Download
| Alert*
oval:org.secpod.oval:def:704914
Ubuntu 19.04 is installed oval:org.secpod.oval:def:1902121 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. oval:org.secpod.oval:def:1901914 ARM Trusted Firmware-A allows information disclosure. oval:org.secpod.oval:def:1901918 utils/find-opencv.js in node-opencv prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. oval:org.secpod.oval:def:1901946 treeRead in hdf/btree.c in libmysofa0 before 0.7 does not properly validate multiplications and additions. oval:org.secpod.oval:def:1902026 An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service via a malformed file. oval:org.secpod.oval:def:1901925 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in aft ... oval:org.secpod.oval:def:1901919 A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. oval:org.secpod.oval:def:1902045 In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. oval:org.secpod.oval:def:54573 aria2: High speed command-line download utility aria2 stores authentication information in plain text. oval:org.secpod.oval:def:1901912 An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator we ... oval:org.secpod.oval:def:705169 systemd: system and service manager Details: USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4120-1 cause ... oval:org.secpod.oval:def:1901920 In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. oval:org.secpod.oval:def:1901956 The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted MPEG-4 video data. oval:org.secpod.oval:def:54575 ffmpeg: Tools for transcoding, streaming and playing of multimedia files FFmpeg could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:705105 bwa: Software package for mapping DNA sequences against a large reference genome BWA could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1902000 Cross-site scripting vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. oval:org.secpod.oval:def:1902006 The mad_bit_skip function in bit.c in Underbit MAD libmad0-dev 0.15.1b allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:1901999 The mad_layer_III function in layer3.c in Underbit MAD libmad0-dev 0.15.1b allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. oval:org.secpod.oval:def:1901998 The mad_layer_III function in layer3.c in Underbit MAD libmad0-dev 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:704913 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:1902046 mis-handling of non-ASCII characters in guest comment fields oval:org.secpod.oval:def:55204 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. oval:org.secpod.oval:def:55190 Once the rsyslog package is installed it needs to be activated. If the rsyslog service is not activated the system will not have a syslog service running oval:org.secpod.oval:def:55119 The INFO parameter specifies that record login and logout activity will be logged. oval:org.secpod.oval:def:55205 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:55208 Access permission for '/etc/cron.monthly' is set to appropriate values. oval:org.secpod.oval:def:55184 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:55216 The /etc/cron.daily directory contains system cron jobs that need to run on a daily basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user a ... oval:org.secpod.oval:def:55191 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:55202 time is a network service that responds with the server's current date and time as a 32 bit integer. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:55179 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:55194 The eXtended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. oval:org.secpod.oval:def:55165 The kernel module udf should be disabled. oval:org.secpod.oval:def:55127 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:55112 The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system. oval:org.secpod.oval:def:55126 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:55211 Access permission for '/etc/cron.d' is set to appropriate values. oval:org.secpod.oval:def:55176 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:55114 The PermitUserEnvironment option allows users to present environment options to the ssh daemon. oval:org.secpod.oval:def:55138 Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribu ... oval:org.secpod.oval:def:55106 The passwords to remember should be set correctly. oval:org.secpod.oval:def:55170 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:55215 Dovecot is an open source IMAP and POP3 server for Linux based systems. oval:org.secpod.oval:def:55195 The kernel module sctp should be disabled. oval:org.secpod.oval:def:55167 The squashfs Kernel Module should be disabled. oval:org.secpod.oval:def:55108 Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be configured to only process local mail. oval:org.secpod.oval:def:55175 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:55133 Monitor changes to file permissions, attributes, ownership and group. The parameters in this section track changes for system calls that affect file permissions and attributes. The chmod, fchmod and fchmodat system calls affect the permissions associated with a file. The chown, fchown, fchownat and ... oval:org.secpod.oval:def:55125 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:55101 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:55156 The DPKG package 'rsyslog' should be installed. oval:org.secpod.oval:def:55147 Set system audit so that audit rules cannot be modified with auditctl. Setting the flag "-e 2" forces audit to be put in immutable mode. Audit changes can only be made on system reboot. In immutable mode, unauthorized users cannot execute changes to the audit system to potentially hide malicious ac ... oval:org.secpod.oval:def:55159 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:55197 The kernel module dccp should be disabled. oval:org.secpod.oval:def:55143 By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on the specified TCP port. The guidance in the section ensures ... oval:org.secpod.oval:def:55187 The kernel module tipc should be disabled. oval:org.secpod.oval:def:55158 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:55162 IPtables is an application that allows a system administrator to configure the IPv4 tables, chains and rules provided by the Linux kernel firewall. ufw was developed to ease IPtables firewall configuration. oval:org.secpod.oval:def:55193 The Berkeley rsh-server (rsh, rlogin, rcp) package contains legacy services that exchange credentials in clear-text. oval:org.secpod.oval:def:55107 The rsyncd service can be used to synchronize files between systems over network links. oval:org.secpod.oval:def:55113 Squid is a standard proxy server used in many distributions and environments. oval:org.secpod.oval:def:55180 The /etc/hosts.allow file contains networking information that is used by many applications and therefore must be readable for these applications to operate. oval:org.secpod.oval:def:55210 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:55148 Monitor the loading and unloading of kernel modules. The programs insmod (install a kernel module), rmmod (remove a kernel module), and modprobe (a more sophisticated program to load and unload modules, as well as some other features) control loading and unloading of modules. The init_module (load a ... oval:org.secpod.oval:def:55122 The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections. oval:org.secpod.oval:def:55116 There are several options available to limit which users and group can access the system via SSH. It is recommended that at least one of the following options be leveraged: AllowUsers The AllowUsers variable gives the system administrator the option of allowing specific users to ssh into the syste ... oval:org.secpod.oval:def:55097 The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the pam_cracklib.so options. * retr ... oval:org.secpod.oval:def:55102 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:55135 Capture events where the system date and/or time has been modified. The parameters in this section are set to determine if the adjtimex (tune kernel clock), settimeofday (Set time, using timeval and timezone structures) stime (using seconds since 1/1/1970) or clock_settime (allows for the setting of ... oval:org.secpod.oval:def:55142 The prelinking feature changes binaries in an attempt to decrease their startup time. oval:org.secpod.oval:def:55105 File permission for '/etc/ssh/sshd_config' is set to appropriate values. oval:org.secpod.oval:def:55169 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:55149 The talk software makes it possible for users to send and receive messages across systems through a terminal session. oval:org.secpod.oval:def:55203 discard is a network service that responds to clients with the data sent to it by the client. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:55134 Monitor session initiation events. The parameters in this section track changes to the files associated with session events. The file /var/run/utmp file tracks all currently logged in users. The /var/log/wtmp file tracks logins, logouts, shutdown and reboot events. All audit records will be tagged w ... oval:org.secpod.oval:def:55213 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:55181 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:55172 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:55099 The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else. oval:org.secpod.oval:def:55100 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:55157 TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that can support tcp wrappers ... oval:org.secpod.oval:def:55140 Monitor the use of system calls associated with the deletion or renaming of files and file attributes. This configuration statement sets up monitoring for the unlink (remove a file), unlinkat (remove a file attribute), rename (rename a file) and renameat (rename a file attribute) system calls and ta ... oval:org.secpod.oval:def:55117 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:55183 The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is usually grub.cfg stored in /boot/grub. oval:org.secpod.oval:def:55120 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:55218 This directory contains system cron jobs that need to run on an hourly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user and group root ... oval:org.secpod.oval:def:55160 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:55186 The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME. oval:org.secpod.oval:def:55155 The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server. oval:org.secpod.oval:def:55154 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. oval:org.secpod.oval:def:55173 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:55141 Monitor the use of the mount system call. The mount (and umount) system call controls the mounting and unmounting of file systems. The parameters below configure the system to create an audit record when the mount system call is used by a non-privileged user. It is highly unusual for a non privileg ... oval:org.secpod.oval:def:55189 The kernel module rds should be disabled. oval:org.secpod.oval:def:55178 File permission for '/etc/hosts.deny' is set to appropriate values. oval:org.secpod.oval:def:55161 The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed. oval:org.secpod.oval:def:55103 The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root. oval:org.secpod.oval:def:55177 The kernel module hfs should be disabled. oval:org.secpod.oval:def:55166 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:55144 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. oval:org.secpod.oval:def:55209 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user ... oval:org.secpod.oval:def:55096 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:55150 The rsh package contains the client commands for the rsh services. oval:org.secpod.oval:def:55145 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log. Any time a command is ... oval:org.secpod.oval:def:55152 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:55200 The cron daemon is used to execute batch jobs on the system. oval:org.secpod.oval:def:55206 echo is a network service that responds to clients with the data sent to it by the client. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:55094 The Set Lockout Time For Failed Password Attempts should be set correctly. oval:org.secpod.oval:def:55121 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:55207 daytime is a network service that responds with the server's current date and time. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:55109 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:55198 Implement periodic file checking, in compliance with site policy. oval:org.secpod.oval:def:55164 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:55115 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:55185 Core dumps for all users should be disabled oval:org.secpod.oval:def:55139 Monitor for unsuccessful attempts to access files. The parameters below are associated with system calls that control creation (creat), opening (open, openat) and truncation (truncate, ftruncate) of files. An audit log record will only be written if the user is a nonprivileged user (auid > = 500), i ... oval:org.secpod.oval:def:55196 Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot machines from a boot server. The packages tftp and atftp are both used to define and support a TFTP server. oval:org.secpod.oval:def:55168 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:55192 The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initiate of talk sessions) is installed by default. oval:org.secpod.oval:def:55118 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:55111 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Small Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:55124 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:55104 The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root. oval:org.secpod.oval:def:55199 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:55110 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:55153 The DPKG package 'aide' should be installed. oval:org.secpod.oval:def:55188 chargen is a network service that responds with 0 to 512 ASCII characters for each connection it receives. This service is intended for debugging and testing purposes. It is recommended that this service be disabled. oval:org.secpod.oval:def:55217 The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files. oval:org.secpod.oval:def:55151 The DPKG package 'xserver-xorg-core' should be removed. oval:org.secpod.oval:def:55130 The auditd daemon can be configured to halt the system when the audit logs are full. In high security contexts, the risk of detecting unauthorized access or nonrepudiation exceeds the benefit of the system's availability. space_left_action, action_mail_acct and admin_space_left_action setting in / ... oval:org.secpod.oval:def:55131 Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The file /var/log/tallylog maintains ... oval:org.secpod.oval:def:55214 The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses. oval:org.secpod.oval:def:55136 Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup. Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected. oval:org.secpod.oval:def:55123 The Set Password Warning Age should be set appropriately. oval:org.secpod.oval:def:55212 The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network. oval:org.secpod.oval:def:55128 The accounts should be configured to expire automatically following Inactivity accounts. oval:org.secpod.oval:def:55182 The grub boot loader should have password protection enabled. oval:org.secpod.oval:def:55129 Normally, auditd will hold 4 logs of maximum log file size before deleting older log files. In high security contexts, the benefits of maintaining a long audit history exceed the cost of storing the audit history. max_log_file_action setting in /etc/audit/auditd.conf is set to at least a certain v ... oval:org.secpod.oval:def:55146 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:55174 The file /etc/securetty contains a list of valid terminals that may be logged in directly as root. oval:org.secpod.oval:def:55163 The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveInterval variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax variable is set, sshd will send client alive ... oval:org.secpod.oval:def:55171 Install and turn on the auditd daemon to record system events. The capturing of system events provides system administrators with information to allow them to determine if unauthorized access to their system is occurring oval:org.secpod.oval:def:55095 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:55137 Record changes to network environment files or system calls. The below parameters monitor the sethostname (set the systems host name) or setdomainname (set the systems domainname) system calls, and write an audit event on system call exit. The other parameters monitor the /etc/issue and /etc/issue.n ... oval:org.secpod.oval:def:55098 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:55132 Monitor SELinux mandatory access controls. The parameters below monitor any write access (potential additional, deletion or modification of files in the directory) or attribute changes to the /etc/selinux directory. Changes to files in this directory could indicate that an unauthorized user is atte ... oval:org.secpod.oval:def:55201 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:1902007 The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the HESIOD_CONFIG or HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. oval:org.secpod.oval:def:1901997 The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. oval:org.secpod.oval:def:59742 libjpeg-turbo: library for handling JPEG files Several security issues were fixed in libjpeg-turbo. oval:org.secpod.oval:def:1901909 When Eclipse Mosquitto version 1.0 to 1.5.5 is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authenticati ... oval:org.secpod.oval:def:1901908 In Eclipse Mosquitto version 1.0 to 1.5.5 when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able ... oval:org.secpod.oval:def:1901915 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. oval:org.secpod.oval:def:1901964 An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer"s controlling terminal, allowing an ... oval:org.secpod.oval:def:55664 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:1901949 In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:705149 ceph: distributed storage and file system Ceph could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705269 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1901917 An incorrect permissions check was discovered in libvirt-dev 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. oval:org.secpod.oval:def:1902013 Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these ... oval:org.secpod.oval:def:705306 haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to execute arbitrary code if it received a specially crafted HTTP/2 header. oval:org.secpod.oval:def:705280 dpdk: set of libraries for fast packet processing DPDK could be made to consume resources if it received specially crafted input. oval:org.secpod.oval:def:705268 fribidi: Free Implementation of the Unicode BiDi algorithm Applications using FriBidi could be made to crash or run programs as your login if it displayed specially crafted text. oval:org.secpod.oval:def:705222 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705183 mosquitto: MQTT version 3.1/3.1.1 compatible message broker Mosquitto could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705161 samba: SMB/CIFS file, print, and login server for Unix Samba would allow unintended access to files over the network. oval:org.secpod.oval:def:705118 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information over the network. oval:org.secpod.oval:def:705110 poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF. oval:org.secpod.oval:def:705098 pango1.0: Layout and rendering of internationalized text - gir bindings Pango could be made to execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:1902110 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. oval:org.secpod.oval:def:1902039 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn"t implement query_info_on_read/write. oval:org.secpod.oval:def:1902035 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file"s user and group ownership during move operations from admin:// to file:// URIs, because root privileges are unavailable. oval:org.secpod.oval:def:1902038 An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. oval:org.secpod.oval:def:1902028 Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim. oval:org.secpod.oval:def:704924 memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901952 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will b ... oval:org.secpod.oval:def:1901955 It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially differe ... oval:org.secpod.oval:def:705818 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it received a specially crafted file. oval:org.secpod.oval:def:704967 gnome-desktop3: Introspection data for GnomeDesktop gnome-desktop could be made to escape the thumbnailer sandbox. oval:org.secpod.oval:def:704953 libmediainfo: library reading metadata from media files MediaInfo could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1901973 An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:1901974 An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. oval:org.secpod.oval:def:704976 gnutls28: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:1901923 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other ... oval:org.secpod.oval:def:1901926 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other im ... oval:org.secpod.oval:def:1901916 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other impact. oval:org.secpod.oval:def:1901911 Subversion"s mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. oval:org.secpod.oval:def:705171 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:705270 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:704961 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:1901945 A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. oval:org.secpod.oval:def:705170 vlc: multimedia player and streamer Several security issues were fixed in VLC. oval:org.secpod.oval:def:68055 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:704925 python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg oval:org.secpod.oval:def:1901951 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. oval:org.secpod.oval:def:1902005 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass." oval:org.secpod.oval:def:1902126 libqb-dev before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames without O_EXCL. oval:org.secpod.oval:def:1901959 Byobu Apport hook may disclose sensitive information since it automatically uploads the local user"s .screenrc which may contain private hostnames, usernames and passwords. oval:org.secpod.oval:def:1901961 A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial"s path-checking logic and write files outside a repository. oval:org.secpod.oval:def:1902016 Unrestricted file upload in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. oval:org.secpod.oval:def:1902010 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. oval:org.secpod.oval:def:1901935 Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. oval:org.secpod.oval:def:1901937 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/ ... oval:org.secpod.oval:def:1901936 Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. oval:org.secpod.oval:def:1901941 gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. oval:org.secpod.oval:def:1902119 In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 ... oval:org.secpod.oval:def:1901993 systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE check is mishandled. oval:org.secpod.oval:def:1902047 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. oval:org.secpod.oval:def:1902042 In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. oval:org.secpod.oval:def:1902055 Yubico libpam-u2f 1.0.7 attempts parsing of the configured authfile as root , and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be ... oval:org.secpod.oval:def:1902051 In Yubico libpam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it ... oval:org.secpod.oval:def:1902053 An issue was discovered in phpMyAdmin before 4.8.6. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. oval:org.secpod.oval:def:1902052 An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim"s phpMyAdmin database, and the attacker can ... oval:org.secpod.oval:def:1901970 An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. oval:org.secpod.oval:def:1901978 cleartext message spoofing oval:org.secpod.oval:def:1901981 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. oval:org.secpod.oval:def:1901980 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter ... oval:org.secpod.oval:def:1902031 Capstone 3.0.4 has an out-of-bounds vulnerability in X86_insn_reg_intel in arch/X86/X86Mapping.c. oval:org.secpod.oval:def:705106 mercurial: easy-to-use, scalable distributed version control system Mercurial could be made to overwrite files. oval:org.secpod.oval:def:704933 monit: utility for monitoring and managing daemons or similar programs Several security issues were fixed in Monit oval:org.secpod.oval:def:705309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1901950 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1901957 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:1901960 The EAP-pwd implementation in hostapd before 2.8 and wpasupplicant_supplicant before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference . This affects ea ... oval:org.secpod.oval:def:1901948 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:1901944 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:1901943 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted HEVC data. oval:org.secpod.oval:def:705011 neovim: heavily refactored vim fork Neovim could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705012 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:1902054 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not check for sscanf failure and consequently allows use of uninitialized variables. oval:org.secpod.oval:def:54577 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. oval:org.secpod.oval:def:1902050 Modelines allow arbitrary code execution by opening a specially crafted text file oval:org.secpod.oval:def:68054 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705102 sox: Swiss army knife of sound processing Details: USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. Original advisory SoX could be made to crash if it received a specially crafted MP3 file. oval:org.secpod.oval:def:1902113 An error within the "parse_tiff_ifd" function in LibRaw versions before 0.18.2 can be exploited to corrupt memory. oval:org.secpod.oval:def:1902114 An error related to the "LibRaw::panasonic_load_raw" function in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. oval:org.secpod.oval:def:704941 postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:704915 advancecomp: collection of recompression utilities Details: USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. Original advisory AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:1902003 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary ... oval:org.secpod.oval:def:1902099 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. oval:org.secpod.oval:def:704917 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:1902095 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. oval:org.secpod.oval:def:705050 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704993 db5.3: Berkeley DB Utilities Berkeley DB could be made to expose sensitive information. oval:org.secpod.oval:def:705049 znc: advanced modular IRC bouncer znc could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:704999 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3991-1 caused a regr ... oval:org.secpod.oval:def:705036 policykit-desktop-privileges: run common desktop actions without password A security improvement has been made to policykit-desktop-privileges. oval:org.secpod.oval:def:1902102 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. oval:org.secpod.oval:def:1902111 An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. oval:org.secpod.oval:def:704975 libseccomp: library for working with the Linux seccomp filter libseccomp could allow unintended access to system calls. oval:org.secpod.oval:def:704960 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:705010 dbus: simple interprocess messaging system DBus could allow unintended access to services. oval:org.secpod.oval:def:1902043 AdminURLFieldWidget XSS oval:org.secpod.oval:def:705013 firefox: Mozilla Open Source web browser Details: USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. W ... oval:org.secpod.oval:def:705007 glib2.0: GLib library of C routines GLib could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:704944 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:1902037 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. oval:org.secpod.oval:def:1902034 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. oval:org.secpod.oval:def:704934 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:705084 patch: Apply a diff file to an original Several security issues were fixed in Patch. oval:org.secpod.oval:def:705086 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:705077 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:705184 ibus: Intelligent Input Bus - core Details: USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory USN 4134-1 introduced a regression in IBus. oval:org.secpod.oval:def:705185 libreoffice: Office productivity suite LibreOffice could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705179 tomcat9: Servlet and JSP engine Several security issues were fixed in Tomcat 9. oval:org.secpod.oval:def:705176 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:705177 apache2: Apache HTTP server Details: USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory ... oval:org.secpod.oval:def:705178 wpa: client support for WPA and WPA2 wpa_supplicant could be made to be disconnected and require reconnection to the network if it received a specially crafted management frame. oval:org.secpod.oval:def:705173 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:705165 memcached: high-performance memory object caching system Memcached could be made to expose sensitive information if it received a specially crafted UNIX socket. oval:org.secpod.oval:def:705150 dovecot: IMAP and POP3 email server Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data. oval:org.secpod.oval:def:705151 ghostscript: PostScript and PDF interpreter Ghostscript could be made to access arbitrary files if it opened a specially crafted file. oval:org.secpod.oval:def:705152 dovecot: IMAP and POP3 email server Details: USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4110-1 introduced a regression in Dovecot. oval:org.secpod.oval:def:705132 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:705133 nltk: Python libraries for natural language processing NLTK could be made to overwrite files. oval:org.secpod.oval:def:705254 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705134 giflib: library for GIF images Several security issues were fixed in GIFLIB. oval:org.secpod.oval:def:705124 nova: OpenStack Compute cloud infrastructure Nova could be made to expose sensitive information. oval:org.secpod.oval:def:705125 golang-github-docker-docker-credential-helpers: Use native stores to safeguard Docker credentials docker-credential-helpers could be made to crash or run programs as your login oval:org.secpod.oval:def:705126 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:705127 docker.io: Linux container runtime Details: Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Original advisory Docker could be made to crash o ... oval:org.secpod.oval:def:705248 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:705241 tiff: Tag Image File Format library Several security issues were fixed in LibTIFF. oval:org.secpod.oval:def:705243 uw-imap: c-client library for mail protocols - library files UW IMAP could be made to execute programs if it received specially crafted input. oval:org.secpod.oval:def:705240 aspell: GNU Aspell spell-checker Aspell could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:705128 kconfig: configuration settings framework for Qt - kde4libs: KDE 4 core applications and libraries KConfig and KDE libraries could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:705235 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:705116 mariadb-10.3: MariaDB database Details: USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3. Ubuntu 19.04 has been u ... oval:org.secpod.oval:def:705223 e2fsprogs: ext2/ext3/ext4 file system utilities e2fsprogs could be made to execute arbitrary code if it is running in a crafted ext4 partition. oval:org.secpod.oval:def:705224 libsdl2: Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces SDL 2.0 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:705220 firefox: Mozilla Open Source web browser Firefox could be made to hijack the mouse pointer it if opened a malicious website. oval:org.secpod.oval:def:705101 sigil: multi-platform ebook editor Sigil could be made to overwrite files. oval:org.secpod.oval:def:705108 postgresql-11: Object-relational SQL database - postgresql-10: Object-relational SQL database - postgresql-9.5: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:705109 ghostscript: PostScript and PDF interpreter Ghostscript could be made to access files if it opened a specially crafted file. oval:org.secpod.oval:def:705311 libssh: A tiny C SSH library libssh could be made to run programs under certain conditions. oval:org.secpod.oval:def:705312 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:705314 libpcap: Library for for user-level network packet capture Applications using libpcap could be made to crash if given specially crafted data. oval:org.secpod.oval:def:705305 intel-microcode: Processor microcode for Intel CPUs Details: USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the ... oval:org.secpod.oval:def:705307 librabbitmq: Command-line utilities for interacting with AMQP servers RabbitMQ could be made to execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:705175 ibus: Intelligent Input Bus - core IBus would allow local users to capture key strokes of other locally logged in users. oval:org.secpod.oval:def:705285 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1901967 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:705283 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901969 An issue was discovered in GNU libiberty-dev, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. oval:org.secpod.oval:def:705284 postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to create arbitrary directories. oval:org.secpod.oval:def:1902015 libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. oval:org.secpod.oval:def:705817 evince: Document viewer Evince could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:705813 mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1902109 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Me ... oval:org.secpod.oval:def:705310 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:705085 ansible: Configuration management, deployment, and task execution system Several security issues were fixed in Ansible. oval:org.secpod.oval:def:1902120 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:705057 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:1901934 [Crafted null dereference attack in authenticated mode 6 packet] oval:org.secpod.oval:def:59840 sqlite3: C library that implements an SQL database engine Several security issues were fixed in SQLite. oval:org.secpod.oval:def:704940 openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:705056 docker.io: Linux container runtime Docker could be made to overwrite files as the administrator. oval:org.secpod.oval:def:705078 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:59842 squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:705245 exiv2: EXIF/IPTC/XMP metadata manipulation tool Exiv2 could be made to crash if it received a specially crafted file. oval:org.secpod.oval:def:1902098 A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. oval:org.secpod.oval:def:1902094 Exposed suppressed username or log in Special:EditTags. oval:org.secpod.oval:def:1902097 Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table. oval:org.secpod.oval:def:1901922 In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. oval:org.secpod.oval:def:1902103 Exposed suppressed log in RevisionDelete page. oval:org.secpod.oval:def:1902105 Privileged API responses that include whether a recent change has been patrolled may be cached publicly. oval:org.secpod.oval:def:1902104 It is possible to bypass the limits on IP range blocks by using the API. oval:org.secpod.oval:def:1902101 Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. oval:org.secpod.oval:def:1902100 An account can be logged out without using a token oval:org.secpod.oval:def:1902108 Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users" loading that script. oval:org.secpod.oval:def:705100 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:705282 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:705180 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - ... oval:org.secpod.oval:def:705271 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:68052 zeromq3: lightweight messaging kernel ZeroMQ could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:705083 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - ... oval:org.secpod.oval:def:705154 linux: Linux kernel - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - ... oval:org.secpod.oval:def:705156 linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:705017 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - li ... oval:org.secpod.oval:def:1902136 Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. oval:org.secpod.oval:def:704989 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Seve ... oval:org.secpod.oval:def:1901995 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. oval:org.secpod.oval:def:704951 libvirt: Libvirt virtualization toolkit Several issues were addressed in libvirt. oval:org.secpod.oval:def:704959 intel-microcode: Processor microcode for Intel CPUs Details: USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry ... oval:org.secpod.oval:def:704947 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704948 qemu: Machine emulator and virtualizer Several issues were addressed in QEMU. oval:org.secpod.oval:def:704943 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ... oval:org.secpod.oval:def:1901921 lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. oval:org.secpod.oval:def:1902877 env_path_info underflow in fpm_main.c can lead to RCE oval:org.secpod.oval:def:704995 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901966 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. oval:org.secpod.oval:def:1902044 heap-buffer-overflow on php_jpg_get16 oval:org.secpod.oval:def:1902040 Out-of-bounds read in iconv.c:_php_iconv_mime_decode due to integer overflow oval:org.secpod.oval:def:705114 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image. oval:org.secpod.oval:def:704998 jinja2: small but fast and easy to use stand-alone template engine Several security issues were fixed in Jinja2. oval:org.secpod.oval:def:705096 openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK 11. oval:org.secpod.oval:def:54968 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:704972 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704957 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1901979 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:1902564 The client creates multiple request streams and continually shuffles the priority of the streams in a way which causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Resource Loop / Priority Shuffling". oval:org.secpod.oval:def:58420 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:1902570 The client can request a large amount of data from a specified resource over multiple streams. It can manipulate window sizes and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, po ... oval:org.secpod.oval:def:705076 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:58426 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:705174 expat: XML parsing C library Expat could be made to expose sensitive information if it received a specially crafted XML file. oval:org.secpod.oval:def:58058 The client can send continual pings to an HTTP/2 server, causing the server to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Ping Flood". oval:org.secpod.oval:def:58063 This sends a stream of SETTINGS frames to the server. Since the RFC requires that the server reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, o ... oval:org.secpod.oval:def:58064 This sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially le ... oval:org.secpod.oval:def:58065 This opens the HTTP/2 window so the server can send without constraint; however, it leaves the TCP window closed so the server cannot actually write (many of) the bytes on the wire. The client could then send a stream of requests for a large response object. Depending on how the servers queue the re ... oval:org.secpod.oval:def:58060 This opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the servers queue the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a Denial-of-Service. Also known ... oval:org.secpod.oval:def:705162 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705163 node-fstream: Advanced filesystem streaming tools for Node.js npm/fstream could be made to overwrite files. oval:org.secpod.oval:def:705251 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705120 firefox: Mozilla Open Source web browser A local attacker could obtain saved passwords. oval:org.secpod.oval:def:705119 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. |