture Applications using libpcap could be made to crash if given specially crafted data. oval:org.secpod.oval:def:705305 intel-microcode: Processor microcode for Intel CPUs Details: USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the ... oval:org.secpod.oval:def:1900052 Input validation issue result ing in a denial of service oval:org.secpod.oval:def:1901967 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:1901969 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:1901928 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. oval:org.secpod.oval:def:705462 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705440 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information. oval:org.secpod.oval:def:705431 libiberty: library of utility functions used by GNU programs Several security issues were fixed in libiberty. oval:org.secpod.oval:def:705439 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:705421 apport: automatically generate crash reports for debugging Several security issues were fixed in Apport. oval:org.secpod.oval:def:705420 libpam-krb5: PAM module for MIT Kerberos pam-krb5 could be made to execute arbitrary code if it received a specially crafted response. oval:org.secpod.oval:def:705429 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705415 ibus: Intelligent Input Bus - core Details: USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize f ... oval:org.secpod.oval:def:705567 libssh: None libssh could be made to crash if it received a specially crafted request. oval:org.secpod.oval:def:705542 firefox: Mozilla Open Source web browser A X-Frame-Options bypass was discovered in Firefox. oval:org.secpod.oval:def:705543 snapd: Daemon and tooling that enable snap packages An intended access restriction in snapd could be bypassed by strict mode snaps. oval:org.secpod.oval:def:705540 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705528 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705524 glib-networking: Network extensions for GLib Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:705515 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:705516 libexif: library to parse EXIF files Several security issues were fixed in libexif. oval:org.secpod.oval:def:1900454 saned in libsane-dev 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. oval:org.secpod.oval:def:1900401 An issue was discovered in apng2gif 1.7. There is an integer overflow result ing in a heap-based buffer over-read, related to the load_a pngfunction and the imagesize variable. oval:org.secpod.oval:def:705630 storebackup: fancy compressing managing checksumming deduplicating hard-linkin StoreBackup could be made to stop executing or generate a race condition if it received a lock file in the default location. oval:org.secpod.oval:def:705631 qemu: Machine emulator and virtualizer QEMU could be made to crash or run programs. oval:org.secpod.oval:def:705629 libproxy: automatic proxy configuration management library libproxy could be made to crash if it received a specially crafted PAC file. oval:org.secpod.oval:def:705623 ruby-websocket-extensions: Generic extension manager for WebSocket connections websocket-extensions could be made to exhaust the server"s capacity to process incoming requests if it received specially crafted requests. oval:org.secpod.oval:def:705626 libdbi-perl: Perl Database Interface Perl DBI module could be made to execute arbitrary code if it received a specially manipulated call. oval:org.secpod.oval:def:705527 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:1902015 libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. oval:org.secpod.oval:def:1901302 [Unknown description] oval:org.secpod.oval:def:1900018 The Debian python-python-rdflib-tools 4.2.2-1 package for python-rdflib 4.2.2 has CLItools that can load Python modules from the current working directory,allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scr ... oval:org.secpod.oval:def:705649 netty-3.9: Asynchronous event-driven network application framework Several security issues were fixed in Netty. oval:org.secpod.oval:def:705639 libpam-tacplus: PAM module for using TACACS+ as an authentication service pam_tacplus could be made to expose sensitive information. oval:org.secpod.oval:def:1901898 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl ... oval:org.secpod.oval:def:1901899 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t ... oval:org.secpod.oval:def:1900126 GNU libextractor-dev through 1.8 has an out-of-bounds read vulnerability in the function history_extract in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. oval:org.secpod.oval:def:1900986 An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range arg ... oval:org.secpod.oval:def:1900991 An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when th ... oval:org.secpod.oval:def:1900966 An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnupl ... oval:org.secpod.oval:def:1901871 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:705795 aptdaemon: transaction based package management service Several security issues were fixed in Aptdaemon. oval:org.secpod.oval:def:705798 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:705794 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it processed specially crafted input. oval:org.secpod.oval:def:705799 apt: Advanced front-end for dpkg APT could be made to crash or stop responding if it opened a specially crafted file. oval:org.secpod.oval:def:705769 pulseaudio: PulseAudio sound server PulseAudio could be made to expose sensitive information. oval:org.secpod.oval:def:705748 pacemaker: Cluster resource manager Pacemaker could be made to run programs as an administrator. oval:org.secpod.oval:def:705747 openldap: Lightweight Directory Access Protocol OpenLDAP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900068 GNU libextractor-dev through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata in plugins/ole2_extractor.c. oval:org.secpod.oval:def:705731 ca-certificates: Common CA certificates The CA certificates in the ca-certificates package were updated. oval:org.secpod.oval:def:705732 pam-python: Enables PAM modules to be written in Python Details: USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. We apologize for the inconven ... oval:org.secpod.oval:def:705708 linux: Linux kernel - linux-raspi: Linux kernel for Raspberry Pi systems - linux-hwe-5.4: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux ... oval:org.secpod.oval:def:704854 libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache Several security issues were fixed in mod_auth_mellon. oval:org.secpod.oval:def:1901906 [Unknown description] oval:org.secpod.oval:def:1901905 [Unknown description] oval:org.secpod.oval:def:1901907 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS ... oval:org.secpod.oval:def:1901901 [Unknown description] oval:org.secpod.oval:def:1901904 [Unknown description] oval:org.secpod.oval:def:1901903 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto ... oval:org.secpod.oval:def:704996 mariadb-10.1: MariaDB database Details: USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.40. In addition to security fixes, the updated package conta ... oval:org.secpod.oval:def:705821 libemail-address-list-perl: RFC close address list parsing Email-Address-List could be made to remotely exhaust resources if it received specially crafted email data. oval:org.secpod.oval:def:705816 gst-plugins-base1.0: GStreamer plugins - gst-plugins-base0.10: GStreamer plugins GStreamer Base Plugins could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705817 evince: Document viewer Evince could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705813 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705800 python-apt: Python interface to libapt-pkg python-apt could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:705920 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original a ... oval:org.secpod.oval:def:705921 wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705917 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisor ... oval:org.secpod.oval:def:705919 tiff: Tag Image File Format library Several security issues were fixed in LibTIFF. oval:org.secpod.oval:def:705910 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory USN-4698-1 introdu ... oval:org.secpod.oval:def:705906 openldap: Lightweight Directory Access Protocol OpenLDAP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705907 qemu: Machine emulator and virtualizer Details: USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4467-1 introduced a regression in QEMU. oval:org.secpod.oval:def:705908 xterm: X terminal emulator xterm could be made to crash or run programs if it handled specially crafted character sequences. oval:org.secpod.oval:def:705909 screen: terminal multiplexer with VT100/ANSI terminal emulation GNU Screen could be made to crash or run programs if it processed specially crafted character sequences. oval:org.secpod.oval:def:1900035 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:1902109 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Me ... oval:org.secpod.oval:def:50591 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system ba ... oval:org.secpod.oval:def:65735 'biosdevname' is an external tool that works with the udev framework for naming devices. 'biosdevname' uses three methods to determine NIC names: 1. PCI firmware spec.3.1 2. smbios (matches # after "em" to OEM # printed on board or housing) 3. PCI IRQ Routing Table (uses # of NIC position in t ... oval:org.secpod.oval:def:51260 Monitor session initiation events. The parameters in this section track changes to the files associated with session events. The file /var/run/utmp file tracks all currently logged in users. The /var/log/wtmp file tracks logins, logouts, shutdown and reboot events. All audit records will be tagged w ... oval:org.secpod.oval:def:51261 Capture events where the system date and/or time has been modified. The parameters in this section are set to determine if the adjtimex (tune kernel clock), settimeofday (Set time, using timeval and timezone structures) stime (using seconds since 1/1/1970) or clock_settime (allows for the setting of ... oval:org.secpod.oval:def:51264 Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribu ... oval:org.secpod.oval:def:51263 Record changes to network environment files or system calls. The below parameters monitor the sethostname (set the systems host name) or setdomainname (set the systems domainname) system calls, and write an audit event on system call exit. The other parameters monitor the /etc/issue and /etc/issue.n ... oval:org.secpod.oval:def:51255 Normally, auditd will hold 4 logs of maximum log file size before deleting older log files. In high security contexts, the benefits of maintaining a long audit history exceed the cost of storing the audit history. max_log_file_action setting in /etc/audit/auditd.conf is set to at least a certain v ... oval:org.secpod.oval:def:51254 The accounts should be configured to expire automatically following Inactivity accounts. oval:org.secpod.oval:def:51256 The auditd daemon can be configured to halt the system when the audit logs are full. In high security contexts, the risk of detecting unauthorized access or nonrepudiation exceeds the benefit of the system's availability. space_left_action, action_mail_acct and admin_space_left_action setting in / ... oval:org.secpod.oval:def:51259 Monitor changes to file permissions, attributes, ownership and group. The parameters in this section track changes for system calls that affect file permissions and attributes. The chmod, fchmod and fchmodat system calls affect the permissions associated with a file. The chown, fchown, fchownat and ... oval:org.secpod.oval:def:51258 Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to the /etc/selinux directory. Changes to files in this directory could indicate that an unauthorized user is atte ... oval:org.secpod.oval:def:51270 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. oval:org.secpod.oval:def:51273 Set system audit so that audit rules cannot be modified with auditctl. Setting the flag "-e 2" forces audit to be put in immutable mode. Audit changes can only be made on system reboot. In immutable mode, unauthorized users cannot execute changes to the audit system to potentially hide malicious ac ... oval:org.secpod.oval:def:51272 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:51275 The talk software makes it possible for users to send and receive messages across systems through a terminal session. oval:org.secpod.oval:def:51274 Monitor the loading and unloading of kernel modules. The programs insmod (install a kernel module), rmmod (remove a kernel module), and modprobe (a more sophisticated program to load and unload modules, as well as some other features) control loading and unloading of modules. The init_module (load a ... oval:org.secpod.oval:def:51265 Monitor for unsuccessful attempts to access files. The parameters below are associated with system calls that control creation (creat), opening (open, openat) and truncation (truncate, ftruncate) of files. An audit log record will only be written if the user is a nonprivileged user (auid > = 500), i ... oval:org.secpod.oval:def:51268 The prelinking feature changes binaries in an attempt to decrease their startup time. oval:org.secpod.oval:def:51267 Monitor the use of the mount system call. The mount (and umount) system call controls the mounting and unmounting of file systems. The parameters below configure the system to create an audit record when the mount system call is used by a non-privileged user. It is highly unusual for a non privileg ... oval:org.secpod.oval:def:51269 By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on the specified TCP port. The guidance in the section ensures ... oval:org.secpod.oval:def:51282 The DPKG package 'rsyslog' should be installed. oval:org.secpod.oval:def:51281 The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server. oval:org.secpod.oval:def:51284 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:51283 TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that can support tcp wrappers ... oval:org.secpod.oval:def:51286 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:51285 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:51277 The DPKG package 'xserver-xorg-core' should be removed. oval:org.secpod.oval:def:51276 The rsh package contains the client commands for the rsh services. oval:org.secpod.oval:def:51279 The DPKG package 'aide' should be installed. oval:org.secpod.oval:def:51291 The kernel module udf should be disabled. oval:org.secpod.oval:def:51290 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:51293 The squashfs Kernel Module should be disabled. oval:org.secpod.oval:def:51292 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:51295 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:51294 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:51296 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:51288 IPtables is an application that allows a system administrator to configure the IPv4 tables, chains and rules provided by the Linux kernel firewall. ufw was developed to ease IPtables firewall configuration. oval:org.secpod.oval:def:51287 The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed. oval:org.secpod.oval:def:51289 The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveInterval variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax variable is set, sshd will send client alive ... oval:org.secpod.oval:def:51240 The PermitUserEnvironment option allows users to present environment options to the ssh daemon. oval:org.secpod.oval:def:51242 There are several options available to limit which users and group can access the system via SSH. It is recommended that at least one of the following options be leveraged: AllowUsers The AllowUsers variable gives the system administrator the option of allowing specific users to ssh into the syste ... oval:org.secpod.oval:def:51241 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:51232 The passwords to remember should be set correctly. oval:org.secpod.oval:def:51235 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:51234 Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be configured to only process local mail. oval:org.secpod.oval:def:51236 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:51251 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:51250 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:51253 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:51252 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:51244 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:51243 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:51246 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:51245 The INFO parameter specifies that record login and logout activity will be logged. oval:org.secpod.oval:def:51248 The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections. oval:org.secpod.oval:def:51247 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:51249 The Set Password Warning Age should be set appropriately. oval:org.secpod.oval:def:73989 A default deny all policy on connections ensures that any unconfigured network usage will be rejected.With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to white list acceptable usage than to black list unacceptable usage. oval:org.secpod.oval:def:73990 A default deny all policy on connections ensures that any unconfigured network usage will be rejected.With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to white list acceptable usage than to black list unacceptable usage. oval:org.secpod.oval:def:51299 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:51298 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:51334 Access permission for '/etc/cron.monthly' is set to appropriate values. oval:org.secpod.oval:def:51336 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:51335 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user ... oval:org.secpod.oval:def:51337 Access permission for '/etc/cron.d' is set to appropriate values. oval:org.secpod.oval:def:51339 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:51342 The /etc/cron.daily directory contains system cron jobs that need to run on a daily basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user a ... oval:org.secpod.oval:def:51344 This directory contains system cron jobs that need to run on an hourly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user and group root ... oval:org.secpod.oval:def:51301 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:51300 The file /etc/securetty contains a list of valid terminals that may be logged in directly as root. oval:org.secpod.oval:def:51303 The kernel module hfs should be disabled. oval:org.secpod.oval:def:51302 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:51305 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:51304 File permission for '/etc/hosts.deny' is set to appropriate values. oval:org.secpod.oval:def:51307 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:51306 The /etc/hosts.allow file contains networking information that is used by many applications and therefore must be readable for these applications to operate. oval:org.secpod.oval:def:51309 The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is usually grub.cfg stored in /boot/grub. oval:org.secpod.oval:def:51308 The grub boot loader should have password protection enabled. oval:org.secpod.oval:def:51310 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:51311 Core dumps for all users should be disabled oval:org.secpod.oval:def:51313 The kernel module tipc should be disabled. oval:org.secpod.oval:def:51315 The kernel module rds should be disabled. oval:org.secpod.oval:def:51321 The kernel module sctp should be disabled. oval:org.secpod.oval:def:51323 The kernel module dccp should be disabled. oval:org.secpod.oval:def:51322 Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot machines from a boot server. The packages tftp and atftp are both used to define and support a TFTP server. oval:org.secpod.oval:def:51325 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:51327 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:73995 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:73996 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:69552 MAC algorithms being used during ssh can be limited by defining them in sshd_config file. oval:org.secpod.oval:def:69553 Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, this ability is called No Execute (NX), while on Intel processors it is called Execute Disable (XD). This ability can help prevent exploitation of buffer o ... oval:org.secpod.oval:def:69550 The contents of the file /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:69551 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudoers_log. Any time a command ... oval:org.secpod.oval:def:69554 UsePAM Enables the Pluggable Authentication Module interface. If set to yes this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types oval:org.secpod.oval:def:68689 The MaxSessions parameter specifies the maximum number of open sessions permitted from a given connection. Rationale: To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of s ... oval:org.secpod.oval:def:68690 The commands below change password encryption from md5 to sha512 (a much stronger hashing algorithm). All existing accounts will need to perform a password change to upgrade the stored hashes to the new algorithm. Rationale: The SHA-512 algorithm provides much stronger hashing than M ... oval:org.secpod.oval:def:68691 The usermod command can be used to specify which group the root user belongs to. This affects permissions of files that are created by the root user. Rationale: Using GID 0 for the root account helps prevent root-owned files from accidentally becoming accessible to non-privileged users. oval:org.secpod.oval:def:68694 The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. Rationale: If the /etc/motd file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading informa ... oval:org.secpod.oval:def:68695 The contents of the /etc/issue file are displayed to users prior to login for local terminals. Rationale: If the /etc/issue file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:68692 AppArmor profiles define what resources applications are able to access. oval:org.secpod.oval:def:68693 Ensure all apparmor profiles are in enforce or complain mode. Rationale: Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure that any p ... oval:org.secpod.oval:def:68698 The /etc/passwd file contains user account information that is used by many system utilities and therefore must be readable for these utilities to operate. Rationale: It is critical to ensure that the /etc/passwd file is protected from unauthorized write access. Although it is pro ... oval:org.secpod.oval:def:68699 The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. Rationale: If attackers can gain read access to the /etc/shadow file, they can easily run a pass ... oval:org.secpod.oval:def:68696 Rsyslog will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and ... oval:org.secpod.oval:def:68697 The /etc/gshadow file is used to store the information about groups that is critical to the security of those accounts, such as the hashed password and other security information Rationale: If attackers can gain read access to the /etc/gshadow file, they can easily run a password ... oval:org.secpod.oval:def:68658 The auditing daemon, auditd , stores log data in the /var/log/audit directory. Rationale: There are two important reasons to ensure that data gathered by auditd is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large ... oval:org.secpod.oval:def:68659 The /home directory is used to support disk storage needs of local users. Rationale: If the system is intended to support local users, create a separate partition for the /home directory to protect against resource exhaustion and restrict the type of files that can be stored und ... oval:org.secpod.oval:def:68656 The /var/log directory is used by system services to store log data. Rationale: There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data. oval:org.secpod.oval:def:68657 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. Rationale: sudo supports a plugin arch ... oval:org.secpod.oval:def:68661 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /dev/shm filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create special devices in /dev/shm partitions. oval:org.secpod.oval:def:68662 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them. oval:org.secpod.oval:def:68660 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:68665 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /tmp. oval:org.secpod.oval:def:68666 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /tmp. oval:org.secpod.oval:def:68663 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file system prevents users from executing programs from shared memory. This deters users from introducing potentially malicious software on the system. oval:org.secpod.oval:def:68664 The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making /tmp its own file system allows an administrator to set the noexec option on the mount, making /tmp useless for an attacker to install executable code. ... oval:org.secpod.oval:def:68654 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /var/tmp . oval:org.secpod.oval:def:68655 Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by manual selection from the bootloader. Rationale: Requiring authentication in single user mode (rescue mode) prevents an unauthorized user from rebooting the system into single user ... oval:org.secpod.oval:def:68653 USB storage provides a means to transfer and store files insuring persistence and availability of the files independent of network connection status. Its popularity and utility has led to USB-based malware being a simple and common means for network infiltration and a first step to establishing a pe ... oval:org.secpod.oval:def:68678 The telnet package contains the telnet client, which allows users to start connections to other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow an unauthorized user to steal cred ... oval:org.secpod.oval:def:68679 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. Rationale: If the system will not need to act as an LDAP client, it is recommended that the softw ... oval:org.secpod.oval:def:68680 A Firewall package should be selected. Most firewall configuration utilities operate as a front end to nftables or iptables. Rationale: A Firewall package is required for firewall management and configuration. oval:org.secpod.oval:def:68683 The /etc/hosts.deny file specifies which IP addresses are not permitted to connect to the host. It is intended to be used in conjunction with the /etc/hosts.allow file. Rationale: The /etc/hosts.deny file serves as a failsafe so that any host not specified in /etc/hosts.allow is denied a ... oval:org.secpod.oval:def:68684 Backlog limit represents the number of logs it will hold. Rationale: During boot if audit=1, then the backlog will hold specified number of records. If records more than are created during boot, auditd records will be lost and potential malicious activity could go undetected. oval:org.secpod.oval:def:68681 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occ ... oval:org.secpod.oval:def:68687 SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into ... oval:org.secpod.oval:def:68688 The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Rationale: To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartu ... oval:org.secpod.oval:def:68685 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:68686 The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the Grace period is the more open unauthenticated connections can exist. Like other session controls in this session the Grace Period should be limited to appropriate organizational li ... oval:org.secpod.oval:def:68669 The /var/tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Since the /var/tmp directory is intended to be world-writable, there is a risk of resource exhaustion if it is not bound to a separate partition. In additi ... oval:org.secpod.oval:def:68667 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp. oval:org.secpod.oval:def:68668 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. Rationale: Since the /var directory may contain world-writable files and directories, there is a risk of resource e ... oval:org.secpod.oval:def:68672 sudo can be configured to run only from a psuedo-pty. Rationale: Attackers can run a malicious program using sudo which would fork a background process that remains even when the main program has finished executing. oval:org.secpod.oval:def:68673 sudo can use a custom log file. Rationale: A sudo log file simplifies auditing of sudo commands. oval:org.secpod.oval:def:68670 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/tmp. oval:org.secpod.oval:def:68671 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var/tmp. oval:org.secpod.oval:def:68676 The eXtended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no xinetd servic ... oval:org.secpod.oval:def:68677 The inetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no inetd services required, it is recommended that the daemon be removed. oval:org.secpod.oval:def:68674 AppArmor provides Mandatory Access Controls. Rationale: Without a Mandatory Access Control system installed only the default Discretionary Access Control system will be available. oval:org.secpod.oval:def:68713 While no .rhosts files are shipped by default, users can easily create them. Rationale: This action is only meaningful if .rhosts support is permitted in the file /etc/pam.conf . Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf , they may have ... oval:org.secpod.oval:def:68714 The .netrc file contains data for logging into a remote host for file transfers via FTP. Rationale: The .netrc file presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrc files from ... oval:org.secpod.oval:def:68711 Users can be defined in /etc/passwd without a home directory or with a home directory that does not actually exist. Rationale: If the user's home directory does not exist or is unassigned, the user will be placed in "/" and will not be able to write any files or have local envir ... oval:org.secpod.oval:def:68712 While the system administrator can establish secure permissions for users' home directories, the users can easily override these. Rationale: Group or world-writable user home directories may enable malicious users to steal or modify other users' data or to gain another user's system ... oval:org.secpod.oval:def:68717 While the system administrator can establish secure permissions for users' .netrc files, the users can easily override these. Rationale: .netrcfiles may contain unencrypted passwords that may be used to attack other systems. oval:org.secpod.oval:def:68718 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. Rationale: If chrony is in use on the system proper configuration is vital to ensuring time synchroniza ... oval:org.secpod.oval:def:68715 The .forward file specifies an email address to forward the user's mail to. Rationale: Use of the .forward file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The .forward file also poses a risk as it can be used to execut ... oval:org.secpod.oval:def:68716 While the system administrator can establish secure permissions for users' "dot" files, the users can easily override these. Rationale: Group or world-writable user configuration files may enable malicious users to steal or modify other users' data or to gain another user's syste ... oval:org.secpod.oval:def:68719 Over time, system administration errors and changes can lead to groups being defined in /etc/passwd but not in /etc/group. Rationale: Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly ma ... oval:org.secpod.oval:def:68720 Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passwd file and change the UID field. Rationale: Users must be assigned unique UIDs for accountability and to ensure appropriate access pro ... oval:org.secpod.oval:def:68721 Although the groupadd program will not let you create a duplicate Group ID (GID), it is possible for an administrator to manually edit the /etc/group file and change the GID field. Rationale: User groups must be assigned unique GIDs for accountability and to ensure appropriate a ... oval:org.secpod.oval:def:68702 Log files stored in /var/log/ contain logged information from many services on the system, or on log hosts others as well. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. oval:org.secpod.oval:def:68703 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and h ... oval:org.secpod.oval:def:68700 The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else. Rationale: The /etc/group file needs to be protected from unauthorized changes by non-privileged users, but nee ... oval:org.secpod.oval:def:68701 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Rationale: If the /etc/issue.net file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:68706 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: The ... oval:org.secpod.oval:def:68707 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: Thes ... oval:org.secpod.oval:def:68704 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:68705 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: The ... oval:org.secpod.oval:def:68708 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. Rationale: Any users assigned to the shadow group would be granted read access to the /etc/shadow file. If attackers can gain re ... oval:org.secpod.oval:def:68709 Any account with UID 0 has superuser privileges on the system. Rationale: This access must be limited to only the default root account and only from the system console. Administrative access must be through an unprivileged account using an approved mechanism as noted in Item 5.6 ... oval:org.secpod.oval:def:68710 An account with an empty password field means that anybody may log in as that user without providing a password. Rationale: All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:68735 The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files. Rationale: FTP does not protect the confidentiality of data or authentication credentials. It is recommended SFTP be used if file transfer is required. Unless there is a need to run t ... oval:org.secpod.oval:def:68736 The nftables service allows for the loading of nftables rulesets during boot, or starting of the nftables service. Rationale: The nftables service restores the nftables rules from the rules files referenced in the /etc/sysconfig/nftables.conf file during boot or the starting of th ... oval:org.secpod.oval:def:68733 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. Rationale: If ... oval:org.secpod.oval:def:68734 The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses. Rationale: Unless a system is specifically set up to act as a DHCP server, it is recommended that this service be deleted to reduce the potential attack surface ... oval:org.secpod.oval:def:68739 Turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring. oval:org.secpod.oval:def:68737 The cron daemon is used to execute batch jobs on the system. Rationale: While there may not be user jobs that need to be run on the system, the system does have maintenance jobs that may include security monitoring that have to run, and cron is used to execute them. oval:org.secpod.oval:def:68738 Once the rsyslog package is installed it needs to be activated. Rationale: If the rsyslog service is not activated the system may default to the syslogd service or lack logging instead. oval:org.secpod.oval:def:68742 Squid is a standard proxy server used in many distributions and environments. Rationale: If there is no need for a proxy server, it is recommended that the squid proxy be deleted to reduce the potential attack surface. oval:org.secpod.oval:def:68743 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. Rationale: If the system will not need to act as an LDAP server, it is recommended that the softw ... oval:org.secpod.oval:def:68740 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. The NIS client ( ypbind ) was used to bind a machine to an NIS server and receive the distributed configuration files. Ration ... oval:org.secpod.oval:def:68741 The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network. Rationale: Unless a system is specifically designated to act as a DNS server, it is recommended that the package be dele ... oval:org.secpod.oval:def:68724 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. The nftables service reads the /etc/nftables.conf file for a nftables file or files to include in the nftables ruleset. A nftables ruleset containing the input, forward, and outp ... oval:org.secpod.oval:def:68725 Data from journald may be stored in volatile memory or persisted locally on the server. Utilities exist to accept remote export of journald logs, however, use of the rsyslog service provides a consistent means of log collection and export. Rationale: Storing log data on a remote ho ... oval:org.secpod.oval:def:68722 Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name. Rationale: If a user is assigned a duplicate user name, it will create and have access to files with the ... oval:org.secpod.oval:def:68723 Although the groupadd program will not let you create a duplicate group name, it is possible for an administrator to manually edit the /etc/group file and change the group name. Rationale: If a group is assigned a duplicate group name, it will create and have access to files with ... oval:org.secpod.oval:def:68728 autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. RAtionale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themse ... oval:org.secpod.oval:def:68729 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:68726 The journald system includes the capability of compressing overly large files to avoid filling up the system with logs or making the logs unmanageably large. Rationale: Uncompressed large files may unexpectedly fill a filesystem leading to resource unavailability. Compressing log ... oval:org.secpod.oval:def:68727 Data from journald may be stored in volatile memory or persisted locally on the server. Logs in memory will be lost upon a system reboot. By persisting logs to local disk on the server they are protected from loss. Rationale: Writing log data to disk will provide the ability to fo ... oval:org.secpod.oval:def:68731 The rsyncd service can be used to synchronize files between systems over network links. Rationale: The rsyncd service presents a security risk as it uses unencrypted protocols for communication. oval:org.secpod.oval:def:68732 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:68730 The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system. Rationale: The SNMP server can communicate using SNMP v1, w ... oval:org.secpod.oval:def:68746 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. Rationale: Time synchronization is important to support time sens ... oval:org.secpod.oval:def:68747 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion. oval:org.secpod.oval:def:68744 HTTP or web servers provide the ability to host web site content. Rationale: Unless there is a need to run the system as a web server, it is recommended that the package be deleted to reduce the potential attack surface. oval:org.secpod.oval:def:68745 Dovecot is an open source mail submission and transport server for Linux based systems. Rationale: Unless mail transport services are to be provided by this system, it is recommended that the service be disabled or deleted to reduce the potential attack surface. Note: Several ... oval:org.secpod.oval:def:68748 All users should have a password change date in the past. Rationale: If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:68749 The default TMOUT determines the shell timeout for users. The TMOUT value is measured in seconds. Rationale: Having no timeout value associated with a shell could allow an unauthorized user access to another user's shell session (e.g. user walks away from their computer and doesn' ... oval:org.secpod.oval:def:68750 The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network. The rpcbind service maps Remote Procedure Call (RPC) services to the ports on wh ... oval:org.secpod.oval:def:96076 All password hashes should be shadowed. oval:org.secpod.oval:def:96075 This test makes sure that '/etc/gshadow' has appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:708135 linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems - linux-raspi2: Linux kernel for Raspberry Pi systems The system could be made to run programs as an administrator. oval:org.secpod.oval:def:708124 linux-aws: Linux kernel for Amazon Web Services systems - linux-aws-hwe: Linux kernel for Amazon Web Services systems The system could be made to run programs as an administrator. oval:org.secpod.oval:def:708117 linux-ibm-5.4: Linux kernel for IBM cloud systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors The system could be made to run programs as an administrator. oval:org.secpod.oval:def:89902 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:707742 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:705618 apache-log4j1.2: Java-based open-source logging tool Apache Log4j could be made to remotely execute arbitrary code if it received specially crafted log data. oval:org.secpod.oval:def:706277 apache-log4j1.2: Java-based open-source logging tool Apache Log4j 1.2 could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:706147 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK. oval:org.secpod.oval:def:706017 pillow: Python Imaging Library Pillow could be made to crash or hang if it opened a specially crafted file. oval:org.secpod.oval:def:1901675 Directory Traversal vulnerability in salt-common-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. oval:org.secpod.oval:def:1901680 SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-common-api. oval:org.secpod.oval:def:706004 flatpak: Application deployment framework for desktop apps A Flatpak application could access files that it would not normally be permitted to access. oval:org.secpod.oval:def:1901880 An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block "/" characters in the gplot rootname argument potentially leading to path traversal and arbitrary file overwrite. oval:org.secpod.oval:def:1901887 Leptonica through 1.75.3 uses hardcoded /tmp pathnames which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. oval:org.secpod.oval:def:1901883 An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input can overflow a buffer leading potentially to arbitrary code execution or possibly unspecified other impact. oval:org.secpod.oval:def:704820 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:51262 Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected. oval:org.secpod.oval:def:68675 Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. Rationale: AppArmor must be enabled at boot time in your bootloader configuration to ensure that the controls it provides are not overridden. Note: This re ... oval:org.secpod.oval:def:704442 haproxy: fast and reliable load balancing reverse proxy Several security issues were fixed in HAProxy. oval:org.secpod.oval:def:708089 libreoffice: Office productivity suite LibreOffice could be made to run arbitrary code if an empty entry to the java class path is configured. oval:org.secpod.oval:def:707788 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:705310 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:705514 dbus: simple interprocess messaging system DBus could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:705085 ansible: Configuration management, deployment, and task execution system Several security issues were fixed in Ansible. oval:org.secpod.oval:def:1902120 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:1901106 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:76194 bluez: Bluetooth tools and daemons Several security issues were fixed in BlueZ. oval:org.secpod.oval:def:708444 libssh2: Client-side C library implementing the SSH2 protocol libssh2 could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705633 util-linux: miscellaneous system utilities util-linux could be made to run programs when performing bash completion. oval:org.secpod.oval:def:708110 cloud-init: initialization and customization tool for cloud instances cloud-init could write sensitive information to logs. oval:org.secpod.oval:def:706099 c-ares: library for asynchronous name resolution c-ares could be made to return wrong domains. oval:org.secpod.oval:def:707777 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:1900156 In Apache libbatik-java 1.x before 1.10, when deserializing subclass of`AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.Fix was to check the class type before calling newInstance in deserialization. oval:org.secpod.oval:def:96539 A space-separated list of NTP server host names or IP addresses. During runtime this list is combined with any per-interface NTP servers acquired from systemd-networkd.service(8). systemd-timesyncd will contact all configured system or per-interface servers in turn, until one responds. When the empt ... oval:org.secpod.oval:def:96540 /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted) can access. Mounting tmpfs at /dev/shm is handled automatically by systemd. Rationale: Any user can upload and execute files inside the /dev/shm similar to the /tmp parti ... oval:org.secpod.oval:def:96541 The permissions on /boot/grub/grub.cfg are changed to 444 when grub.cfg is updated by the update-grub command Rationale: Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may ... oval:org.secpod.oval:def:96542 The /tmp directory is a world-writable directory used for temporary storage by all users and some applications Rationale: Making /tmp its own file system allows an administrator to set the noexec option on the mount, making /tmp useless for an attacker to install executable code. It would also preve ... oval:org.secpod.oval:def:96543 Ensure only strong Key Exchange algorithms are used oval:org.secpod.oval:def:96544 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. The disable-user-list option controls is a list of users is displayed on the login screen. Rationale: Displaying the user list eliminates half of the Userid/Password equation that an unauthorized ... oval:org.secpod.oval:def:96545 X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays Rationale: XDMCP is inherently insecure. 1. XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a ... oval:org.secpod.oval:def:51266 Monitor the use of system calls associated with the deletion or renaming of files and file attributes. This configuration statement sets up monitoring for the unlink (remove a file), unlinkat (remove a file attribute), rename (rename a file) and renameat (rename a file attribute) system calls and ta ... oval:org.secpod.oval:def:51317 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:708155 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1901789 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. oval:org.secpod.oval:def:707818 freerdp2: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:707625 dovecot: IMAP and POP3 email server Dovecot could allow unintended access to network services. oval:org.secpod.oval:def:707628 git: fast, scalable, distributed revision control system Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. oval:org.secpod.oval:def:707819 expat: XML parsing C library Details: USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Ubuntu 18.04 LTS. We a ... oval:org.secpod.oval:def:82612 It was discovered that OpenJDK incorrectly computed exponentials. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17. oval:org.secpod.oval:def:706275 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could be made to execute arbitrary code if it received a specially crafted XML or HTML file. oval:org.secpod.oval:def:706262 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:74375 postgresql-10: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1901129 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle-dev handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases ... oval:org.secpod.oval:def:705636 samba: SMB/CIFS file, print, and login server for Unix Samba would allow unintended access to files over the network. oval:org.secpod.oval:def:705735 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1901777 mod_auth_digest access control bypass oval:org.secpod.oval:def:1901779 mod_http2, read-after-free on a string compare oval:org.secpod.oval:def:1901778 Apache HTTP Server privilege escalation from modules" scripts oval:org.secpod.oval:def:1901780 mod_http2, possible crash on late upgrade oval:org.secpod.oval:def:1901781 Apache httpd URL normalization inconsistincy oval:org.secpod.oval:def:1900125 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread clean ing up that in colibming-dev data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:704065 apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:54094 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:58421 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:1900079 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:708120 python-django: High-level Python web development framework A Django hardening measure could be bypassed. oval:org.secpod.oval:def:705739 python-cryptography: Cryptography Python library python-cryptography could be made to expose sensitive information over the network. oval:org.secpod.oval:def:49231 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704291 openjdk-lts: Java runtime based on OpenJDK Several security issues were fixed in OpenJDK 10. oval:org.secpod.oval:def:45754 Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. oval:org.secpod.oval:def:706184 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:706148 linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704368 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704361 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server X.Org X server could be made to overwrite files as the administrator. oval:org.secpod.oval:def:704336 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:704322 lcms2: Little CMS color management library Several security issues were fixed in Little CMS. oval:org.secpod.oval:def:704312 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ... oval:org.secpod.oval:def:46321 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:704926 libpng1.6: PNG file library libpng be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1901444 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:704900 openjdk-lts: Open Source Java implementation Java applets or applications could be made to expose sensitive information. oval:org.secpod.oval:def:50967 In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. oval:org.secpod.oval:def:46446 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:704874 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1900085 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:705096 openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK 11. oval:org.secpod.oval:def:705057 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:704185 libpng1.6: PNG library - development - libpng: PNG file library Several security issues were fixed in libpng. oval:org.secpod.oval:def:1901934 [Crafted null dereference attack in authenticated mode 6 packet] oval:org.secpod.oval:def:704151 libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704134 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:705461 edk2: UEFI firmware for 64-bit x86 virtual machines Several security issues were fixed in edk2. oval:org.secpod.oval:def:1901902 png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. oval:org.secpod.oval:def:59839 sqlite3: C library that implements an SQL database engine Several security issues were fixed in SQLite. oval:org.secpod.oval:def:704957 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704940 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:85705 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:708211 linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-aws-5.4: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708207 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:708206 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle ... oval:org.secpod.oval:def:706401 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:708194 linux-oracle: Linux kernel for Oracle Cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707851 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708153 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-aws-hwe: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707650 linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-gcp-5.4: Linux kernel for Google Cloud Platform systems - linux-gke-5.4: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708097 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:708095 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:706404 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Go ... oval:org.secpod.oval:def:706394 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-kvm: Linux kernel for cloud environments - linux-snapdragon: Linux kernel for Qualcomm Snap ... oval:org.secpod.oval:def:706371 linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-aws-hwe: Linux kernel for Amazon Web Services systems The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:707767 linux-aws-5.4: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707763 linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707762 linux-gcp: Linux kernel for Google Cloud Platform systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705692 linux-gke-5.0: Linux kernel for Google Container Engine systems - linux-gke-5.3: Linux kernel for Google Container Engine systems - linux-hwe: Linux hardware enablement kernel - linux-oem-osp1: Linux kernel for OEM systems - linux-raspi2-5.3: Linux kernel for Raspberry Pi systems Several securit ... oval:org.secpod.oval:def:708011 linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707154 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-ibm: Linux kernel for IBM c ... oval:org.secpod.oval:def:706426 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gcp-5.13: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Google Container E ... oval:org.secpod.oval:def:706410 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-azure: Linux kernel for Microsoft Azure Cloud sys ... oval:org.secpod.oval:def:707883 heimdal: Heimdal Kerberos Network Authentication Protocol Several security issues were fixed in Heimdal. oval:org.secpod.oval:def:82611 Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. oval:org.secpod.oval:def:705616 libxmlrpc3-java: XML-RPC implementation in Java Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server. oval:org.secpod.oval:def:706113 mongodb: Document-oriented database MongoDB could provide unintended access. oval:org.secpod.oval:def:704418 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1901874 Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e in the image path as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. oval:org.secpod.oval:def:86997 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:704080 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:705912 python3.8: Interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-or ... oval:org.secpod.oval:def:707627 xorg-server: X.Org X11 server - xwayland: Xwayland X server - xorg-server-hwe-18.04: X.Org X11 server Several security issues were fixed in X.Org X Server. oval:org.secpod.oval:def:705434 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705423 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:705056 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:708119 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:704837 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:1901815 An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard librar ... oval:org.secpod.oval:def:705746 netqmail: a secure, reliable, efficient, simple message transfer agent netqmail could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:705566 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:57565 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:59843 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:707679 rsync: fast, versatile, remote file-copying tool rsync could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:708208 cups: Common UNIX Printing System CUPS could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:708149 openjdk-17: Open Source Java implementation - openjdk-20: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704203 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704330 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security i ... oval:org.secpod.oval:def:704305 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704088 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors The ... oval:org.secpod.oval:def:704457 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704120 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704118 libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt. oval:org.secpod.oval:def:1900768 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:62226 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:86927 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:89580 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:705733 openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:708158 runc: Open Container Project Several security issues were fixed in runC. oval:org.secpod.oval:def:706141 linux-hwe-5.4: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:706130 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:707144 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Go ... oval:org.secpod.oval:def:707142 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi syste ... oval:org.secpod.oval:def:706212 linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-oracle: Linux kernel for Oracle Cloud systems - linux-gke-5.4: Linux kernel for Google Container Engine systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:706207 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:706208 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:706022 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:705995 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:705245 exiv2: EXIF/IPTC/XMP metadata manipulation tool Exiv2 could be made to crash if it received a specially crafted file. oval:org.secpod.oval:def:75795 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:704434 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:704181 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:706191 linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Google Container Engine systems - linux-oracle: Linux kernel for Oracle Cloud systems ... oval:org.secpod.oval:def:706188 linux: Linux kernel - linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-kvm: Linux kernel for cloud environments - linux-gcp-5.4: Linux kernel for Google Cloud Platform systems - linux-hwe-5.4: Linux hardware enablement kernel Several security issues were fixed in the Linux kern ... oval:org.secpod.oval:def:706162 linux-raspi2: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:706160 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:705697 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud sys ... oval:org.secpod.oval:def:705694 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux k ... oval:org.secpod.oval:def:705707 linux-oem-osp1: Linux kernel for OEM systems - linux-raspi2-5.3: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705180 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - ... oval:org.secpod.oval:def:705157 linux: Linux kernel - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-azure: Linux kernel for Microsoft Azure Cloud systems ... oval:org.secpod.oval:def:705155 linux-aws: Linux kernel for Amazon Web Services systems - linux-aws-hwe: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705271 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:705250 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke-4.15: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - lin ... oval:org.secpod.oval:def:705247 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke-5.0: Linux kernel for Google Container Engine systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:61659 Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. oval:org.secpod.oval:def:61667 Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service . oval:org.secpod.oval:def:704951 libvirt: Libvirt virtualization toolkit Several issues were addressed in libvirt. oval:org.secpod.oval:def:704959 intel-microcode: Processor microcode for Intel CPUs Details: USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry ... oval:org.secpod.oval:def:704947 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704948 qemu: Machine emulator and virtualizer Several issues were addressed in QEMU. oval:org.secpod.oval:def:704972 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705154 linux: Linux kernel - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - ... oval:org.secpod.oval:def:705100 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:1902098 A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. oval:org.secpod.oval:def:1902094 Exposed suppressed username or log in Special:EditTags. oval:org.secpod.oval:def:1902097 Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table. oval:org.secpod.oval:def:1900038 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman keyexchange, ... oval:org.secpod.oval:def:1902136 Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. oval:org.secpod.oval:def:1902103 Exposed suppressed log in RevisionDelete page. oval:org.secpod.oval:def:1902105 Privileged API responses that include whether a recent change has been patrolled may be cached publicly. oval:org.secpod.oval:def:1902104 It is possible to bypass the limits on IP range blocks by using the API. oval:org.secpod.oval:def:1902101 Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. oval:org.secpod.oval:def:1902100 An account can be logged out without using a token oval:org.secpod.oval:def:1902108 Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users" loading that script. oval:org.secpod.oval:def:1901438 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. oval:org.secpod.oval:def:705082 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-s ... oval:org.secpod.oval:def:1901995 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. oval:org.secpod.oval:def:1901991 In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. oval:org.secpod.oval:def:1901982 In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. oval:org.secpod.oval:def:1901986 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. oval:org.secpod.oval:def:1901988 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. oval:org.secpod.oval:def:704283 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ... oval:org.secpod.oval:def:704807 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ... oval:org.secpod.oval:def:704808 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704390 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ... oval:org.secpod.oval:def:704491 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704478 linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in th ... oval:org.secpod.oval:def:704470 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704469 linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704427 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ... oval:org.secpod.oval:def:704865 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704866 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ... oval:org.secpod.oval:def:704143 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ... oval:org.secpod.oval:def:704945 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704289 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:704345 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository. oval:org.secpod.oval:def:704107 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:706045 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:704131 amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704125 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:1900805 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. oval:org.secpod.oval:def:1901278 Expat allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. oval:org.secpod.oval:def:1901383 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-201 ... oval:org.secpod.oval:def:705648 freeimage: Support library for graphics image formats Several security issues were fixed in FreeImage. oval:org.secpod.oval:def:707659 openjdk-17: Open Source Java implementation - openjdk-18: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705017 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - li ... oval:org.secpod.oval:def:89581 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:705441 openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:708102 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Dnsmasq could cause transmission reliability issues when sending large DNS messages. oval:org.secpod.oval:def:708151 libwebp: Lossy compression of digital photographic images libwebp could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:708145 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:708147 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:708133 sqlparse: documentation for non-validating SQL parser in Python SQL parse could be made to denial of service if it received a specially crafted regular expression. oval:org.secpod.oval:def:708006 linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708098 linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708063 linux-gcp-4.15: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708059 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi systems Several s ... oval:org.secpod.oval:def:707850 linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707813 linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707815 linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Google Container Engine systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux ... oval:org.secpod.oval:def:707806 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi systems - linux-s ... oval:org.secpod.oval:def:707807 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-ibm: Linux kernel for IBM c ... oval:org.secpod.oval:def:708026 linux-ibm: Linux kernel for IBM cloud systems - linux-ibm-5.4: Linux kernel for IBM cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708020 linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708013 linux-gcp-5.4: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:707723 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-gkeop: Linux kernel for Google Container Engine systems - linux-ibm: Linux kernel for I ... oval:org.secpod.oval:def:707726 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:707778 pillow: Python Imaging Library Details: USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. Original advisory An incomplete fix was discovered in Pillow. oval:org.secpod.oval:def:706278 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:708087 chromium-browser: Chromium web browser, open-source version of Chrome Several security issues were fixed in Chromium. oval:org.secpod.oval:def:708103 golang-1.18: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:708128 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:85309 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:85076 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:707693 curl: HTTP, HTTPS, and FTP client and client libraries curl could be denied access to a HTTP content if it recieved a specially crafted cookie. oval:org.secpod.oval:def:707873 w3m: WWW browsable pager with excellent tables/frames support w3m could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:707680 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:706021 lz4: Extremely fast compression algorithm LZ4 could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1901193 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:1902041 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. oval:org.secpod.oval:def:1902027 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:1902030 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:705282 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1901753 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. oval:org.secpod.oval:def:1901766 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. oval:org.secpod.oval:def:1900108 In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x360x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails.Remote attack ... oval:org.secpod.oval:def:1900084 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901561 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. oval:org.secpod.oval:def:704155 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:704122 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:47878 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1900170 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.cin GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:62298 libgd2: Open source code library for the dynamic creation of images Several security issues were fixed in GD Graphics Library. oval:org.secpod.oval:def:708127 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Details: USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to f ... oval:org.secpod.oval:def:708121 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:706190 libcaca: text mode graphics utilities libcaca could be made to crash if it received a specially crafted image. oval:org.secpod.oval:def:67763 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:707652 net-snmp: SNMP server and applications Several security issues were fixed in Net-SNMP. oval:org.secpod.oval:def:708099 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:708118 libzen: ZenLib C++ utility library -- development files ZenLib could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:708060 linux-aws-5.4: Linux kernel for Amazon Web Services systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform systems - linux-hwe-5.4: Linux hardware enablement kernel - linux-ibm-5.4: Linux kernel for IBM cloud systems - lin ... oval:org.secpod.oval:def:706164 linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:706156 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Google Container Engine systems - linux-gkeop: Linux kernel for Goo ... oval:org.secpod.oval:def:706151 linux-raspi2: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:706144 linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:706135 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud syst ... oval:org.secpod.oval:def:61671 It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service . oval:org.secpod.oval:def:68052 zeromq3: lightweight messaging kernel ZeroMQ could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704987 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-meta: - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud system ... oval:org.secpod.oval:def:704988 linux-hwe: Linux hardware enablement kernel A system hardening measure could be bypassed. oval:org.secpod.oval:def:1901693 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happ ... oval:org.secpod.oval:def:1901536 memory-based DoS in libtiff-tools2bw oval:org.secpod.oval:def:1901285 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:1900013 An issue was discovered in NumPy 1.16.0 and earlier. It uses the picklePython module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. oval:org.secpod.oval:def:1900150 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:704319 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704300 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704461 linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1901241 TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. oval:org.secpod.oval:def:704126 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704121 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704112 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705174 expat: XML parsing C library Expat could be made to expose sensitive information if it received a specially crafted XML file. oval:org.secpod.oval:def:705251 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1901123 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900806 swt/motif/browser.c in White_dune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901841 ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ... oval:org.secpod.oval:def:1900970 ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco3-dev 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a c ... |
