Download
| Alert*
|
oval:org.secpod.oval:def:1801625
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. oval:org.secpod.oval:def:1801482 The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters . oval:org.secpod.oval:def:1801616 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. in a z ... oval:org.secpod.oval:def:1801473 Alpine Linux 3.10 is installed oval:org.secpod.oval:def:1801827 There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context. oval:org.secpod.oval:def:1801607 A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5 oval:org.secpod.oval:def:1802042 CVE-2019-6290: An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of ���{��� characters. Remote attack ... oval:org.secpod.oval:def:1802046 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service . oval:org.secpod.oval:def:1802004 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ... oval:org.secpod.oval:def:1802026 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and len ... oval:org.secpod.oval:def:1802015 A vulnerability was found in ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. oval:org.secpod.oval:def:1802019 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. oval:org.secpod.oval:def:1801634 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. oval:org.secpod.oval:def:1802008 A Denial-of-Service vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. oval:org.secpod.oval:def:1801680 openjdk8 vulnerability oval:org.secpod.oval:def:1801476 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:1801863 A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to e ... oval:org.secpod.oval:def:1801751 Fixed In Version: postgresql 12.4, postgresql 11.9, postgresql 10.14 oval:org.secpod.oval:def:1802050 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.added Normal tag:security type:bug + 1 deleted l ... oval:org.secpod.oval:def:1802039 A heap-buffer overwrites error was discovered in lib/openjp2/mqc.c in OpenJPEG 2.3.1. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:1801872 On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters , Git could be fooled into running remote code during a clone.added edge tag:security v3.10 v3.11 v3.12 v3.13 labels oval:org.secpod.oval:def:1801873 A flaw was found in openjpeg"s src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as sy ... oval:org.secpod.oval:def:1802071 Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). This happened due to earlier MIME parsing changes for CVE-2020-12100. oval:org.secpod.oval:def:1802023 The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN function. oval:org.secpod.oval:def:1801786 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-logi ... oval:org.secpod.oval:def:1801742 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak oval:org.secpod.oval:def:1802016 All Xen versions back to at least 3.2 are vulnerable. oval:org.secpod.oval:def:1802035 qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:1801768 A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.If samba is set with "log level = 3" then the string obtained from the client, after a failed character conversion, is printed. Such strings ... oval:org.secpod.oval:def:1801679 It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.marked the task master as completedmarked the task 3.11-stable as completed oval:org.secpod.oval:def:1801998 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table . oval:org.secpod.oval:def:1801999 Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. oval:org.secpod.oval:def:1802066 By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client c ... oval:org.secpod.oval:def:1801623 Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration. Refe ... oval:org.secpod.oval:def:1802048 This is another instance of a highly priviledged operator being accessible by specially crafted Postscript code, that can be used to break out of the -dSAFER limitations. It was found that .forceput operator was present and unprotected in the .charkeys method and could be retrieved via manipulation ... oval:org.secpod.oval:def:1802025 Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:1801612 A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. oval:org.secpod.oval:def:1802013 LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 , affecting applications that call LZ4_compress_fast with a large input. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." oval:org.secpod.oval:def:1801483 CVE-2018-5743: Limiting simultaneous TCP clients is ineffective¶ By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. U ... oval:org.secpod.oval:def:1801628 libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge in soup-auth-ntlm.c does not properly check an NTLM message"s length before proceeding with a memcpy. oval:org.secpod.oval:def:1801605 empty oval:org.secpod.oval:def:1802011 CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem. CVE-2018-10103: Fixed a mishandling of the printing of SMB data. CVE-2018-10105: Fixed a mishandling of the printing of SMB data. CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print. CVE-2 ... oval:org.secpod.oval:def:1801611 made the issue visible to everyone oval:org.secpod.oval:def:1801622 There is a heap-based buffer overflow in string_vformat . The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist ... oval:org.secpod.oval:def:1801613 empty oval:org.secpod.oval:def:1801621 It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. oval:org.secpod.oval:def:1801624 A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. oval:org.secpod.oval:def:1801615 On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file. The problem is reproducable if the "wide links" option is explicitly set to "yes" and either "unix extensions = no" or ... oval:org.secpod.oval:def:1801618 nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely . oval:org.secpod.oval:def:1801609 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. oval:org.secpod.oval:def:1801603 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. oval:org.secpod.oval:def:1801481 CVE-2019-12435: Samba AD DC Denial of Service in DNS management server ¶ The dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. An authenticated user can crash the RPC server process via a NULL pointer de-reference. There is no further vulnerability associat ... oval:org.secpod.oval:def:1801477 dbus is the reference implementation of D-Bus, an asynchronous inter-process communication system commonly used for system services or within a desktop session on Linux and other operating systems. Joe Vennix of Apple Information Security discovered an implementation flaw in the DBUS_COOKIE_SHA1 aut ... oval:org.secpod.oval:def:1801480 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. oval:org.secpod.oval:def:1801475 It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14 Fixed versions: 3.0.2, 2.6.9, 2.4.15 oval:org.secpod.oval:def:1801472 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801484 The EAP-pwd implementation in hostapd before 2.8 and wpa_supplicant before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference . This affects eap_server/e ... oval:org.secpod.oval:def:1801486 The EAP-pwd implementation in hostapd before 2.8 and wpa_supplicant before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference . This affects eap_server/e ... oval:org.secpod.oval:def:1801479 JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delive ... oval:org.secpod.oval:def:1801532 An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. Update to hostapd v2.8 or newer, once available. oval:org.secpod.oval:def:1801485 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801601 There is floating point exception at caca/dither.c in libcaca 0.99.beta19.There is an illegal WRITE memory access at common-image.c in libcaca 0.99.beta19 for 4bpp data.There is an illegal READ memory access at caca/dither.c in libcaca 0.99.beta19 for the default bpp case.There is an illegal READ ... oval:org.secpod.oval:def:1801608 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:1802044 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. oval:org.secpod.oval:def:1801876 empty oval:org.secpod.oval:def:1801877 empty oval:org.secpod.oval:def:1801627 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." oval:org.secpod.oval:def:1801752 Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning. Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTT ... oval:org.secpod.oval:def:1801778 A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user. oval:org.secpod.oval:def:1802030 General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported . Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. oval:org.secpod.oval:def:1801474 A vulnerability was found in libpng 1.6.36. The function png_image_free in png.c has a use-after-free because png_image_free_function is called under png_safe_execute. This flaw is in the PNG Simplified API, which was introduced upstream in libpng-1.6.0. Previous versions of libpng are not affected. oval:org.secpod.oval:def:1802049 An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or ot ... oval:org.secpod.oval:def:1802031 An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or o ... oval:org.secpod.oval:def:1801620 empty oval:org.secpod.oval:def:1802060 An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or o ... oval:org.secpod.oval:def:1802021 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:1801478 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. Fixed In Version:¶ drupal 7.66 oval:org.secpod.oval:def:1801505 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. oval:org.secpod.oval:def:1801864 A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Versions Affected: 2.4.20 to 2.4.43mod_proxy_uwsgi info disclosure and possible RCE. Versions Affected: 2.4.32 to 2.4.44When trace/ ... |
