Download
| Alert*
|
oval:org.secpod.oval:def:606123
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code. For the oldstable distribution , this problem has been fixed in version 3.2.4-1+deb10u7. oval:org.secpod.oval:def:606125 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or sandbox bypass. oval:org.secpod.oval:def:606126 Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service. oval:org.secpod.oval:def:608322 Elton Nokaj discovered that incorrect error handling in Bottle, a WSGI framework for Python, could result in the disclosure of sensitive information. oval:org.secpod.oval:def:606180 Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string. Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other unspecified impact. oval:org.secpod.oval:def:606184 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610369 Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Cinder, the OpenStack block storage system, may result in information disclosure. oval:org.secpod.oval:def:610251 Maddie Stone reported a heap-based buffer overflow flaw in pixman, a pixel-manipulation library for X and cairo, which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:610250 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610370 Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure. oval:org.secpod.oval:def:610358 Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. oval:org.secpod.oval:def:610357 It was discovered that SPIP, a website engine for publishing, would allow a malicious user to SQL injection attacks, or bypass authorization access. oval:org.secpod.oval:def:610164 It was discovered that the wordexp function of tinygltf, a library to load/save glTF files was susceptible to command execution when processing untrusted files. oval:org.secpod.oval:def:610165 Maher Azzouzi discovered that missing input sanitising in the Enlightenment window manager may result in local privilege escalation to root. oval:org.secpod.oval:def:610294 A security issue was discovered in Chromium, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:605608 Debian 11.x is installed oval:org.secpod.oval:def:605628 Kevin Israel discovered that python3-django-postorius, the administrative web frontend for Mailman 3, didn"t validate whether a logged-in user owns the email address when unsubscribing. oval:org.secpod.oval:def:605883 Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares , which could result in privilege escalation. If PHP functionality is needed for the ... oval:org.secpod.oval:def:605634 Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosure. oval:org.secpod.oval:def:607812 Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math strin ... oval:org.secpod.oval:def:607814 It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks. For the oldstable distribution , this problem has been fixed in version 3.2.4-1+deb10u8. oval:org.secpod.oval:def:605771 The update for prosody released as DSA 5047 introduced a memory leak. Updated prosody packages are now available to correct this issue. oval:org.secpod.oval:def:607788 Max Justicz reported a directory traversal vulnerability in Dpkg::Source::Archive in dpkg, the Debian package management system. This affects extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar. oval:org.secpod.oval:def:605624 The update for ledgersmb released as DSA 4862-1 introduced a regression in the display of some search results. Updated ledgersmb packages are now available to correct this issue. For the oldstable distribution , this problem has been fixed in version 1.6.9+ds-1+deb10u3. oval:org.secpod.oval:def:610114 It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, lett ... oval:org.secpod.oval:def:606127 Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service. oval:org.secpod.oval:def:79855 Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service. oval:org.secpod.oval:def:610111 Two vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file or JBIG2 image is processed. oval:org.secpod.oval:def:608626 Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature spoofing via arbitrary injection into the status line. An attacker who controls the secret part of any signing-capable key or subkey in the victim"s keyring, can take advantage of this flaw to provide a correctly-formed signature ... oval:org.secpod.oval:def:606122 Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:606185 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:606095 An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message. oval:org.secpod.oval:def:610368 Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute may result in information disclosure. oval:org.secpod.oval:def:83978 An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. oval:org.secpod.oval:def:610365 Martin van Kervel Smedshammer discovered that varnish, a state of the art, high-performance web accelerator, is prone to a HTTP/2 request forgery vulnerability. See https://varnish-cache.org/security/VSV00011.html for details. oval:org.secpod.oval:def:605623 Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. The oldstable distribution is not affected. oval:org.secpod.oval:def:605780 It was discovered that missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it . The oldstable distribution is not affected. oval:org.secpod.oval:def:610355 It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename. oval:org.secpod.oval:def:605889 CVE-2021-4122 Milan Broz, its maintainer, discovered an issue in cryptsetup, the disk encryption configuration tool for Linux. LUKS2 online reencryption is an optional extension to allow a user to change the data reencryption key while the data device is available for use during the whole reencrypt ... oval:org.secpod.oval:def:607811 Peter Agten discovered that several modules for TCP syslog reception in rsyslog, a system and kernel logging daemon, have buffer overflow flaws when octet-counted framing is used, which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:605631 It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the pipe, handle and printer io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed . oval:org.secpod.oval:def:606187 Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code. oval:org.secpod.oval:def:610252 It was discovered that a buffer overflow in the _getCountedString function of the Xorg X server may result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:610511 Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting . This update also fixes a regression introduced in previous update that may block certain access for apps using devel ... oval:org.secpod.oval:def:608320 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:610168 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation. Debian follows the extended support releases of Firefox. Support for the 91.x series has ended, so starting with this updat ... oval:org.secpod.oval:def:607888 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. oval:org.secpod.oval:def:608637 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:608620 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing. oval:org.secpod.oval:def:610285 Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:607787 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:606194 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:607789 Joshua Mason discovered that a logic error in the validation of the secret key used in the local authorisation mode of the CUPS printing system may result in privilege escalation. oval:org.secpod.oval:def:605888 Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest ... oval:org.secpod.oval:def:605680 It was discovered that the symlink extraction protections in node-tar, a Tar archives module for Node.js could by bypassed; allowing a malicious Tar archive to symlink into an arbitrary location. oval:org.secpod.oval:def:610163 An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such repositories can contain per-r ... oval:org.secpod.oval:def:605952 Reginaldo Silva discovered a Lua sandbox escape in Redis, a persistent key-value database. oval:org.secpod.oval:def:606179 A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the Set-Cookie2 header, which can result in an unbounded loop, causing a denial of service. oval:org.secpod.oval:def:605727 Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files. oval:org.secpod.oval:def:94337 The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. Rationale: If attackers can gain read access to the /etc/shadow file, they can easily run a passwo ... oval:org.secpod.oval:def:94338 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:94339 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /var/tmp. oval:org.secpod.oval:def:610580 An issue has been found in sniproxy, a transparent TLS and HTTP layer 4 proxy with SNI support. Due to bad handling of wildcard backend hosts, a crafted HTTP or TLS packet might lead to remote arbitrary code execution. oval:org.secpod.oval:def:610501 Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to chang ... oval:org.secpod.oval:def:610376 Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module for removing scripts from HTML, is prone to a regular expression denial of service, due to catastrophic backtracking for HTML content with specially crafted style attributes. oval:org.secpod.oval:def:605681 Jacob Champion discovered two vulnerabilities in the PostgreSQL database system, which could result in man-in-the-middle attacks. oval:org.secpod.oval:def:605953 Multiple vulnerabilties were discovered in snapd, a daemon and tooling that enable Snap packages, which could result in bypass of access restrictions or privilege escalation. oval:org.secpod.oval:def:605777 Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. When using EAP authentication , the successful completion of ... oval:org.secpod.oval:def:605776 It was discovered that IPython, an enhanced interactive Python shell, executed config files from the current working directory, which could result in cross-user attacks if run from a directory multiple users may write to. oval:org.secpod.oval:def:605682 Apache Tomcat, the servlet and JSP engine, did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. oval:org.secpod.oval:def:605686 Apache Santuario - XML Security for Java is vulnerable to an issue where the secureValidation property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. oval:org.secpod.oval:def:605677 Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. XStream itself sets u ... oval:org.secpod.oval:def:605783 Matthias Gerstner reported that usbview, a USB device viewer, does not properly handle authorization in the PolicyKit policy configuration, which could result in root privilege escalation. oval:org.secpod.oval:def:605629 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:605632 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:605772 Tavis Ormandy discovered that incorrect parsing of pkcs7 sequences in nss, the Mozilla Network Security Service library, may result in denial of service. oval:org.secpod.oval:def:605885 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:605882 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. oval:org.secpod.oval:def:608321 Jeffrey Bencteux reported two vulnerabilities in cifs-utils, the Common Internet File System utilities, which can result in escalation of privileges or an information leak . oval:org.secpod.oval:def:605773 David Bouman discovered a heap-based buffer overflow vulnerability in the base64 functions of aide, an advanced intrusion detection system, which can be triggered via large extended file attributes or ACLs. This may result in denial of service or privilege escalation. oval:org.secpod.oval:def:612644 An invalid memory access was discovered in json-c, a JSON library which could result in denial of service. oval:org.secpod.oval:def:612666 Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact. oval:org.secpod.oval:def:612677 Matteo Memelli reported an out-of-bounds read flaw when parsing CDP addresses in lldpd, an implementation of the IEEE 802.1ab protocol. A remote attacker can take advantage of this flaw to cause a denial of service via a specially crafted CDP PDU packet. oval:org.secpod.oval:def:612739 William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation oval:org.secpod.oval:def:610510 David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is suspectible to denial of service via malformed IP packets. oval:org.secpod.oval:def:606193 Danilo Ramos discovered that incorrect memory handling in zlib"s deflate handling could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed. oval:org.secpod.oval:def:610433 An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. oval:org.secpod.oval:def:612728 Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:605728 Multiple vulnerabilities were discovered in the FORT RPKI validator, which could result in denial of service or path traversal. oval:org.secpod.oval:def:605774 Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers , which may result in denial of service or potentially in the the execution of arbitrary code. oval:org.secpod.oval:def:92149 OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algor ... oval:org.secpod.oval:def:612687 Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used. oval:org.secpod.oval:def:87332 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:87333 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:87330 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:87331 The kernel module udf should be disabled. oval:org.secpod.oval:def:87329 The squashfs Kernel Module should be disabled. oval:org.secpod.oval:def:87327 This directory contains system cron jobs that need to run on an hourly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user and group root ... oval:org.secpod.oval:def:87328 The /etc/cron.daily directory contains system cron jobs that need to run on a daily basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user a ... oval:org.secpod.oval:def:87325 The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed. oval:org.secpod.oval:def:87326 IPtables is an application that allows a system administrator to configure the IPv4 tables, chains and rules provided by the Linux kernel firewall. ufw was developed to ease IPtables firewall configuration. oval:org.secpod.oval:def:87323 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:87324 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:87321 The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server. oval:org.secpod.oval:def:87322 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:87320 The DPKG package 'rsyslog' should be installed. oval:org.secpod.oval:def:87318 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user ... oval:org.secpod.oval:def:87319 Access permission for '/etc/cron.monthly' is set to appropriate values. oval:org.secpod.oval:def:87316 The DPKG package 'aide' should be installed. oval:org.secpod.oval:def:87317 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:87314 The rsh package contains the client commands for the rsh services. oval:org.secpod.oval:def:87315 The DPKG package 'xserver-xorg-core' should be removed. oval:org.secpod.oval:def:87312 The talk software makes it possible for users to send and receive messages across systems through a terminal session. oval:org.secpod.oval:def:87313 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. oval:org.secpod.oval:def:87354 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. Rationale: If the system will not need to act as an LDAP client, it is recommended that the softwar ... oval:org.secpod.oval:def:87355 A Firewall package should be selected. Most firewall configuration utilities operate as a front end to nftables or iptables. Rationale: A Firewall package is required for firewall management and configuration. oval:org.secpod.oval:def:87352 The inetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no inetd services required, it is recommended that the daemon be removed. oval:org.secpod.oval:def:87353 The telnet package contains the telnet client, which allows users to start connections to other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow an unauthorized user to steal creden ... oval:org.secpod.oval:def:87350 SOMETHING HERE oval:org.secpod.oval:def:87351 Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. Rationale: AppArmor must be enabled at boot time in your bootloader configuration to ensure that the controls it provides are not overridden. Note: This re ... oval:org.secpod.oval:def:87349 sudo can use a custom log file. Rationale: A sudo log file simplifies auditing of sudo commands. oval:org.secpod.oval:def:87347 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var/tmp. oval:org.secpod.oval:def:87348 sudo can be configured to run only from a psuedo-pty. Rationale: Attackers can run a malicious program using sudo which would fork a background process that remains even when the main program has finished executing. oval:org.secpod.oval:def:87345 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp. oval:org.secpod.oval:def:87346 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/tmp. oval:org.secpod.oval:def:87343 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /tmp. oval:org.secpod.oval:def:87344 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /tmp. oval:org.secpod.oval:def:87341 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them. oval:org.secpod.oval:def:87342 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file system prevents users from executing programs from shared memory. This deters users from introducing potentially malicious software on the system. oval:org.secpod.oval:def:87340 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /dev/shm filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create special devices in /dev/shm partitions. oval:org.secpod.oval:def:87338 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. Rationale: sudo supports a plugin arch ... oval:org.secpod.oval:def:87339 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:87336 USB storage provides a means to transfer and store files insuring persistence and availability of the files independent of network connection status. Its popularity and utility has led to USB-based malware being a simple and common means for network infiltration and a first step to establishing a pe ... oval:org.secpod.oval:def:87337 Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by manual selection from the bootloader. Rationale: Requiring authentication in single user mode (rescue mode) prevents an unauthorized user from rebooting the system into single user ... oval:org.secpod.oval:def:87334 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:87335 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:87410 Dovecot is an open source mail submission and transport server for Linux based systems. Rationale: Unless mail transport services are to be provided by this system, it is recommended that the service be disabled or deleted to reduce the potential attack surface. Note: Several ... oval:org.secpod.oval:def:87408 The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. Rationale: If the system will not need to act as an LDAP server, it is recommended that the softw ... oval:org.secpod.oval:def:87409 HTTP or web servers provide the ability to host web site content. Rationale: Unless there is a need to run the system as a web server, it is recommended that the package be deleted to reduce the potential attack surface. oval:org.secpod.oval:def:87406 The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. The NIS client ( ypbind ) was used to bind a machine to an NIS server and receive the distributed configuration files. Ration ... oval:org.secpod.oval:def:87407 Squid is a standard proxy server used in many distributions and environments. Rationale: If there is no need for a proxy server, it is recommended that the squid proxy be deleted to reduce the potential attack surface. oval:org.secpod.oval:def:87404 The cron daemon is used to execute batch jobs on the system. Rationale: While there may not be user jobs that need to be run on the system, the system does have maintenance jobs that may include security monitoring that have to run, and cron is used to execute them. oval:org.secpod.oval:def:87405 Once the rsyslog package is installed it needs to be activated. Rationale: If the rsyslog service is not activated the system may default to the syslogd service or lack logging instead. oval:org.secpod.oval:def:87402 The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files. Rationale: FTP does not protect the confidentiality of data or authentication credentials. It is recommended SFTP be used if file transfer is required. Unless there is a need to run t ... oval:org.secpod.oval:def:87403 The nftables service allows for the loading of nftables rulesets during boot, or starting of the nftables service. Rationale: The nftables service restores the nftables rules from the rules files referenced in the /etc/sysconfig/nftables.conf file during boot or the starting of th ... oval:org.secpod.oval:def:87400 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. Rationale: If ... oval:org.secpod.oval:def:87401 The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses. Rationale: Unless a system is specifically set up to act as a DHCP server, it is recommended that this service be deleted to reduce the potential attack surface ... oval:org.secpod.oval:def:87310 File permission for '/etc/ssh/sshd_config' is set to appropriate values. oval:org.secpod.oval:def:87311 By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on the specified TCP port. The guidance in the section ensures ... oval:org.secpod.oval:def:87309 This test makes sure that '/etc/shadow' file permission is set as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:87307 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:87308 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:87305 The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the pam_cracklib.so options. * retr ... oval:org.secpod.oval:def:87306 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:87303 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:87424 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:87304 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:87301 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:87422 A default deny all policy on connections ensures that any unconfigured network usage will be rejected.With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to white list acceptable usage than to black list unacceptable usage. oval:org.secpod.oval:def:87302 The accounts should be configured to expire automatically following Inactivity accounts. oval:org.secpod.oval:def:87423 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:87420 The use of wireless networking can introduce many different attack vectors into the organization's network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP ... oval:org.secpod.oval:def:87300 This variable limits the types of ciphers that SSH can use during communication. oval:org.secpod.oval:def:87421 A default deny all policy on connections ensures that any unconfigured network usage will be rejected.With a default accept policy the firewall will accept any packet that is not configured to be denied. It is easier to white list acceptable usage than to black list unacceptable usage. oval:org.secpod.oval:def:87419 The extended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no xinetd servic ... oval:org.secpod.oval:def:87417 MAC algorithms being used during ssh can be limited by defining them in sshd_config file. oval:org.secpod.oval:def:87418 UsePAM Enables the Pluggable Authentication Module interface. If set to yes this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types oval:org.secpod.oval:def:87415 The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network. The rpcbind service maps Remote Procedure Call (RPC) services to the ports on wh ... oval:org.secpod.oval:def:87416 The contents of the file /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:87413 All users should have a password change date in the past. Rationale: If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:87414 The default TMOUT determines the shell timeout for users. The TMOUT value is measured in seconds. Rationale: Having no timeout value associated with a shell could allow an unauthorized user access to another user's shell session (e.g. user walks away from their computer and doesn' ... oval:org.secpod.oval:def:87411 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. Rationale: Time synchronization is important to support time sens ... oval:org.secpod.oval:def:87412 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed in an unauthorized fashion. oval:org.secpod.oval:def:87299 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:87297 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:87298 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:87295 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:87296 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:87293 The Set Password Warning Age should be set appropriately. oval:org.secpod.oval:def:87294 The file /etc/securetty contains a list of valid terminals that may be logged in directly as root. oval:org.secpod.oval:def:87291 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:87292 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:87290 The INFO parameter specifies that record login and logout activity will be logged. oval:org.secpod.oval:def:87288 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:87289 The kernel module hfs should be disabled. oval:org.secpod.oval:def:87286 The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is usually grub.cfg stored in /boot/grub. oval:org.secpod.oval:def:87287 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:87284 There are several options available to limit which users and group can access the system via SSH. It is recommended that at least one of the following options be leveraged: AllowUsers The AllowUsers variable gives the system administrator the option of allowing specific users to ssh into the syste ... oval:org.secpod.oval:def:87285 The grub boot loader should have password protection enabled. oval:org.secpod.oval:def:87282 The PermitUserEnvironment option allows users to present environment options to the ssh daemon. oval:org.secpod.oval:def:87283 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:87280 Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be configured to only process local mail. oval:org.secpod.oval:def:87281 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:87279 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:91666 This test makes sure that '/etc/logrotate.conf' file permission is set as appropriate. Log files contain logged information from many services on the system, or on log hosts others as well. It is important to ensure that log files have the correct permissions to ensure that sensitive data is archive ... oval:org.secpod.oval:def:87376 Any account with UID 0 has superuser privileges on the system. Rationale: This access must be limited to only the default root account and only from the system console. Administrative access must be through an unprivileged account using an approved mechanism as noted in Item 5.6 ... oval:org.secpod.oval:def:87377 An account with an empty password field means that anybody may log in as that user without providing a password. Rationale: All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:87374 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: Thes ... oval:org.secpod.oval:def:87375 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. Rationale: Any users assigned to the shadow group would be granted read access to the /etc/shadow file. If attackers can gain re ... oval:org.secpod.oval:def:87372 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: The ... oval:org.secpod.oval:def:87373 The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: The ... oval:org.secpod.oval:def:87370 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and h ... oval:org.secpod.oval:def:87371 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:87369 Log files stored in /var/log/ contain logged information from many services on the system, or on log hosts others as well. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. oval:org.secpod.oval:def:87367 The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else. Rationale: The /etc/group file needs to be protected from unauthorized changes by non-privileged users, but nee ... oval:org.secpod.oval:def:87368 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Rationale: If the /etc/issue.net file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:87365 The /etc/gshadow file is used to store the information about groups that is critical to the security of those accounts, such as the hashed password and other security information Rationale: If attackers can gain read access to the /etc/gshadow file, they can easily run a password ... oval:org.secpod.oval:def:87366 The /etc/passwd file contains user account information that is used by many system utilities and therefore must be readable for these utilities to operate. Rationale: It is critical to ensure that the /etc/passwd file is protected from unauthorized write access. Although it is pro ... oval:org.secpod.oval:def:87363 The contents of the /etc/issue file are displayed to users prior to login for local terminals. Rationale: If the /etc/issue file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. oval:org.secpod.oval:def:87364 Rsyslog will create logfiles that do not already exist on the system. This setting controls what permissions will be applied to these newly created files. Rationale: It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and ... oval:org.secpod.oval:def:87361 AppArmor profiles define what resources applications are able to access. oval:org.secpod.oval:def:87362 The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. Rationale: If the /etc/motd file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading informa ... oval:org.secpod.oval:def:87360 The usermod command can be used to specify which group the root user belongs to. This affects permissions of files that are created by the root user. Rationale: Using GID 0 for the root account helps prevent root-owned files from accidentally becoming accessible to non-privileged users. oval:org.secpod.oval:def:87358 The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Rationale: To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartu ... oval:org.secpod.oval:def:87359 The MaxSessions parameter specifies the maximum number of open sessions permitted from a given connection. Rationale: To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of s ... oval:org.secpod.oval:def:87356 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:87357 The LoginGraceTime parameter specifies the time allowed for successful authentication to the SSH server. The longer the Grace period is the more open unauthenticated connections can exist. Like other session controls in this session the Grace Period should be limited to appropriate organizational li ... oval:org.secpod.oval:def:87277 The logrotate (syslog rotator) service should be enabled. oval:org.secpod.oval:def:87398 The rsyncd service can be used to synchronize files between systems over network links. Rationale: The rsyncd service presents a security risk as it uses unencrypted protocols for communication. oval:org.secpod.oval:def:87278 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:87399 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:87275 Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, this ability is called No Execute (NX), while on Intel processors it is called Execute Disable (XD). This ability can help prevent exploitation of buffer o ... oval:org.secpod.oval:def:87396 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:87276 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:87397 The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands from an SNMP management system, execute the commands or collect the information and then send results back to the requesting system. Rationale: The SNMP server can communicate using SNMP v1, w ... oval:org.secpod.oval:def:87273 Core dumps for all users should be disabled oval:org.secpod.oval:def:87394 Data from journald may be stored in volatile memory or persisted locally on the server. Logs in memory will be lost upon a system reboot. By persisting logs to local disk on the server they are protected from loss. Rationale: Writing log data to disk will provide the ability to fo ... oval:org.secpod.oval:def:87274 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:87395 autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. Rationale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themse ... oval:org.secpod.oval:def:87271 The Domain Name System (DNS) is a hierarchical naming system that maps names to IP addresses for computers, services and other resources connected to a network. Rationale: Unless a system is specifically designated to act as a DNS server, it is recommended that the package be dele ... oval:org.secpod.oval:def:87392 Data from journald may be stored in volatile memory or persisted locally on the server. Utilities exist to accept remote export of journald logs, however, use of the rsyslog service provides a consistent means of log collection and export. Rationale: Storing log data on a remote ho ... oval:org.secpod.oval:def:87272 The prelinking feature changes binaries in an attempt to decrease their startup time. oval:org.secpod.oval:def:87393 The journald system includes the capability of compressing overly large files to avoid filling up the system with logs or making the logs unmanageably large. Rationale: Uncompressed large files may unexpectedly fill a filesystem leading to resource unavailability. Compressing log ... oval:org.secpod.oval:def:87390 Although the groupadd program will not let you create a duplicate group name, it is possible for an administrator to manually edit the /etc/group file and change the group name. Rationale: If a group is assigned a duplicate group name, it will create and have access to files with ... oval:org.secpod.oval:def:87270 The system login banner text should be set correctly for remote login users. oval:org.secpod.oval:def:87391 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. The nftables service reads the /etc/nftables.conf file for a nftables file or files to include in the nftables ruleset. A nftables ruleset containing the input, forward, and outp ... oval:org.secpod.oval:def:87268 The commands below change password encryption to yescrypt (a much stronger hashing algorithm). All existing accounts will need to perform a password change to upgrade the stored hashes to the new algorithm. Rationale: The yescrypt algorithm provides much stronger hashing than previou ... oval:org.secpod.oval:def:87389 Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name. Rationale: If a user is assigned a duplicate user name, it will create and have access to files with the ... oval:org.secpod.oval:def:87269 The system login banner text should be set correctly. oval:org.secpod.oval:def:87266 Ensure only strong Key Exchange algorithms are used oval:org.secpod.oval:def:87387 Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passwd file and change the UID field. Rationale: Users must be assigned unique UIDs for accountability and to ensure appropriate access pro ... oval:org.secpod.oval:def:87267 The passwords to remember should be set correctly. oval:org.secpod.oval:def:87388 Although the groupadd program will not let you create a duplicate Group ID (GID), it is possible for an administrator to manually edit the /etc/group file and change the GID field. Rationale: User groups must be assigned unique GIDs for accountability and to ensure appropriate a ... oval:org.secpod.oval:def:87264 The two options ClientAliveInterval and ClientAliveCountMax control the timeout of ssh sessions. When the ClientAliveInterval variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the ClientAliveCountMax variable is set, sshd will send client alive ... oval:org.secpod.oval:def:87385 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. Rationale: If chrony is in use on the system proper configuration is vital to ensuring time synchroniza ... oval:org.secpod.oval:def:87265 The Set Lockout Time For Failed Password Attempts should be set correctly. oval:org.secpod.oval:def:87386 Over time, system administration errors and changes can lead to groups being defined in /etc/passwd but not in /etc/group. Rationale: Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly ma ... oval:org.secpod.oval:def:87383 While the system administrator can establish secure permissions for users' "dot" files, the users can easily override these. Rationale: Group or world-writable user configuration files may enable malicious users to steal or modify other users' data or to gain another user's syste ... oval:org.secpod.oval:def:87384 While the system administrator can establish secure permissions for users' .netrc files, the users can easily override these. Rationale: .netrcfiles may contain unencrypted passwords that may be used to attack other systems. oval:org.secpod.oval:def:87381 The .netrc file contains data for logging into a remote host for file transfers via FTP. Rationale: The .netrc file presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrc files from ... oval:org.secpod.oval:def:87382 The .forward file specifies an email address to forward the user's mail to. Rationale: Use of the .forward file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The .forward file also poses a risk as it can be used to execut ... oval:org.secpod.oval:def:87380 While no .rhosts files are shipped by default, users can easily create them. Rationale: This action is only meaningful if .rhosts support is permitted in the file /etc/pam.conf . Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf , they may have ... oval:org.secpod.oval:def:87378 Users can be defined in /etc/passwd without a home directory or with a home directory that does not actually exist. Rationale: If the user's home directory does not exist or is unassigned, the user will be placed in "/" and will not be able to write any files or have local envir ... oval:org.secpod.oval:def:87379 While the system administrator can establish secure permissions for users' home directories, the users can easily override these. Rationale: Group or world-writable user home directories may enable malicious users to steal or modify other users' data or to gain another user's system ... oval:org.secpod.oval:def:606186 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service if malformed image files are processed. oval:org.secpod.oval:def:612646 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:612643 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:605622 It was discovered that a buffer overflow in rekeying in libssh-dev could result in denial of service or potentially the execution of arbitrary code. The oldstable distribution is not affected. oval:org.secpod.oval:def:610509 It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this flaw to cause an information leak. oval:org.secpod.oval:def:610292 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:605884 Several vulnerabilities were discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2021-44142 Orange Tsai reported an out-of-bounds heap write vulnerability in the VFS module vfs_fruit, which could result in remote execution of arbitrary code as root. CVE-2022-0336 Kees van Vlo ... oval:org.secpod.oval:def:605675 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication. CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to lo ... oval:org.secpod.oval:def:610429 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:90269 In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. Th ... oval:org.secpod.oval:def:610293 Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50, -autorot or -ce option. In addition a buffer overflow error in exif.c has been addressed which could lead to ... oval:org.secpod.oval:def:612663 A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:612658 Several NULL pointer dereference flaws were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which may result in denial of service when viewing a specially crafted email or when composing from a specially crafted draft message. oval:org.secpod.oval:def:610428 Xi Lu discovered that missing input sanitising in Emacs could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:610361 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named. oval:org.secpod.oval:def:610502 Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user. oval:org.secpod.oval:def:610581 Jose Gomez discovered that the Catalog API endpoint in the Docker registry implementation did not sufficiently enforce limits, which could result in denial of service. oval:org.secpod.oval:def:612888 Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. CVE-2023-37457 The "update" functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memo ... oval:org.secpod.oval:def:612690 Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. CVE-2021-34434 In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoke ... oval:org.secpod.oval:def:612660 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. oval:org.secpod.oval:def:612661 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. oval:org.secpod.oval:def:612662 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. oval:org.secpod.oval:def:605786 The Qualys Research Labs discovered two vulnerabilities in util-linux"s libmount. These flaws allow an unprivileged user to unmount other users" filesystems that are either world-writable themselves or mounted in a world-writable directory , or to unmount FUSE filesystems that belong to certain othe ... oval:org.secpod.oval:def:612883 Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure. oval:org.secpod.oval:def:610291 The Qualys Research Team discovered a race condition in the snapd-confine binary which could result in local privilege escalation. oval:org.secpod.oval:def:612675 Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol for offering file service to macOS clients, which may result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:612655 Two security issues have been discovered in the Open VMware Tools, which may result in a man-in-the-middle attack or authentication bypass. oval:org.secpod.oval:def:610515 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610167 Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:605886 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:610286 Apache Commons Configuration, a Java library providing a generic configuration interface, performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators th ... oval:org.secpod.oval:def:606183 Two vulnerabilities were found in the BIND DNS server, which could result in denial of service or cache poisoning. oval:org.secpod.oval:def:610166 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795 Yehuda Afek, Anat Bremler-Barr and Shani Stajnrod discovered that a flaw in the resolver code can cause named to spend excessive amounts of time on processing large delegations, significantly degrade resolver ... oval:org.secpod.oval:def:605663 Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service . oval:org.secpod.oval:def:612642 Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element. oval:org.secpod.oval:def:605784 Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in information disclosure or denial of service. oval:org.secpod.oval:def:610113 Two security issues were discovered in pcs, a corosync and pacemaker configuration tool: CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM. CVE-2022-2735 Ondrej Mular discovered that incorrect permissions on a Unix socket setup for internal communication could re ... oval:org.secpod.oval:def:605630 Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation. oval:org.secpod.oval:def:610430 Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code. oval:org.secpod.oval:def:610353 Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle "--" to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage ... oval:org.secpod.oval:def:612877 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails. oval:org.secpod.oval:def:612874 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking. oval:org.secpod.oval:def:612706 A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:612664 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:612645 A security issue was discovered in Chromium, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:612641 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610506 Multiple security vulnerabilities have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service or the execution of arbitrary code if a malformed image file is processed. oval:org.secpod.oval:def:606178 Two vulnerabilities were discovered in the server for the Network Block Device , which could result in the execution of arbitrary code. oval:org.secpod.oval:def:608636 Multiple vulnerabilities have been discovered in various image parsers in Blender, a 3D modeller/ renderer, which may result in denial of service of the execution of arbitrary code if a malformed file is opened. oval:org.secpod.oval:def:605729 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures. oval:org.secpod.oval:def:605701 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. oval:org.secpod.oval:def:612648 Multiple security vulnerabilities have been discovered in aom, the AV1 Video Codec Library. Buffer overflows, use-after-free and NULL pointer dereferences may cause a denial of service or other unspecified impact if a malformed multimedia file is processed. oval:org.secpod.oval:def:610504 It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of e ... oval:org.secpod.oval:def:610587 It was discovered that there was a potential buffer overflow and denial of service vulnerabilty in the gdhcp client implementation of connman, a command-line network manager designed for use on embedded devices. oval:org.secpod.oval:def:612868 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:608616 Multiple security issues were discovered in the Squid proxy caching server: CVE-2021-28116 Amos Jeffries discovered an information leak if WCCPv2 is enabled CVE-2021-46784 Joshua Rogers discovered that an error in parsing Gopher server responses may result in denial of service oval:org.secpod.oval:def:610431 Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service. oval:org.secpod.oval:def:612683 Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine. The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially unsafe to use it. The upstream developers of Jetty recommend to use Fast CGI instead. See also CVE-2023-36479. CVE-2023-2 ... oval:org.secpod.oval:def:612708 It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service. oval:org.secpod.oval:def:612689 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the 102.x series has ended, so starting with this update we"re now following the 115.x series. oval:org.secpod.oval:def:612684 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code Debian follows the extended support releases of Firefox. Support for the 102.x series has ended, so starting with this update we"re now following the 115.x ... oval:org.secpod.oval:def:612685 Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed. oval:org.secpod.oval:def:612686 A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:612691 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:612657 Brief introduction Multiple vulnerbilities were discovered in frr, the FRRouting suite of internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attac ... oval:org.secpod.oval:def:610283 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:610112 A security issue was discovered in Chromium, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:610110 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:606190 A security issue was discovered in Chromium, which could result in the execution of arbitrary code if a malicious website is visited. oval:org.secpod.oval:def:605910 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:605881 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:605779 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:605785 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure. oval:org.secpod.oval:def:605782 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure. oval:org.secpod.oval:def:610380 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20 ... oval:org.secpod.oval:def:612871 Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:612889 It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. oval:org.secpod.oval:def:610512 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:610641 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610638 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610503 It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed . oval:org.secpod.oval:def:610282 It was discovered that a buffer overflow in GraphicsMagick, a collection of image processing tools, could potentially result in the execution of arbitrary code when processing a malformed MIFF image. oval:org.secpod.oval:def:612647 A buffer overflow was found in file, a file type classification tool, which may result in denial of service if a specially crafted file is processed. oval:org.secpod.oval:def:610434 Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:610363 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing. oval:org.secpod.oval:def:610367 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing. oval:org.secpod.oval:def:610354 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. oval:org.secpod.oval:def:610640 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:610507 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing. oval:org.secpod.oval:def:610514 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:612992 This update fixes multiple vulnerabilities in Imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:613008 It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have. oval:org.secpod.oval:def:613007 Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service. oval:org.secpod.oval:def:613020 It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files. oval:org.secpod.oval:def:605788 Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed images are processed. oval:org.secpod.oval:def:610360 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610404 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610508 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610362 Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure. oval:org.secpod.oval:def:612676 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel code which may result in denial of service . CVE-2023-4236 Robert Story discovered that a flaw in the networking code handling DNS-over-TLS querie ... oval:org.secpod.oval:def:606070 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:606182 The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters for a namespace separator . Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. For the oldstable distribution , this problem ... oval:org.secpod.oval:def:613060 Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state , TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. oval:org.secpod.oval:def:613002 Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting. oval:org.secpod.oval:def:612740 A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 . A wrong value for the overheadcount variable forced HTTP2 connections to close early. oval:org.secpod.oval:def:613046 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes. oval:org.secpod.oval:def:613023 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing. oval:org.secpod.oval:def:613024 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects. oval:org.secpod.oval:def:613004 Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid"s HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow wh ... oval:org.secpod.oval:def:610505 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a reques ... oval:org.secpod.oval:def:605775 Several vulnerabilities were discovered in Flatpak, an application deployment framework for desktop apps. CVE-2021-43860 Ryan Gonzalez discovered that Flatpak didn"t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the ap ... oval:org.secpod.oval:def:612880 Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk. oval:org.secpod.oval:def:612865 Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file. oval:org.secpod.oval:def:610356 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-2873 Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 2.0 host controller driver may result in denial of serv ... oval:org.secpod.oval:def:610253 Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code. oval:org.secpod.oval:def:606124 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-36310 A flaw was discovered in the KVM implementation for AMD processors, which could lead to an infinite loop. A malicious VM guest could exploi ... oval:org.secpod.oval:def:605760 The Qualys Research Labs discovered a local privilege escalation in PolicyKit"s pkexec. Details can be found in the Qualys advisory at https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt oval:org.secpod.oval:def:605955 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-22589 Heige and Bo Qu discovered that processing a maliciously crafted mail message may lead to running arbitrary javascript. CVE-2022-22590 Toan Pham discovered that processing maliciously crafted web content m ... oval:org.secpod.oval:def:605954 The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22589 Heige and Bo Qu discovered that processing a maliciously crafted mail message may lead to running arbitrary javascript. CVE-2022-22590 Toan Pham discovered that processing maliciously crafted web content ... oval:org.secpod.oval:def:605787 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30934 Dani Biro discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30936 Chijin Zhou discovered that processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:605781 The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30934 Dani Biro discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30936 Chijin Zhou discovered that processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:610359 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. oval:org.secpod.oval:def:608615 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, a bypass of certificate verification or prototype pollution. oval:org.secpod.oval:def:605665 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30846 Sergei Glazunov discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30851 Samuel Gross discovered that processing maliciously crafted web content may l ... oval:org.secpod.oval:def:605664 The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30846 Sergei Glazunov discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30851 Samuel Gross discovered that processing maliciously crafted web content may le ... oval:org.secpod.oval:def:607889 The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-26700 ryuzaki discovered that processing maliciously crafted web content may lead to code execution. CVE-2022-26709 Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary c ... oval:org.secpod.oval:def:607887 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-26700 ryuzaki discovered that processing maliciously crafted web content may lead to code execution. CVE-2022-26709 Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:610403 Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The backports of fixes for CVE-2022-3437 accidentally inverted important memory comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check handlers for gssapi, resulting in ... oval:org.secpod.oval:def:610435 Patrick Monnerat discovered that Curl"s support for "chained" HTTP compression algorithms was susceptible to denial of service. oval:org.secpod.oval:def:610243 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42799 Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. CVE-2022-42823 Dohyun Lee discovered that processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:610242 The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42799 Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. CVE-2022-42823 Dohyun Lee discovered that processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:605951 Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service. oval:org.secpod.oval:def:612875 It was reported that the BlueZ"s HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to true to make sure that input connections only come from bonded device connections. oval:org.secpod.oval:def:612890 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:612879 Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUse ... oval:org.secpod.oval:def:612881 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:610513 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. CVE-2023-28484 A NULL pointer dereference flaw when parsing invalid XML schemas may result in denial of service. CVE-2023-29469 It was reported that when hashing empty string ... oval:org.secpod.oval:def:610579 Multiple issues were found in GPAC multimedia framework, whcih could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:612867 Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. oval:org.secpod.oval:def:612870 The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available. oval:org.secpod.oval:def:612884 Several vulnerabilities were discovered in libssh, a tiny C SSH library. CVE-2023-6004 It was reported that using the ProxyCommand or the ProxyJump feature may allow an attacker to inject malicious code through specially crafted hostnames. CVE-2023-6918 Jack Weinstein reported that missing checks fo ... oval:org.secpod.oval:def:612722 Maxim Suhanov discovered multiple vulnerabilities in GURB2"s code to handle NTFS filesystems, which may result in a Secure Boot bypass. oval:org.secpod.oval:def:612709 Multiple security vulnerabilities were discovered in libxpm, the X11 pixmap library, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:612707 Multiple security vulnerabilities were discovered in libx11, the X11 client-side library, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:612733 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-39928 Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. CVE-2023-41074 Junsung Lee a ... oval:org.secpod.oval:def:610583 Two security issues were discocvered in LibreOffice, which could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowlegded loading of linked documents within a floating frame. oval:org.secpod.oval:def:613062 Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. oval:org.secpod.oval:def:613065 It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. oval:org.secpod.oval:def:613066 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:613061 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. oval:org.secpod.oval:def:613067 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:613068 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:613076 Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed. oval:org.secpod.oval:def:613069 Charles Fol discovered that the iconv function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:610379 Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user. oval:org.secpod.oval:def:610582 Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed. oval:org.secpod.oval:def:613074 Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:613063 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the poss ... oval:org.secpod.oval:def:610364 Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format library and tools, which may cause denial of service when processing a crafted TIFF image. oval:org.secpod.oval:def:610377 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42826 Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-23517 YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun ... oval:org.secpod.oval:def:610378 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42826 Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-23517 YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun ... oval:org.secpod.oval:def:613057 Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. oval:org.secpod.oval:def:98272 pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string v ... oval:org.secpod.oval:def:613005 It was discovered that the uv_getaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. oval:org.secpod.oval:def:612885 It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed. oval:org.secpod.oval:def:612878 An important security issue was discovered in Chromium, which could result in the execution of arbitrary code. Google is aware that an exploit for CVE-2023-7024 exists in the wild. oval:org.secpod.oval:def:612872 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42883 The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service. oval:org.secpod.oval:def:612866 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42916 Clement Lecigne discovered that processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. CVE-2023-42917 Clement Lecigne discov ... oval:org.secpod.oval:def:612723 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service or information disclosure oval:org.secpod.oval:def:612649 Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:610588 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported ... oval:org.secpod.oval:def:610639 Two vunerabilities were discovered in c-ares, an asynchronous name resolver library: CVE-2023-31130 ares_inet_net_pton is found to be vulnerable to a buffer underflow for certain ipv6 addresses, in particular '0::00:00:00/2' was found to cause an issue. c-ares only uses this function internally for ... oval:org.secpod.oval:def:610427 Brief introduction CVE-2023-22490 yvvdwf found a data exfiltration vulnerbility while performing local clone from malicious repository even using a non-local transport. CVE-2023-23946 Joern Schneeweisz found a path traversal vulnerbility in git-apply that a path outside the working tree can be overw ... oval:org.secpod.oval:def:610366 Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. This update includes two changes of behavior that may ... oval:org.secpod.oval:def:607813 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks. oval:org.secpod.oval:def:610432 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes. |
