Download
| Alert*
|
oval:org.secpod.oval:def:1801024
Alpine Linux 3.8 is installed oval:org.secpod.oval:def:1801788 Paramiko Install Doesn"t Recognize Requirement Already Met oval:org.secpod.oval:def:1801276 CVE-2018-19968: Local file inclusion through transformation feature.¶ A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any da ... oval:org.secpod.oval:def:1801287 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. Fixed In Version:¶ Irssi 1.1.2 oval:org.secpod.oval:def:1801157 A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Affected Versions:¶ phpMyAdmin versions prior to 4.8.3 oval:org.secpod.oval:def:1801066 CVE-2018-12581: XSS in Designer feature¶ A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Affected Versions:¶ phpMyAdmin versions prior to 4.8.2. oval:org.secpod.oval:def:1801084 CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1 oval:org.secpod.oval:def:1801111 CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel. Affected Versions:¶ All versions of Mbed TLS from version 1.2 upwards, including all 2.1, 2.7 and later releases. Fixed In Version:¶ Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later ... oval:org.secpod.oval:def:1801085 CVE-2017-18187: Bounds-check bypass via integer overflow in ssl_srv.c:ssl_parse_client_psk_identity¶ In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. Fixed In Vers ... oval:org.secpod.oval:def:1801278 CVE-2018-19044: kkeepalived before version 2.0.9 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/k ... oval:org.secpod.oval:def:1801403 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801317 A flaw was found in the CUPS printing server. Insufficient randomness makes session cookies predictable, breaking CSRF protection. oval:org.secpod.oval:def:1801445 The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters . oval:org.secpod.oval:def:1801182 CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. oval:org.secpod.oval:def:1801109 If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash , then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and othe ... oval:org.secpod.oval:def:1801285 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:1801562 set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file"s origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information by reading this attribute, as demonstrated by getfattr. This al ... oval:org.secpod.oval:def:1801539 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Fixed In Version:¶ git 2.19.2 oval:org.secpod.oval:def:1801413 CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection vulnerability in gem owner CVE-2019-8323: Escape sequence injection vulnerability in API response handling CVE-2019-8324: In ... oval:org.secpod.oval:def:1801300 A pointer overflow, with code execution, was discovered in ZeroMQ libzmq 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to ... oval:org.secpod.oval:def:1801305 spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2 oval:org.secpod.oval:def:1801262 CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ... oval:org.secpod.oval:def:1801163 In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ... oval:org.secpod.oval:def:1801256 steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. oval:org.secpod.oval:def:1801161 The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On sy ... oval:org.secpod.oval:def:1801607 A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5 oval:org.secpod.oval:def:1801088 A flaw was found in libvorbis 1.3.6. The mapping0_forward function in mapping0.c file in Xiph.Org does not validate the number of channels, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1802026 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and len ... oval:org.secpod.oval:def:1802046 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service . oval:org.secpod.oval:def:1801634 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. oval:org.secpod.oval:def:1801202 One heap-based out-of-bounds read vulnerabiltiy exists in libexif-0.6.21. When saving the data of an entry tagged with EXIF_TAG_MAKER_NOTE to a buffer and copying the data of the exif entry, there is a mismatch between the computed read size of the entry data and the size of the allocated entry data ... oval:org.secpod.oval:def:1801090 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. oval:org.secpod.oval:def:1801333 Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ... oval:org.secpod.oval:def:1801431 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:1801440 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:1801269 CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service . oval:org.secpod.oval:def:1801339 In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:1801538 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive informat ... oval:org.secpod.oval:def:1801541 CVE-2018-10851: Crafted zone record can cause a denial of service¶ An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The iss ... oval:org.secpod.oval:def:1801537 CVE-2018-10851: Crafted answer can cause a denial of service¶ An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records. The issue is due to the fact that some memory is allocated before the parsing and is ... oval:org.secpod.oval:def:1801176 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:1801393 CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. Fixed In Version:¶ ClamAV 0.100.3 oval:org.secpod.oval:def:1801424 Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. oval:org.secpod.oval:def:1801323 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. oval:org.secpod.oval:def:1801786 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-logi ... oval:org.secpod.oval:def:1801742 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak oval:org.secpod.oval:def:1802016 All Xen versions back to at least 3.2 are vulnerable. oval:org.secpod.oval:def:1801768 A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.If samba is set with "log level = 3" then the string obtained from the client, after a failed character conversion, is printed. Such strings ... oval:org.secpod.oval:def:1801623 Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration. Refe ... oval:org.secpod.oval:def:1802025 Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:1801411 CVE-2018-5743: Limiting simultaneous TCP clients is ineffective¶ By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. U ... oval:org.secpod.oval:def:1801605 empty oval:org.secpod.oval:def:1801613 empty oval:org.secpod.oval:def:1801618 nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely . oval:org.secpod.oval:def:1801609 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. oval:org.secpod.oval:def:1801603 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. oval:org.secpod.oval:def:1801428 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801469 JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delive ... oval:org.secpod.oval:def:1801436 CVE-2019-11454: cross-site scripting in Persistent cross-site scripting in in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is ... oval:org.secpod.oval:def:1801392 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801388 Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within ... oval:org.secpod.oval:def:1801342 CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2 oval:org.secpod.oval:def:1801335 A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could ... oval:org.secpod.oval:def:1801331 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801295 Subversion 1.10.0 introduced server-side support for recursive directory listing operations. The implementation in mod_dav_svn failed to validate the root path of the directory listing provided by the client. If the client omits the root path, mod_dav_svn will deference an uninitialized pointer vari ... oval:org.secpod.oval:def:1801326 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:1801299 Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, ... oval:org.secpod.oval:def:1801183 CVE-2018-4246 Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. Versions affected: WebKitGTK+ before 2.20.4 CVE-2018-4261 Processing maliciously crafted web content may lead to arbitrary code execution ... oval:org.secpod.oval:def:1801290 commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. oval:org.secpod.oval:def:1801325 Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found view. Fixed In Version: ... oval:org.secpod.oval:def:1801065 A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash. Fixed in:¶ Firefox ESR 52.8.1 oval:org.secpod.oval:def:1801313 CVE-2019-5717: P_MUL dissector crash¶ Affected versions: 2.6.0 to 2.6.5, 2.4.0 to 2.4.11 Fixed versions: 2.6.6, 2.4.12 oval:org.secpod.oval:def:1801274 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:1801272 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan. oval:org.secpod.oval:def:1801259 CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3 oval:org.secpod.oval:def:1801306 CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. oval:org.secpod.oval:def:1801263 CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26 oval:org.secpod.oval:def:1801318 CVE-2018-16737: tinc 1.0.29 and earlier allow an oracle attack that could allow a remote attacker to establish one-way communication with a tinc node, allowing it to send fake control messages and inject packets into the VPN. The attack takes only a few seconds to complete. Tinc 1.1pre14 and earlier ... oval:org.secpod.oval:def:1801197 The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2. oval:org.secpod.oval:def:1801548 CVE-2018-16151: In verify_emsa_pkcs1_signature in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same ... oval:org.secpod.oval:def:1801203 HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file. oval:org.secpod.oval:def:1801156 CVE-2018-16056: Bluetooth Attribute Protocol dissector crash¶ Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16 Fixed versions: 2.6.3, 2.4.9, 2.2.17 oval:org.secpod.oval:def:1801204 CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ... oval:org.secpod.oval:def:1801098 In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ... oval:org.secpod.oval:def:1801561 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Rem ... oval:org.secpod.oval:def:1801103 CVE-2018-14339: MMSE dissector infinite loop Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15 Fixed versions: 2.6.2, 2.4.8, 2.2.16 oval:org.secpod.oval:def:1801114 DoS for HTTP/2 connections by crafted requests By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed In Version: Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:1801150 CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service via a crafted XML file. Fixed In Version:¶ ffmpeg 3.4.3 oval:org.secpod.oval:def:1801151 CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service via an AVI file with crafted dimensions within chroma subsampling data. oval:org.secpod.oval:def:1801288 CVE-2018-1000807: Use-after-free in X509 object handling¶ Python Cryptographic Authority pyopenssl version before 17.5.0 has a use-after-free vulnerability in X509 object handling. This can result in a denial of service or potentially even code execution. oval:org.secpod.oval:def:1801608 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:1801549 CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c¶ A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c oval:org.secpod.oval:def:1801364 CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ... oval:org.secpod.oval:def:1801542 CVE-2018-3060: mariaDB 10.2.17 CVE-2018-3064: mariaDB 10.2.17 CVE-2018-3063: mariaDB 10.2.17 CVE-2018-3058: mariaDB 10.2.17 CVE-2018-3066: mariaDB 10.2.17 CVE-2018-3282: mariaDB 10.2.19 CVE-2016-9843: mariaDB 10.2.19 CVE-2018-3174: mariaDB 10.2.19 CVE-2018-3143: mariaDB 10.2.19 CVE-2018-3156: mariaD ... oval:org.secpod.oval:def:1801312 CVE-2018-19961, CVE-2018-19962, XSA-275: insufficient TLB flushing / improper large page mappings with AMD IOMMUs oval:org.secpod.oval:def:1801267 CVE-2018-19622: MMSE dissector infinite loop¶ Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10 Fixed versions: 2.6.5, 2.4.11 oval:org.secpod.oval:def:1801220 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Fixed in Ve ... oval:org.secpod.oval:def:1801627 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." oval:org.secpod.oval:def:1801749 In PolicyKit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:1801778 A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user. oval:org.secpod.oval:def:1801188 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac1 ... oval:org.secpod.oval:def:1801426 A vulnerability was found in libpng 1.6.36. The function png_image_free in png.c has a use-after-free because png_image_free_function is called under png_safe_execute. This flaw is in the PNG Simplified API, which was introduced upstream in libpng-1.6.0. Previous versions of libpng are not affected. oval:org.secpod.oval:def:1801158 CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ... oval:org.secpod.oval:def:1801559 An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix fo ... oval:org.secpod.oval:def:1802021 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:1801402 CVE-2018-14647: Missing salt initialization in _elementtree.c module¶ A flaw was found in python"s _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don"t call XML_SetHashSalt, failing to properly initiate the random hash seed from a good CSPRNG source and making ... oval:org.secpod.oval:def:1801105 CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ... oval:org.secpod.oval:def:1801509 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. oval:org.secpod.oval:def:1801297 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... |
