Download
| Alert*
|
oval:org.secpod.oval:def:1700001
Amazon Linux 2 is installed oval:org.secpod.oval:def:1700068 A heap-based buffer overflow has been found in the Curl_smtp_escape_eob function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory. oval:org.secpod.oval:def:1700065 A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it. oval:org.secpod.oval:def:1700031 Authentication bypass allows to install signed packages without administrator privilegesAn authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages ... oval:org.secpod.oval:def:1700028 Debug parameter removal bypass, allowing information disclosureIt was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to eleva ... oval:org.secpod.oval:def:1700027 This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost.This update adds the OCSPaia option to ... oval:org.secpod.oval:def:1700022 Failure to handle errors when attempting to drop group privileges:mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors oval:org.secpod.oval:def:1700173 FreeRADIUS mishandles the each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used protection mechanism, aka a Dragonblood issue, a similar issue to CVE-2019-9498 and CVE-2019-9499 .FreeRADIUS before 3.0.19 doe ... oval:org.secpod.oval:def:1700176 Flatpak allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox afte ... oval:org.secpod.oval:def:1700161 Earlier versions of Openwsman are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server oval:org.secpod.oval:def:1700151 Images built for the Amazon Linux 2.0.20190313 release included system files with incorrect permissions applied.Incorrect permissions were applied to the following file:/etc/shadowAll users should upgrade to this updated package which corrects permissions for these files if they are not already in t ... oval:org.secpod.oval:def:1700141 Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user#039;s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/ ... oval:org.secpod.oval:def:1700128 Images built for the Amazon Linux 2.0.20190218 release included system files with incorrect permissions applied.Incorrect permissions were applied to files including:/etc/fstab/etc/localtime/etc/image-id/etc/sysconfig/i18n/etc/sysconfig/clock/etc/sysconfig/keyboard/etc/sysctl.d/99-amazon.conf/var/li ... oval:org.secpod.oval:def:1700085 A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.A race condition was found in the way 38 ... oval:org.secpod.oval:def:1700088 It was found that flatpak#039;s D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface. oval:org.secpod.oval:def:1700293 A flaw was found in the "deref" plugin of 389-ds-base where it could use the "search" permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes oval:org.secpod.oval:def:1700288 UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information , cause a denial of service , or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.An uncontrolled format ... oval:org.secpod.oval:def:1700279 A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. oval:org.secpod.oval:def:1700268 A buffer overflow flaw was found in the unicode_to_ansi_copy function of unixODBC. This overflow is not directly controllable by an attacker making the maximum potential impact a crash or denial of service.An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC. This could ... oval:org.secpod.oval:def:1700262 A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM#039;s comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clu ... oval:org.secpod.oval:def:1700258 Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. oval:org.secpod.oval:def:1700719 Update of ca-certificates to version 2021.2.50-72.amzn2.0.1 addresses the expiring IdentTrust DST Root CA X3, which affected some Let's Encrypt TLS certificates. The effect of the expiring certificate would be an inability of OpenSSL to validate impacted certificates issued by Let's Encrypt. Impacte ... oval:org.secpod.oval:def:1701076 A vulnerability was found in BlueZ. This flaw allows physically proximate attackers to obtain sensitive information because the profiles/audio/avrcp.c does not validate params_len oval:org.secpod.oval:def:1701159 A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1701226 Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks oval:org.secpod.oval:def:1701200 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untr ... oval:org.secpod.oval:def:48803 Audit rules about the Information on the Use of Privileged Commands are enabled oval:org.secpod.oval:def:48800 The oddjobd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:1701296 When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload oval:org.secpod.oval:def:48768 The kdump service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48770 The cgred service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48776 The cgconfig service should be disabled if possible. oval:org.secpod.oval:def:48774 The certmonger service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48772 The cpuspeed service should be disabled if possible. oval:org.secpod.oval:def:48779 The acpid service should be disabled if possible. oval:org.secpod.oval:def:48780 The netconsole service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48788 Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48786 The SELinux state should be set appropriately. oval:org.secpod.oval:def:48787 The rdisc service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48784 The messagebus service should be disabled if possible. oval:org.secpod.oval:def:48785 Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately. oval:org.secpod.oval:def:48782 The mdmonitor service should be disabled if possible. oval:org.secpod.oval:def:48791 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". oval:org.secpod.oval:def:48792 The quota_nld service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48790 The Apache qpidd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48798 The ntpdate service should be disabled if possible. oval:org.secpod.oval:def:48796 The psacct service should be enabled if possible. oval:org.secpod.oval:def:48794 The portreserve service should be disabled if possible. oval:org.secpod.oval:def:48728 Directory permissions for /var/log/httpd should be set appropriately. oval:org.secpod.oval:def:48725 The /etc/httpd/conf/* files should have the appropriate permissions. oval:org.secpod.oval:def:48735 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48744 The squid service should be disabled if possible. oval:org.secpod.oval:def:48745 The rsh service should be disabled if possible. oval:org.secpod.oval:def:48740 The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system. oval:org.secpod.oval:def:48741 The snmpd service should be disabled if possible. oval:org.secpod.oval:def:48748 The rlogin service should be disabled if possible. oval:org.secpod.oval:def:48749 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:48753 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:48754 The rexec service should be disabled if possible. oval:org.secpod.oval:def:48750 The Samba (SMB) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48766 The irqbalance service should be enabled if possible. oval:org.secpod.oval:def:48764 Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48762 The ypbind service should be disabled if possible. oval:org.secpod.oval:def:48763 The tftp service should be disabled if possible. oval:org.secpod.oval:def:48760 The TFTP daemon should use secure mode. oval:org.secpod.oval:def:48709 mod_ssl package installation should be configured appropriately. oval:org.secpod.oval:def:48712 Restrict Web Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48717 Restrict Root Directory (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48714 Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48723 Directory permissions for /etc/httpd/conf/ should be set as appropriate. oval:org.secpod.oval:def:48899 Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48896 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. oval:org.secpod.oval:def:48897 Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48893 Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48849 The autofs service should be disabled if possible. oval:org.secpod.oval:def:48847 The yum-updatesd service should be disabled oval:org.secpod.oval:def:48845 The rsyslog service should be enabled if possible. oval:org.secpod.oval:def:48853 Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately. oval:org.secpod.oval:def:48850 Verify which group owns the /boot/grub2/grub.cfg file. oval:org.secpod.oval:def:48859 Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ... oval:org.secpod.oval:def:48856 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:48865 The abrtd service should be disabled if possible. oval:org.secpod.oval:def:48866 The '/boot/grub2/grub.cfg' file should be owned by appropriate User. oval:org.secpod.oval:def:48863 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:48860 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:48869 The rpcsvcgssd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48867 The nfs service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48876 The vsftpd service should be disabled if possible. oval:org.secpod.oval:def:48877 Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately. oval:org.secpod.oval:def:48879 The auditd service should be enabled if possible. oval:org.secpod.oval:def:48880 The named service should be disabled if possible. oval:org.secpod.oval:def:48886 The httpd service should be disabled if possible. oval:org.secpod.oval:def:48881 Check if SplitHosts line in logwatch.conf is set appropriately. oval:org.secpod.oval:def:48808 Audit rules should be configured to log successful and unsuccessful logon and logout events. oval:org.secpod.oval:def:48809 The xinetd service should be disabled if possible. oval:org.secpod.oval:def:48813 Ensure all yum repositories utilize signature checking. oval:org.secpod.oval:def:48821 The file /etc/pam.d/system-auth should not contain the nullok option oval:org.secpod.oval:def:48824 System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately. oval:org.secpod.oval:def:48833 Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48831 The HTTPD Proxy Module Support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48838 Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48839 File permissions for '/boot/grub2/grub.cfg' should be set appropriate. oval:org.secpod.oval:def:48835 Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48844 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:48840 Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48967 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:48975 The bluetooth service should be disabled if possible. oval:org.secpod.oval:def:48974 The RPC IPv6 Support should be configured appropriately based rpc services. oval:org.secpod.oval:def:48970 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48977 The postfix service should be enabled if possible. oval:org.secpod.oval:def:48987 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:48985 DHCP configuration should be static for all interfaces. oval:org.secpod.oval:def:48980 The ntpd service should be enable or disable as appropriate. oval:org.secpod.oval:def:48998 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. oval:org.secpod.oval:def:48991 Manually configure addresses for IPv6 oval:org.secpod.oval:def:48927 The sysstat service should be disabled if possible. oval:org.secpod.oval:def:48924 The smartd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48923 The saslauthd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48932 The atd service should be disabled if possible. oval:org.secpod.oval:def:48930 The ability for users to perform interactive startups should be disabled. oval:org.secpod.oval:def:48937 The crond service should be enabled if possible. oval:org.secpod.oval:def:48934 The sshd service should be disabled if possible. oval:org.secpod.oval:def:48941 Configure the system to notify users of last logon/access using pam_lastlog. oval:org.secpod.oval:def:48948 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate. oval:org.secpod.oval:def:48946 The pcscd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48947 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. oval:org.secpod.oval:def:48944 The avahi-daemon service should be disabled if possible. oval:org.secpod.oval:def:48945 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:48953 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ... oval:org.secpod.oval:def:48950 The dhcpd service should be disabled if possible. oval:org.secpod.oval:def:48959 The cups service should be disabled if possible. oval:org.secpod.oval:def:48957 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48955 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ... oval:org.secpod.oval:def:48965 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:48960 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:48961 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:48905 Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48903 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:48901 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:48908 Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48909 System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately. oval:org.secpod.oval:def:48910 Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:49008 The rpcidmapd service should be disabled if possible. oval:org.secpod.oval:def:49004 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate. oval:org.secpod.oval:def:49005 The rpcgssd service should be disabled if possible. oval:org.secpod.oval:def:49002 The netfs service should be disabled if possible. oval:org.secpod.oval:def:49012 Enable privacy extensions for IPv6 oval:org.secpod.oval:def:49010 The iptables service should be enabled if possible. oval:org.secpod.oval:def:49016 Define default gateways for IPv6 traffic oval:org.secpod.oval:def:49014 The nfslock service should be disabled if possible. oval:org.secpod.oval:def:72982 The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivil ... oval:org.secpod.oval:def:48996 Protect against unnecessary release of information. oval:org.secpod.oval:def:48887 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:72969 If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate. oval:org.secpod.oval:def:72958 SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into ... oval:org.secpod.oval:def:72952 Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug a computer into a network and Avahi automat ... oval:org.secpod.oval:def:48827 The RPM package telnet should be installed. oval:org.secpod.oval:def:48868 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:72955 iptables allows configuration of the IPv4 tables in the linux kernel and the rules stored within them. Most firewall configuration utilities operate as a front end to iptables. oval:org.secpod.oval:def:48902 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:48935 The default umask for all users should be set correctly oval:org.secpod.oval:def:48973 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:48976 Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately. oval:org.secpod.oval:def:48738 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:48963 Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately. oval:org.secpod.oval:def:48789 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:48731 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:72991 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. oval:org.secpod.oval:def:48929 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:48848 The kernel module tipc should be disabled. oval:org.secpod.oval:def:49015 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:48711 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:48874 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:48733 Configure Dovecot to Use the SSL Key file should be configured appropriately. oval:org.secpod.oval:def:48730 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:48900 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:48907 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72956 Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub boot parameters. Rationale: SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are not overridden. oval:org.secpod.oval:def:72963 To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartups to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:48891 Restrict Access to Anonymous Users should be configured appropriately. oval:org.secpod.oval:def:48842 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:48949 The RPM package screen should be installed. oval:org.secpod.oval:def:48742 The RPM package ypserv should be removed. oval:org.secpod.oval:def:48986 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:48722 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:48952 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:48904 The RPM package httpd should be removed. oval:org.secpod.oval:def:48871 rsyslogd should reject remote messages oval:org.secpod.oval:def:48916 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48885 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:48951 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:48710 The password minimum length should be set appropriately. oval:org.secpod.oval:def:72953 The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability. oval:org.secpod.oval:def:48926 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:48830 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:48852 The kernel module dccp should be disabled. oval:org.secpod.oval:def:48775 The RPM package rsh should be installed. oval:org.secpod.oval:def:48757 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48912 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48826 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:48718 All password hashes should be shadowed. oval:org.secpod.oval:def:49013 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48858 Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:48769 The RPM package ypbind should be installed. oval:org.secpod.oval:def:48756 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:72961 The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure. oval:org.secpod.oval:def:48807 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49001 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:72964 When usePAM is set to yes, PAM runs through account and session types properly. This is important if you want to restrict access to services based off of IP, time or other factors of the account. Additionally, you can make sure users inherit certain environment variables on login or disallow access ... oval:org.secpod.oval:def:49011 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:48994 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:48917 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48851 The RPM package libreswan should be installed. oval:org.secpod.oval:def:48836 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:48982 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:72954 Ensure LDAP Client is not installed oval:org.secpod.oval:def:48942 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:48931 Limit Users SSH Access should be configured appropriately. oval:org.secpod.oval:def:72988 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48915 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48834 The kernel module sctp should be disabled. oval:org.secpod.oval:def:48724 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:48715 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48938 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:72966 The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. Windows desktop users will be able to mount these directories ... oval:org.secpod.oval:def:48737 SSL capabilities should be enabled for the mail server. oval:org.secpod.oval:def:48872 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:48981 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:72948 Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or /etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribu ... oval:org.secpod.oval:def:48972 The RPM package sendmail should be removed. oval:org.secpod.oval:def:48773 The RPM package mcstrans should be installed. oval:org.secpod.oval:def:72967 The X Window System provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Windows system is typically used on workstations where users login, but not on servers where users typically do not login. oval:org.secpod.oval:def:72987 Since the /var/tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:48739 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:48804 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:49000 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:48918 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72979 A firewall zone defines the trust level for a connection, interface or source address binding. This is a one to many relation, which means that a connection, interface or source can only be part of one zone, but a zone can be used for many network connections, interfaces and sources. oval:org.secpod.oval:def:72997 The contents of the /var/lib/update-motd/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:48913 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48999 The kernel module rds should be disabled. oval:org.secpod.oval:def:72978 TMOUT is an environmental setting that determines the timeout of a shell in seconds. oval:org.secpod.oval:def:48801 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:72983 Since the user partitions are not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:48814 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:48892 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:48875 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:48855 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:48966 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:48767 The RPM package talk-server should be installed. oval:org.secpod.oval:def:48752 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:48799 Core dumps for all users should be disabled oval:org.secpod.oval:def:48747 The RPM package squid should be removed. oval:org.secpod.oval:def:48997 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:72975 Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters. oval:org.secpod.oval:def:72962 To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of sshd logins and prevent overwhelming the daemon. oval:org.secpod.oval:def:48783 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48726 The mod_security package installation should be configured appropriately. oval:org.secpod.oval:def:48727 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:48925 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:48890 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:48761 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:48758 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:48969 The Kernel Parameter for Accepting Source-Routed Packets By Default and All interfaces should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48719 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:48797 The daemon umask should be set as appropriate oval:org.secpod.oval:def:48806 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:org.secpod.oval:def:72981 The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. oval:org.secpod.oval:def:48843 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:72996 It is critical to ensure that the /etc/passwd- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions. oval:org.secpod.oval:def:48984 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:72957 SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory access control) as contrary to the DAC (Discretionary access control). oval:org.secpod.oval:def:48828 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:48811 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:48958 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:72973 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk oval:org.secpod.oval:def:48825 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:72971 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:48928 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:48820 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:72984 Since the /tmp partition is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices. oval:org.secpod.oval:def:72992 There are two important reasons to ensure that system logs are stored on a separate partition: protection against resource exhaustion (since logs can grow quite large) and protection of audit data. oval:org.secpod.oval:def:48815 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:48939 The default umask for users of the bash shell oval:org.secpod.oval:def:48765 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48888 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:48983 Logging (/etc/rsyslog.conf) should be configured appropriately. oval:org.secpod.oval:def:74450 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:72970 If a users recorded password change date is in the future then they could bypass any set password expiration. oval:org.secpod.oval:def:48920 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:72995 The /etc/shadow- file is used to store backup information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:48729 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48862 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:49003 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48751 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:48914 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48962 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:48898 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:48978 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:72960 Setting the LoginGraceTime parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. It will also limit the number of concurrent unauthenticated connections While the recommended setting is 60 seconds (1 Minute), set the number based on site policy. oval:org.secpod.oval:def:48734 The kernel module hfs should be disabled. oval:org.secpod.oval:def:72951 The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su co ... oval:org.secpod.oval:def:48805 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:72999 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:72959 SSH provides several logging levels with varying amounts of verbosity. DEBUG is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. INFO level is the basic level that only re ... oval:org.secpod.oval:def:72965 Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disa ... oval:org.secpod.oval:def:48883 Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately. oval:org.secpod.oval:def:48746 The system login banner text should be set correctly. oval:org.secpod.oval:def:48841 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:48854 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:48793 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:48919 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48837 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:48829 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:48755 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72968 Groups defined in the /etc/passwd file but not in the /etc/group file pose a threat to system security since group permissions are not properly managed. oval:org.secpod.oval:def:48743 Audit files deletion events. oval:org.secpod.oval:def:48819 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:48878 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:72985 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48954 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:48968 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:48884 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:48771 The RPM package tftp should be installed. oval:org.secpod.oval:def:48720 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72994 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:72986 Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48736 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:48992 The password minclass should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:72977 Ensure default group for the root account is GID 0 oval:org.secpod.oval:def:48832 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:48911 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:48732 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:48870 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:48921 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:49007 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:48873 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:72950 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system ... oval:org.secpod.oval:def:48817 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:72949 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:48988 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:48795 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:48956 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:48889 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:72989 Since the /var/tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp oval:org.secpod.oval:def:48906 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:48713 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:48936 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:48940 Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately. oval:org.secpod.oval:def:72980 The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unau ... oval:org.secpod.oval:def:48721 The RPM package dovecot should be removed. oval:org.secpod.oval:def:48990 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:72990 The /home directory is used to support disk storage needs of local users. oval:org.secpod.oval:def:48781 The RPM package talk should be installed. oval:org.secpod.oval:def:48861 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:48882 The RPM package bind should be removed. oval:org.secpod.oval:def:48979 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:48759 Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:48816 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:48846 Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:48810 The RPM package xinetd should be removed. oval:org.secpod.oval:def:48894 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:48864 The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:48778 The RPM package setroubleshoot should be installed. oval:org.secpod.oval:def:48802 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:48993 Postfix network listening should be disabled oval:org.secpod.oval:def:48971 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:48895 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:48812 The passwords to remember should be set correctly. oval:org.secpod.oval:def:72993 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:48964 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:49009 The RPM package aide should be installed. oval:org.secpod.oval:def:48943 Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately. oval:org.secpod.oval:def:48822 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:72998 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. oval:org.secpod.oval:def:48933 The default umask for users of the csh shell oval:org.secpod.oval:def:49006 Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:48716 File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:48818 Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:48989 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:48823 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:48995 The password warning age should be set appropriately. oval:org.secpod.oval:def:48922 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:48777 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:48857 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:72976 chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on chrony can be found at http://chrony.tuxfamily.org/. chrony can be configured to be a client and/or a ... oval:org.secpod.oval:def:1701201 The EAP-PWD function compute_password_element leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie ... oval:org.secpod.oval:def:1700102 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory in certain cases involving the run_command API and run-command.c, because there was a dangerous change from execvp to execv during 2017. oval:org.secpod.oval:def:1700099 A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data. oval:org.secpod.oval:def:1700074 A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal ... oval:org.secpod.oval:def:1700041 Command injection vulnerability in the DHCP client NetworkManager integration script:A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network able to spoof DHCP res ... oval:org.secpod.oval:def:73049 Disable Automounting oval:org.secpod.oval:def:73047 Ensure only strong MAC algorithms are used oval:org.secpod.oval:def:73048 Ensure mounting of FAT filesystems is limited oval:org.secpod.oval:def:73045 Ensure rsyslog default file permissions configured oval:org.secpod.oval:def:73046 Ensure only strong Key Exchange algorithms are used oval:org.secpod.oval:def:73052 Ensure auditd service is enabled and running oval:org.secpod.oval:def:73050 Ensure use of privileged commands is collected oval:org.secpod.oval:def:73051 >Ensure mail transfer agent is configured for local-only mode oval:org.secpod.oval:def:73038 Ensure iptables in enabled and running oval:org.secpod.oval:def:73039 Ensure rsyslog Service is enabled and running oval:org.secpod.oval:def:73036 Ensure firewalld service is enabled and running oval:org.secpod.oval:def:73037 Ensure ip6tables in enabled and running oval:org.secpod.oval:def:73034 Ensure nftables is not installed or stopped and masked oval:org.secpod.oval:def:73035 Ensure cron daemon is enabled and running oval:org.secpod.oval:def:73043 Ensure ntp is configured oval:org.secpod.oval:def:73044 Ensure ntp is configured oval:org.secpod.oval:def:73041 Ensure rsync is not installed or the rsyncd service is masked oval:org.secpod.oval:def:73042 Ensure no users have .forward files oval:org.secpod.oval:def:73040 Ensure rpcbind is not installed or the rpcbind services are masked oval:org.secpod.oval:def:73009 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:73007 Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them. oval:org.secpod.oval:def:73008 It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Other/world should not have the ability to view this information. Group should not have the ability to modify this information. oval:org.secpod.oval:def:73005 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:73006 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:73003 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:73004 Granting write access to this directory for non-privileged users could provide them the means for gaining unauthorized elevated privileges. Granting read access to this directory could give an unprivileged user insight in how to gain elevated privileges or circumvent auditing controls. oval:org.secpod.oval:def:73001 The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file. oval:org.secpod.oval:def:73002 The /etc/cron.weekly directory contains system cron jobs that need to run on a weekly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to use ... oval:org.secpod.oval:def:73010 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and ... oval:org.secpod.oval:def:73011 Ensure users' home directories permissions are 750 or more restrictive oval:org.secpod.oval:def:73000 The file is used to store backup information about groups that is critical to the security of those accounts, such as the hashed password and other security information. oval:org.secpod.oval:def:73029 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:73027 Ensure iptables packages are installed oval:org.secpod.oval:def:73028 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:73025 Ensure no duplicate group names account oval:org.secpod.oval:def:73026 nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames and is the successor to iptables. oval:org.secpod.oval:def:73023 Ensure root is the only UID 0 account oval:org.secpod.oval:def:73024 Ensure no duplicate user names account oval:org.secpod.oval:def:73032 Ensure inactive password lock is 30 days or less oval:org.secpod.oval:def:73033 Ensure nfs-utils is not installed or the nfs-server service is masked oval:org.secpod.oval:def:73030 Ensure journald is configured to write logfiles to persistent disk oval:org.secpod.oval:def:73031 Ensure journald is configured to send logs to rsyslog oval:org.secpod.oval:def:73018 Ensure sudo log file exists oval:org.secpod.oval:def:73019 sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy. oval:org.secpod.oval:def:73016 Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user dot file permissions and determine the action to be taken in accordance with site po ... oval:org.secpod.oval:def:73017 The .netrcfile presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrcfiles from other systems which could pose a risk to those systems. oval:org.secpod.oval:def:73014 All accounts must have passwords or be locked to prevent the account from being used by an unauthorized user. oval:org.secpod.oval:def:73015 The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow group. oval:org.secpod.oval:def:73012 While the complete removal of /etc/sshd/sshd_config files is recommended if any are required on the system secure permissions must be applied. oval:org.secpod.oval:def:73013 System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize their clocks to them. oval:org.secpod.oval:def:73021 Ensure root is the only UID 0 account oval:org.secpod.oval:def:73022 Ensure root is the only UID 0 account oval:org.secpod.oval:def:73020 sudo can be configured to run only from a pseudo-pty oval:org.secpod.oval:def:74457 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (127.0.0.0/8).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loop ... oval:org.secpod.oval:def:74443 Configure the loopback interface to accept traffic. Configure all other interfaces to deny traffic to the loopback network (::1).Loopback traffic is generated between processes on machine and is typically critical to operation of the system. The loopback interface is the only place that loopback net ... oval:org.secpod.oval:def:74478 The use of wireless networking can introduce many different attack vectors into the organization's network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP ... oval:org.secpod.oval:def:74485 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:74464 Change the default policy to DROP (from ACCEPT) for the OUTPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:74471 Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The /var/run/failock directory maint ... oval:org.secpod.oval:def:74436 Change the default policy to DROP (from ACCEPT) for the FORWARD built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:87848 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events t ... oval:org.secpod.oval:def:87849 Ensure iptables-services not installed with firewalld or nftables oval:org.secpod.oval:def:87846 Ensure no users have .rhosts files oval:org.secpod.oval:def:87847 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:87844 The system login banner text should be set correctly. oval:org.secpod.oval:def:87845 The contents of the /etc/issue file are displayed to users prior to login for local terminals. oval:org.secpod.oval:def:87843 The system login banner text should be set correctly for remote login users. oval:org.secpod.oval:def:1700057 A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vul ... oval:org.secpod.oval:def:1701277 Access to external entities when parsing XML documents can lead to XML external entity attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests oval:org.secpod.oval:def:1701084 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment oval:org.secpod.oval:def:1701224 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace c ... oval:org.secpod.oval:def:1701089 A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service oval:org.secpod.oval:def:1700765 A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disab ... oval:org.secpod.oval:def:1701588 An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c oval:org.secpod.oval:def:1700910 org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. The BourneShell cla ... oval:org.secpod.oval:def:1701221 An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially ... oval:org.secpod.oval:def:1701587 An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c oval:org.secpod.oval:def:1701582 An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c oval:org.secpod.oval:def:1700095 It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service. oval:org.secpod.oval:def:1700049 It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of ... oval:org.secpod.oval:def:1700147 Earlier versions of flatpak exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. oval:org.secpod.oval:def:1700264 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All release ... oval:org.secpod.oval:def:1701234 A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authe ... oval:org.secpod.oval:def:1701640 A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault oval:org.secpod.oval:def:1701630 Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact via opening of crafted PDF document oval:org.secpod.oval:def:1701834 Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file oval:org.secpod.oval:def:1701806 The load_djpeg function in JpegImagePlugin.py, Ghostscript function in EpsImagePlugin.py, load function in IptcImagePlugin.py, and _copy function in Image.py in Python Image Library 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to over ... oval:org.secpod.oval:def:1701721 A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing oval:org.secpod.oval:def:1701754 A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv via crafted djvu file may lead to application crash and other consequences. A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render in tools/ddjvu via crafted djvu fi ... oval:org.secpod.oval:def:1701688 Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file oval:org.secpod.oval:def:1701741 SharpZipLib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3 oval:org.secpod.oval:def:1701659 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` replies, hiredis fails to check if `count * sizeof` can be repre ... oval:org.secpod.oval:def:1701728 A flaw was found in the Apache Tomcat package. An example web application did not filter the form authentication example, exposing a Cross-site scripting vulnerability oval:org.secpod.oval:def:1701773 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using ... oval:org.secpod.oval:def:1701684 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using ... oval:org.secpod.oval:def:1701683 If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection , it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 ps ... oval:org.secpod.oval:def:1701758 A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, , using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionalit ... oval:org.secpod.oval:def:1701687 A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, , using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain access to normally-restricted functionalit ... oval:org.secpod.oval:def:1701660 A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SU ... oval:org.secpod.oval:def:1701295 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read w ... oval:org.secpod.oval:def:1701237 A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG oval:org.secpod.oval:def:1700782 A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle attack against the host network or another ... oval:org.secpod.oval:def:1700744 A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle attack against the host network or another ... oval:org.secpod.oval:def:1700158 To provide fine-grained controls over the ability to use Dynamic DNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update reques ... oval:org.secpod.oval:def:1700507 NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the Amazon Linux 2 LTS release. The advisory release date does not accurately reflect the date this was fixed.An integer overflow flaw was found in the Linux kernel"s create_elf_tables function. An unprivileged local user with a ... oval:org.secpod.oval:def:1701776 The HAProxy Github issue describes this vulnerability as follows:Crash in http_wait_for_response in 2.2.19, 2.2.24, and 2.2.26 because sl variable is NULL oval:org.secpod.oval:def:1701781 The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Firefox for Linux. Other operating systems are unaffected.* A file ... oval:org.secpod.oval:def:1701601 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes 'e-Tugra' root certificates. e-Tugra's root certificates were subject to an investigation prompted by ... oval:org.secpod.oval:def:1701637 The libcpu component which is used by libasm of elfutils version 0.177 , suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write , off-by-one error and reachable assertion ; to exploit the vulnerability, the attackers need to craft certain ELF files whi ... oval:org.secpod.oval:def:1701789 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some hea ... oval:org.secpod.oval:def:1701707 Python Packaging Authority setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service in package_index.py oval:org.secpod.oval:def:1701213 Python Packaging Authority setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service in package_index.py oval:org.secpod.oval:def:1701149 sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplicat ... oval:org.secpod.oval:def:1701066 An off-by-one Error issue was discovered in Systemd in format_timespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan, leading to a Denial of Service oval:org.secpod.oval:def:1701731 NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in ... oval:org.secpod.oval:def:1701214 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memo ... oval:org.secpod.oval:def:1701795 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1701766 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1700893 An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name , this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two ... oval:org.secpod.oval:def:1700995 A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the write_status_text_and_buffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control oval:org.secpod.oval:def:1701651 A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. A flaw was found in the Redis database when a malformed Lua s ... oval:org.secpod.oval:def:1701230 Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839 oval:org.secpod.oval:def:1701086 An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem oval:org.secpod.oval:def:1701092 A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and a denia ... oval:org.secpod.oval:def:1701669 In Paramiko before 2.10.1, a race condition in the write_private_key_file function could allow unauthorized information disclosure oval:org.secpod.oval:def:1701737 A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is ... oval:org.secpod.oval:def:1700866 A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges oval:org.secpod.oval:def:1700801 Apache Log4j2 versions 2.0-beta7 through 2.17.0 are vulnerable to a remote code execution attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remo ... oval:org.secpod.oval:def:1700854 Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity oval:org.secpod.oval:def:1701712 A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync' oval:org.secpod.oval:def:1701788 A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from th ... oval:org.secpod.oval:def:1701724 A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from th ... oval:org.secpod.oval:def:1701746 Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the def ... oval:org.secpod.oval:def:1701716 Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code ... oval:org.secpod.oval:def:1701649 A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from this ... oval:org.secpod.oval:def:1700768 A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to syst ... oval:org.secpod.oval:def:1700731 It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial ... oval:org.secpod.oval:def:1700724 It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial ... oval:org.secpod.oval:def:1700769 A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integr ... oval:org.secpod.oval:def:1700802 A flaw was found in krb5. The Key Distribution Center in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system availabilit ... oval:org.secpod.oval:def:1701701 Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow tha ... oval:org.secpod.oval:def:1700723 A heap buffer overflow flaw was found in libsndfile. This flaw allows an attacker to execute arbitrary code via a crafted WAV file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability oval:org.secpod.oval:def:1701079 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives ar ... oval:org.secpod.oval:def:1701796 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer en ... oval:org.secpod.oval:def:1701676 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. Apache Tomcat ... oval:org.secpod.oval:def:1700694 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality ... oval:org.secpod.oval:def:1701743 An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28 oval:org.secpod.oval:def:1701706 Redis is an open source , in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixe ... oval:org.secpod.oval:def:1701749 A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ... oval:org.secpod.oval:def:1701725 A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ... oval:org.secpod.oval:def:1701647 A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ... oval:org.secpod.oval:def:1700698 A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability oval:org.secpod.oval:def:1701658 A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in ce ... oval:org.secpod.oval:def:1700778 The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as ... oval:org.secpod.oval:def:1700750 The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as ... oval:org.secpod.oval:def:1700798 The mq_notify function in the GNU C Library has a use-after-free. It may use the notification thread attributes object after it has been freed by the caller, leading to a denial of service or possibly unspecified other impact oval:org.secpod.oval:def:1701756 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can ... oval:org.secpod.oval:def:1701292 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these ... oval:org.secpod.oval:def:1700797 A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the def ... oval:org.secpod.oval:def:1701154 Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service via a crafted bmp image file. A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an une ... oval:org.secpod.oval:def:1701709 While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this woul ... oval:org.secpod.oval:def:1700541 A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. T ... oval:org.secpod.oval:def:1700404 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigg ... oval:org.secpod.oval:def:1700546 A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to /etc/target/s ... oval:org.secpod.oval:def:1700543 An access flaw was found in targetcli, where the `/etc/target` and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highes ... oval:org.secpod.oval:def:1701685 A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for `httplib2.Http.request` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation ... oval:org.secpod.oval:def:1701279 Vulnerability in the MySQL Connectors product of Oracle MySQL . Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful att ... oval:org.secpod.oval:def:1701663 In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution oval:org.secpod.oval:def:1700325 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions oval:org.secpod.oval:def:1700326 It"s been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged us ... oval:org.secpod.oval:def:1700137 Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most servers ... oval:org.secpod.oval:def:1700285 heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. oval:org.secpod.oval:def:1700298 It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depen ... oval:org.secpod.oval:def:1700292 Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. oval:org.secpod.oval:def:1701634 OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. An issue was discovered in OpenSC through 0.19.0 and 0.20.x thr ... oval:org.secpod.oval:def:1700347 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL oval:org.secpod.oval:def:1700513 Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial ... oval:org.secpod.oval:def:1700160 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.An integer overflow flaw ... oval:org.secpod.oval:def:1700277 FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client#039;s memory.. This attack appe ... oval:org.secpod.oval:def:1700118 In the GNU C Library through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex function. oval:org.secpod.oval:def:1700097 A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the #039;allow_other#039; mount option regardless of whether #039;user_allow_other#039; is set in the fuse configuration. An a ... oval:org.secpod.oval:def:1700073 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 oval:org.secpod.oval:def:1700106 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a quot;linkdnquot; and quot;containerdnquot; database argument, or by supplying a DN string which is a left extension of a cont ... oval:org.secpod.oval:def:1700266 A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files. oval:org.secpod.oval:def:1700038 Arbitrary code execution during go get or go get -dGo before 1.8.4 and 1.9.x before 1.9.1 allows quot;go getquot; remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repo ... oval:org.secpod.oval:def:1700032 Authentication bypass by improper validation of certificate EKU and SANAn authentication bypass flaw was found in the way krb5#039;s certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arb ... oval:org.secpod.oval:def:1700735 Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, ... oval:org.secpod.oval:def:1700864 The Mozilla Foundation Security Advisory describes this flaw as:It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. The Mozilla Foundation Security Advisory describes this flaw as:Constructing audio sinks could have lead to a race condition when playing ... oval:org.secpod.oval:def:1700905 The Mozilla Foundation Security Advisory describes this flaw as:NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. The Mozilla Foundation Security Advisory describes th ... oval:org.secpod.oval:def:1701697 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as a malicious website that could have learned the size of a cross-origin resource that supported Range requests. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as a m ... oval:org.secpod.oval:def:1701692 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these c ... oval:org.secpod.oval:def:1701770 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these cou ... oval:org.secpod.oval:def:1701654 Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR less than 102.5, ... oval:org.secpod.oval:def:1700804 A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it could a ... oval:org.secpod.oval:def:1701878 Improper Restriction of XML External Entity Reference, XML Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it ... oval:org.secpod.oval:def:1701854 A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be a ... oval:org.secpod.oval:def:1701864 A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the pu ... oval:org.secpod.oval:def:1701869 In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011 oval:org.secpod.oval:def:1701847 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms . The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms . The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission . The CIL compiler in SELinux 3.2 has a heap-based buf ... oval:org.secpod.oval:def:1701733 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms . The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms . The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission . The CIL compiler in SELinux 3.2 has a heap-based buf ... oval:org.secpod.oval:def:1701868 An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary ... oval:org.secpod.oval:def:1701875 No CVE was issued for this update. This advisory is applicable to Amazon Linux 2 (AL2) core repository. oval:org.secpod.oval:def:1701911 GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive oval:org.secpod.oval:def:1701917 An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. A file handle ... oval:org.secpod.oval:def:1701913 Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service via a crafted TCP-based service oval:org.secpod.oval:def:1701936 A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system function ... oval:org.secpod.oval:def:1701928 A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc oval:org.secpod.oval:def:1701842 No CVE was issued for this update. This advisory is applicable to Amazon Linux 2 - Ecs extra. oval:org.secpod.oval:def:1701871 A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within ... oval:org.secpod.oval:def:1701285 A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within ... oval:org.secpod.oval:def:1701883 A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data confidentiality oval:org.secpod.oval:def:1700775 A flaw was found in containerd CRI plugin. Containers launched through containerd#39;s CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data confidentiali ... oval:org.secpod.oval:def:1700746 A flaw was found in containerd CRI plugin. Containers launched through containerd#39;s CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data confidentiali ... oval:org.secpod.oval:def:1701850 A flaw was found in the `userns-remap` feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/less than or remappinggreater than , leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data i ... oval:org.secpod.oval:def:1700779 A flaw was found in the `userns-remap` feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/lt;remappinggt;, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity. A flaw was ... oval:org.secpod.oval:def:1700748 A flaw was found in the `userns-remap` feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/remapping, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity. A flaw was found ... oval:org.secpod.oval:def:1701948 The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In ... oval:org.secpod.oval:def:1701946 The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In ... oval:org.secpod.oval:def:1700774 In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby prior to 20.10.11 and versions of containerd prior to 1.4.12 and 1. ... oval:org.secpod.oval:def:1700745 In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby prior to 20.10.11 and versions of containerd prior to 1.4.12 and 1. ... oval:org.secpod.oval:def:1701951 A file permissions vulnerability was found in Moby . Copying files by using into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data. Moby is a ... oval:org.secpod.oval:def:1700858 A file permissions vulnerability was found in Moby . Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted dat ... oval:org.secpod.oval:def:1700860 A file permissions vulnerability was found in Moby . Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted dat ... oval:org.secpod.oval:def:1700865 A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated additional potentially affected processors. This flaw allows a possible temporary ... oval:org.secpod.oval:def:1701762 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from ... oval:org.secpod.oval:def:1700767 Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700761 Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1701075 multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escala ... oval:org.secpod.oval:def:1700697 A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the ... oval:org.secpod.oval:def:1701196 A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to ... oval:org.secpod.oval:def:1701209 A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges oval:org.secpod.oval:def:1701755 A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplied ... oval:org.secpod.oval:def:1701618 A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplied ... oval:org.secpod.oval:def:1701621 A flaw was found in PHP. The vulnerability occurs due to the malformed php_filter_float function and leads to a use-after-free vulnerability. This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault oval:org.secpod.oval:def:1701195 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, s ... oval:org.secpod.oval:def:1700891 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:1700853 A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPT_SUBST expansion oval:org.secpod.oval:def:1700345 In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid oval:org.secpod.oval:def:1701240 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. An iss ... oval:org.secpod.oval:def:1700164 The do_uncompress function in g10/compress.c allows context-dependent attackers to cause a denial of service via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. oval:org.secpod.oval:def:1700888 A validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrity. An out of bounds ... oval:org.secpod.oval:def:1701197 Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps less than QPainterPath::Element greater than ::growAppend oval:org.secpod.oval:def:1701592 QT-based clients may mismatch HSTS headers , which would prevent the client from switching to a secure HTTPS connection as requested by a server oval:org.secpod.oval:def:1701816 LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file oval:org.secpod.oval:def:1701748 If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false , Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack pos ... oval:org.secpod.oval:def:1701734 If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false , Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack pos ... oval:org.secpod.oval:def:1701152 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command in a situation where the ... oval:org.secpod.oval:def:1701595 An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents oval:org.secpod.oval:def:1701882 A vulnerability was found in OpenPrinting CUPS. The security flaw occurs due to failure in validating the length provided by an attacker-crafted CUPS document, possibly leading to a heap-based buffer overflow and code execution oval:org.secpod.oval:def:1701959 GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file oval:org.secpod.oval:def:1701983 advancecomp has a segmentation fault on invalid MNG size oval:org.secpod.oval:def:1701986 An issue discovered in Python Packaging Authority Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli oval:org.secpod.oval:def:1701955 Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack oval:org.secpod.oval:def:1701980 An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax oval:org.secpod.oval:def:1701973 In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked b ... oval:org.secpod.oval:def:1701957 In librt in the GNU C Library through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix oval:org.secpod.oval:def:1701927 efs-utils is a set of Utilities for Amazon Elastic File System . A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections pr ... oval:org.secpod.oval:def:1700796 A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the SProcRenderCompositeGlyphs function due to improper validation of the request length. A flaw was found in xorg-x11-server. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. A flaw ... oval:org.secpod.oval:def:1700145 Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks.Note: This CVE is also fixed in golang-1.11.3-2.amzn2.0.2 in the golang1.11 extras repository. oval:org.secpod.oval:def:1700134 An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib, up to 0.13.68, that could lead to a crash in __zzip_parse_root_directory function of zzip/ip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.A memory lea ... oval:org.secpod.oval:def:1700110 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. oval:org.secpod.oval:def:1700016 Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c:It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass ... oval:org.secpod.oval:def:1700006 Insufficient validation of trust of .desktop files with execute permissionAn untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a . ... oval:org.secpod.oval:def:1700131 An integer wraparound has been discovered in the Binary File Descriptor library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.The ignore_section_sym function in elf.c in the Binary File Descriptor lib ... oval:org.secpod.oval:def:1700008 Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cA stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus ... oval:org.secpod.oval:def:1700146 The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.The evax_bfd_print_emh function in vms ... oval:org.secpod.oval:def:1700023 Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c:rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacke ... oval:org.secpod.oval:def:1700781 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. A command injection flaw was discovered in Docker during the `docker build` c ... oval:org.secpod.oval:def:1700743 Docker Engine before 18.09 allows attackers to cause a denial of service via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. A command injection flaw was discovered in Docker during the `docker build` c ... oval:org.secpod.oval:def:1700263 An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the #039;#039; character is mishandled in certain contexts.An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflo ... oval:org.secpod.oval:def:1700122 A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.A double-free flaw was found in the way libcdio handled ... oval:org.secpod.oval:def:1700103 A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:1700214 A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. A use-after-free flaw was found in pacemaker which could result in certain sensitive information to be leaked via the system logs. A flaw was found in the way pacemaker#039;s c ... oval:org.secpod.oval:def:1700168 A flaw was found in libqb. Insecure handling of temporary files could be exploited by a local attacker to overwrite privileged system files.Upstream issue:https://github.com/ClusterLabs/libqb/issues/338 oval:org.secpod.oval:def:1700078 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:1700045 It was found that the system umask policy is not being honored when creating XDG user directories on first login. This could lead to user#039;s files being inadvertently exposed to other local users. oval:org.secpod.oval:def:1700109 A buffer overflow has been discovered in the GNU C Library in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code. oval:org.secpod.oval:def:1700054 Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.Curl version cu ... oval:org.secpod.oval:def:1700282 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE . Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi ... oval:org.secpod.oval:def:1700230 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE . Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE ... oval:org.secpod.oval:def:1700172 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:1700156 FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode that results in a memory corruption and possibly even a remote code execution.FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in f ... oval:org.secpod.oval:def:1700117 Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations. oval:org.secpod.oval:def:1701852 Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP error page generation for certificate errors. A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine oval:org.secpod.oval:def:1700096 It was found that GnuTLS#039;s implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.It was found that GnuTLS# ... oval:org.secpod.oval:def:1700080 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:1700079 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with quot;hostquot; or quot;hostaddrquot; connection parameters from untrusted input, attackers could bypas ... oval:org.secpod.oval:def:1701735 A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and ... oval:org.secpod.oval:def:1700344 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ... oval:org.secpod.oval:def:1700323 A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. Applications that use the library to process untrusted files may be vulnerable to this flaw. A flaw wa ... oval:org.secpod.oval:def:1701665 The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to ... oval:org.secpod.oval:def:1700795 Cross-site request forgery vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. A Cross-Site R ... oval:org.secpod.oval:def:1700190 A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the opti ... oval:org.secpod.oval:def:1700076 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c ... oval:org.secpod.oval:def:1700062 stdlib/canonicalize.c in the GNU C Library 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.The GNU C Library bef ... oval:org.secpod.oval:def:1700056 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:1700009 Improper fetch cleanup sequencing in the resolver can cause named to crashA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting a ... oval:org.secpod.oval:def:1700007 Access to automounted volumes can lock upA race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. oval:org.secpod.oval:def:1700267 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in __zzip_fetch_disk_trailer . ... oval:org.secpod.oval:def:1700174 There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to ... oval:org.secpod.oval:def:1700124 The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate oval:org.secpod.oval:def:1700121 The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service via unspecified vectors.JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one c ... oval:org.secpod.oval:def:1700107 A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server coul ... oval:org.secpod.oval:def:1700092 An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. oval:org.secpod.oval:def:1700070 A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution. oval:org.secpod.oval:def:1700072 Use-after-free when appending DOM nodes Use-after-free using focus Compromised IPC child process can list local filenames Buffer overflow using computed size of canvas element Using form to exfiltrate encrypted mail part by pressing enter in form field S/MIME plaintext can be leaked through HTML rep ... oval:org.secpod.oval:def:1700066 A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ... oval:org.secpod.oval:def:1700050 Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run ... oval:org.secpod.oval:def:1700042 The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PD ... oval:org.secpod.oval:def:1700037 Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation can result in code execution. This attack appear to be exploitable via a patch file processed via th ... oval:org.secpod.oval:def:1700036 1553531: Stack-based buffer overflow in exec.c:hashcmdzsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service.Stack-based buffer overflow in gen_matches_files at compctl.cA buffer overfl ... oval:org.secpod.oval:def:1700030 Unbounded memory allocation during deserialization in Container Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ... oval:org.secpod.oval:def:1700034 Unbounded memory allocation during deserialization in NamedNodeMapImpl Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ... oval:org.secpod.oval:def:1700020 Path traversal when writing to a symlinked basedir outside of the rootRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerab ... oval:org.secpod.oval:def:1700024 FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ... oval:org.secpod.oval:def:1700021 Buffer overflow in dhclient possibly allowing code execution triggered by malicious serverAn out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client mach ... oval:org.secpod.oval:def:1700015 Vorbis audio processing out of bounds write :An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code oval:org.secpod.oval:def:1700018 Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user#039;s side and force the victim to perform unintended actions oval:org.secpod.oval:def:1700013 It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled. oval:org.secpod.oval:def:1700010 Omapi code doesn"t free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descripto ... oval:org.secpod.oval:def:1700005 SingleEntryRegistry incorrect setup of deserialization filter It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrict ... oval:org.secpod.oval:def:1700004 HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response ... oval:org.secpod.oval:def:1700216 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware ... oval:org.secpod.oval:def:1700180 An off-by-one error has been discovered in libX11 in functions XGetFontPath, XListExtensions, and XListFonts. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the me ... oval:org.secpod.oval:def:1700152 When the default servlet in Apache Tomcat returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:1700140 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression.An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.An issue was discovered in mspack/chmd.c in lib ... oval:org.secpod.oval:def:1700143 _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. oval:org.secpod.oval:def:1700136 PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header[#039;filename#039;]` as parameter . When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar ... oval:org.secpod.oval:def:1700135 It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim#039;s one may adver ... oval:org.secpod.oval:def:1700132 An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one l ... oval:org.secpod.oval:def:1700126 Large syslogd messages sent to journald can cause stack corruption, causing journald to crash. The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case. Large native messages to journald can cause stack corruption, leading to possible local privilege escalation ... oval:org.secpod.oval:def:1700112 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.It was disc ... oval:org.secpod.oval:def:1700111 curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over t ... oval:org.secpod.oval:def:1700101 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive informat ... oval:org.secpod.oval:def:1700517 An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex oval:org.secpod.oval:def:1700509 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. tcp_emu in slirp/tcp_subr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure oval:org.secpod.oval:def:1700516 A heap buffer overflow issue was found in the load_device_tree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentiall ... oval:org.secpod.oval:def:1700090 A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing th ... oval:org.secpod.oval:def:1700098 A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains. oval:org.secpod.oval:def:1700081 A denial of service flaw was discovered in bind versions that include the quot;deny-answer-aliasesquot; feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition. oval:org.secpod.oval:def:1700084 An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local ... oval:org.secpod.oval:def:1700087 A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. oval:org.secpod.oval:def:1700075 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a #039;/#039; character.An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They al ... oval:org.secpod.oval:def:1700019 NULL dereference in cd in sh compatibility mode under given circumstancesIn builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. Null-pointer deref when using ${...} on an empty a ... oval:org.secpod.oval:def:1700261 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 oval:org.secpod.oval:def:1700260 A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. oval:org.secpod.oval:def:1700192 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::Gemcut ... oval:org.secpod.oval:def:1700183 Buffer overflow in GNU Wget allows remote attackers to cause a denial-of-service or may execute an arbitrary code via unspecified vectors oval:org.secpod.oval:def:1700178 An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary fil ... oval:org.secpod.oval:def:1700163 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manual ... oval:org.secpod.oval:def:1700148 Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. oval:org.secpod.oval:def:1700142 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 Crash with nested event loops Memory safety bugs fixed in Firefox ESR 60.3 Integer overflow during Unicode conversion while loading JavaScript oval:org.secpod.oval:def:1700139 It was found that bus_process_object in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the curr ... oval:org.secpod.oval:def:1700133 A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird lt; 60.4, Firefox ESR lt; 60. ... oval:org.secpod.oval:def:1700115 The GD Graphics Library 2.2.5 has a double free in the gdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. oval:org.secpod.oval:def:1700063 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessi ... oval:org.secpod.oval:def:1700204 file_copy_fallback in gio/gfile.c in GNOME GLib 2.56.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used oval:org.secpod.oval:def:1700191 libical: Heap buffer over read in icalparser.c parser_get_next_char libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c Mozilla: Sandbox escape using Prompt:Open libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c libical: Heap buffer ove ... oval:org.secpod.oval:def:1700189 An integer overflow in curl#039;s URL API results in a buffer overflow in libcurl. A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl oval:org.secpod.oval:def:1700119 Heap-based buffer overflow vulnerability in extract_status_code function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary co ... oval:org.secpod.oval:def:1700035 Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3 functionAn integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3 in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. oval:org.secpod.oval:def:1700784 A flaw was discovered in the API endpoint behind the #39;docker cp#39; command. The endpoint is vulnerable to a Time Of Check to Time Of Use vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on the ... oval:org.secpod.oval:def:1700753 A flaw was discovered in the API endpoint behind the #39;docker cp#39; command. The endpoint is vulnerable to a Time Of Check to Time Of Use vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on the ... oval:org.secpod.oval:def:1700284 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow . oval:org.secpod.oval:def:1700265 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 , protocol processing can fail for quoted strings. This occurs because #039;\\0#039; characters are mishandled, and can lead to out-of-bounds writes and remote code execution. oval:org.secpod.oval:def:1701679 LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary p ... oval:org.secpod.oval:def:1701655 The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a productio ... oval:org.secpod.oval:def:1700290 A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make ... oval:org.secpod.oval:def:1700294 The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird CVE-2019-17005 oval:org.secpod.oval:def:1700296 In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization oval:org.secpod.oval:def:1700512 Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel Core, Intel Celeron Processor 4000 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. Memory leak in ArpOnFrameRcvdDpc Numeric truncation in MdeM ... oval:org.secpod.oval:def:1700510 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment oval:org.secpod.oval:def:1700040 Denial of service in vpx/src/vpx_image.c fileA vulnerability in the Android media framework related to odd frame width. oval:org.secpod.oval:def:1700330 An issue was discovered in International Components for Unicode for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp oval:org.secpod.oval:def:1701661 NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer oval:org.secpod.oval:def:1700329 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260 . The fix for that bug still left the door open for an exploit where _some_ credential is leaked . Git uses external "cr ... oval:org.secpod.oval:def:1701657 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking oval:org.secpod.oval:def:1700320 The Mozilla Foundation Security Advisory describes this flaw as: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. The Mozilla Foundation Security Advisory describes this flaw as: The inp ... oval:org.secpod.oval:def:1700315 When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird CVE-2020-6792 oval:org.secpod.oval:def:1700304 When pasting a lt;stylegt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR CVE-2019-17016 oval:org.secpod.oval:def:1700545 A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass. A flaw was found in the X.Org Server. An out-of-bounds acces ... oval:org.secpod.oval:def:1701872 A buffer overflow vulnerability in epsc_print_page in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software G ... oval:org.secpod.oval:def:1700508 A use after free vulnerability in ip_reass in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass routine while ... oval:org.secpod.oval:def:1700514 A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib"s data object. This allocated memory is not freed upon disconnection, resultin ... oval:org.secpod.oval:def:1701774 A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:1700402 By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension ... oval:org.secpod.oval:def:1701732 A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data co ... oval:org.secpod.oval:def:1700816 A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability oval:org.secpod.oval:def:1700377 Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR CVE-2020-12418 oval:org.secpod.oval:def:1700324 Integer Overflow or Wraparound leads to Heap-based Buffer Overflow oval:org.secpod.oval:def:1700317 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters . In those cases it is possible that such a group does not have the cofactor present. This can oc ... oval:org.secpod.oval:def:1701945 A flaw was found in containerd. Access controls for the shim API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim, wit ... oval:org.secpod.oval:def:1701074 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Mutt before 1.14.4 and NeoMutt before 2020-06-19 ha ... oval:org.secpod.oval:def:1700169 A vulnerability was found in a previous version of mod_auth_mellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute UR ... oval:org.secpod.oval:def:1700138 LibVNC contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution oval:org.secpod.oval:def:1700548 A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code oval:org.secpod.oval:def:1700515 tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. An out-of-bounds heap buffer acces ... oval:org.secpod.oval:def:1700039 Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.cAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified ... oval:org.secpod.oval:def:1700827 A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from t ... oval:org.secpod.oval:def:1700805 Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service . An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openj ... oval:org.secpod.oval:def:1701276 A flaw was found in the Jasper tool's jpc encoder. This flaw allows an attacker to craft input provided to Jasper, causing an arbitrary out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. A flaw was found in jasper before ... oval:org.secpod.oval:def:1701235 A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file t ... oval:org.secpod.oval:def:1700783 A flaw was found in containerd. Access controls for the shim#39;s API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim ... oval:org.secpod.oval:def:1700776 A flaw was found in containerd. Credentials may be leaked during an image pull oval:org.secpod.oval:def:1700741 A flaw was found in containerd. Credentials may be leaked during an image pull oval:org.secpod.oval:def:1700747 A flaw was found in containerd. Access controls for the shim#39;s API socket verified that a connecting process had an effective UID of 0, but otherwise did not restrict access to the abstract Unix domain socket. This could allow malicious containers running in the same network namespace as the shim ... oval:org.secpod.oval:def:1700283 A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause th ... oval:org.secpod.oval:def:1701580 There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability oval:org.secpod.oval:def:1700544 A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducin ... oval:org.secpod.oval:def:1701715 A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and c ... oval:org.secpod.oval:def:1701861 Integer overflow leading to heap overwrite in MXF file handling with uncompressed videoNOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.htmlNOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/ ... oval:org.secpod.oval:def:1701210 A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileg ... oval:org.secpod.oval:def:1701091 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. A vulnerability ... oval:org.secpod.oval:def:1701804 Memory corruption in IPC CanvasTranslator Memory corruption in IPC ColorPickerShownCallback Memory corruption in IPC FilePickerShownCallback XLL file extensions were downloadable without warnings. Memory safety bug oval:org.secpod.oval:def:1701641 Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerabi ... oval:org.secpod.oval:def:1701817 A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a den ... oval:org.secpod.oval:def:1701682 An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox less than 115, Firefox ESR less than 102.13, and Thunderbird less than 102.13. Cross-compartment wrappers wrapping a scripted proxy could have caused objects f ... oval:org.secpod.oval:def:1701719 The Mozilla Foundation describes this issue as follows:Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. The Mozilla Foundation describes this issue as follows:A website could have obscured the fullscreen notification by usin ... oval:org.secpod.oval:def:1701675 The Mozilla Foundation describes this issue as follows:Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. The Mozilla Foundation describes this issue as follows:When accessi ... oval:org.secpod.oval:def:1701664 firefox-esr , thunderbird and nss only are affected by this package. The Mozilla Foundation Security Advisory describes this flaw as:The `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. ... oval:org.secpod.oval:def:1701581 In LibRaw, an out-of-bounds read vulnerability exists within the 'LibRaw::adobe_copy_pixel' function when reading data from the image file. A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex caused by a maliciously crafted file may lead to application crash oval:org.secpod.oval:def:1701225 Divide By Zero in GitHub repository vim/vim prior to 9.0.1367 oval:org.secpod.oval:def:1701298 NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake asm/nasm.c:856 oval:org.secpod.oval:def:1700894 Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service via a crafted tif file. A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, re ... oval:org.secpod.oval:def:1701744 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1701702 MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-greater than get_ref_count == 0 in dict0dict.cc. MariaDB v10.2 to v10.7 wa ... oval:org.secpod.oval:def:1701616 GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAPNOTE: Fixed in 8.2.7, 8.1.20, 8.0.29NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mwNOTE: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc ... oval:org.secpod.oval:def:1701631 Buffer Overflow vulnerability in LibRaw::stretch function in libraw\src\postprocessing\aspect_ratio.cpp. In LibRaw, there is an out-of-bounds write vulnerability within the "new_node" function that can be triggered via a crafted X3F file. In LibRaw, an out-of-bounds read vulnerability exists within ... oval:org.secpod.oval:def:1701275 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslation ... oval:org.secpod.oval:def:1701717 An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing ... oval:org.secpod.oval:def:1701849 A NULL pointer dereference vulnerability was found in the Libreswan package. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the de ... oval:org.secpod.oval:def:1701643 The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service via a crafted tiff image. A divide-by-zero vulnerability was found in libtiff. This flaw allows an attacker to cause a denial of service via a crafted tiff file. loadImage in tools/tiffcrop.c in L ... oval:org.secpod.oval:def:1701691 Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled wi ... oval:org.secpod.oval:def:1701975 A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1701627 Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion oval:org.secpod.oval:def:1701155 Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this p ... oval:org.secpod.oval:def:1701078 Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone , Git copies the contents of the source's /o ... oval:org.secpod.oval:def:1700289 Git mistakes some paths for relative paths allowing writing outside of the worktree while cloning NTFS protections inactive when running Git in the Windows Subsystem for Linux remote code execution in recursive clones with nested submodules Arbitrary path overwriting via export-marks command option ... oval:org.secpod.oval:def:1701771 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attack ... oval:org.secpod.oval:def:1701738 A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This ... oval:org.secpod.oval:def:1701714 A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by no_log feature when using the snmp_facts module. Attackers could take advantage of this information to steal the SNMP credentials. The highest threat from this vulnerability is to data ... oval:org.secpod.oval:def:1701068 A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover oval:org.secpod.oval:def:1701779 A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name ... oval:org.secpod.oval:def:1701763 A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage ... oval:org.secpod.oval:def:1701711 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw le ... oval:org.secpod.oval:def:1701681 An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri mod ... oval:org.secpod.oval:def:1700025 Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution:An XML deserialization vulnerability was discovered in slf4j#039;s EventData which accepts anXML serialized string and can lead to arbitrary code execution oval:org.secpod.oval:def:1701594 A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c ... oval:org.secpod.oval:def:1701730 Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox less than 116, Firefox ESR less than 102.14, and Firefox ESR less than 115.1. In some circumstances, ... oval:org.secpod.oval:def:1701584 Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local us ... oval:org.secpod.oval:def:1701591 lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array co ... oval:org.secpod.oval:def:1701987 A heap out-of-bounds read flaw was found in builtin.c in the gawk package which may result in a crash of the software oval:org.secpod.oval:def:1701814 An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero oval:org.secpod.oval:def:1701632 A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL , versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution oval:org.secpod.oval:def:1701628 An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory oval:org.secpod.oval:def:1701832 Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder oval:org.secpod.oval:def:1701223 A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1701826 Null pointer dereference when viewing a specially crafted email in Mutt greater than 1.5.2 less than 2.2.12 Null pointer dereference when composing from a specially crafted draft message in Mutt greater than 1.5.2 less than 2.2.12 oval:org.secpod.oval:def:1701639 Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame oval:org.secpod.oval:def:1701579 Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service by crafting a PDF file in which the xref data structure is mishandled in getCatalog ... oval:org.secpod.oval:def:1701815 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service via crafted .pdf file to FoFiType1C::cvtGlyph function. An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service via craf ... oval:org.secpod.oval:def:1701828 Buffer overflow in some Intel SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. Uncontrolled resource consumption in some Intel SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to po ... oval:org.secpod.oval:def:1701825 Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input oval:org.secpod.oval:def:1701572 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in ... oval:org.secpod.oval:def:1701914 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:1701083 A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion oval:org.secpod.oval:def:1701930 An issue was found in redundant REX instruction prefix values affecting third generation Intel Xeon Scalable processors. The issue may allow a local third-party actor using such instructions to cause a denial of service or achieve privilege escalation. CVE-2023-23583 only affects Amazon Linux cust ... oval:org.secpod.oval:def:1701921 NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. Use After Free in GitHub repository vim/vim prior to v9.0.2010 oval:org.secpod.oval:def:1701636 A buffer overflow vulnerability in pcx_write_rle in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51 oval:org.secpod.oval:def:1701281 org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters oval:org.secpod.oval:def:1701207 GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command in a situation where ... oval:org.secpod.oval:def:1701963 A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is t ... oval:org.secpod.oval:def:1701291 socket.c in GNU Screen through 4.9.0, when installed setuid or setgid , allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process oval:org.secpod.oval:def:1701726 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret t ... oval:org.secpod.oval:def:1701931 Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page oval:org.secpod.oval:def:1701884 Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page oval:org.secpod.oval:def:1701841 Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page oval:org.secpod.oval:def:1701792 A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker oval:org.secpod.oval:def:1701705 The Mozilla Foundation Security Advisory's description of this flaw: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user ... oval:org.secpod.oval:def:1701694 A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. The Mozilla Foundation Security Advisor ... oval:org.secpod.oval:def:1701070 A flaw was found in the Linux kernel's util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing ... oval:org.secpod.oval:def:1701590 Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service oval:org.secpod.oval:def:1701600 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127 oval:org.secpod.oval:def:1701583 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/ ... oval:org.secpod.oval:def:1701620 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. In PHP 8.0.X bef ... oval:org.secpod.oval:def:1701233 In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes t ... oval:org.secpod.oval:def:1701956 gstreamer: AV1 codec parser heap-based buffer overflow gstreamer: MXF demuxer use-after-free vulnerability oval:org.secpod.oval:def:1701807 FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS . When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a ... oval:org.secpod.oval:def:1701629 VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations oval:org.secpod.oval:def:1701148 FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgra ... oval:org.secpod.oval:def:1701990 An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead t ... oval:org.secpod.oval:def:1701619 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. In PHP 8.0.X bef ... oval:org.secpod.oval:def:1701625 A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplied ... oval:org.secpod.oval:def:1701614 GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAPNOTE: Fixed in 8.2.7, 8.1.20, 8.0.29NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mwNOTE: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc ... oval:org.secpod.oval:def:1701615 In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. In PHP 8.0.X bef ... oval:org.secpod.oval:def:1701613 GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAPNOTE: Fixed in 8.2.7, 8.1.20, 8.0.29NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mwNOTE: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc ... oval:org.secpod.oval:def:1701648 A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code e ... oval:org.secpod.oval:def:1700908 A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in gru ... oval:org.secpod.oval:def:1701578 http2/hpack: avoid quadratic complexity in hpack decoding oval:org.secpod.oval:def:1701576 http2/hpack: avoid quadratic complexity in hpack decoding oval:org.secpod.oval:def:1701088 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document , were not blocked. Rather, ... oval:org.secpod.oval:def:1701065 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations oval:org.secpod.oval:def:1701810 Expat before 2.4.4 has an integer overflow in the doProlog function. A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service oval:org.secpod.oval:def:1700887 In Expat before 2.4.3, a left shift by 29 places in the storeAtts function in xmlparse.c can lead to realloc misbehavior oval:org.secpod.oval:def:1700868 An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution oval:org.secpod.oval:def:1700851 expat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and inte ... oval:org.secpod.oval:def:1701241 A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote attacker to m ... oval:org.secpod.oval:def:1701571 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value oval:org.secpod.oval:def:1700208 It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory. It was found that the ... oval:org.secpod.oval:def:1700159 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:1700154 In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard oval:org.secpod.oval:def:1701785 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically ... oval:org.secpod.oval:def:1700890 A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability. A flaw was found in httpd. The inbound connection is ... oval:org.secpod.oval:def:1700803 There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Dom ... oval:org.secpod.oval:def:1701287 The Ruby on Rails advisory describes this vulnerability as follows:Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack are impacted oval:org.secpod.oval:def:1700033 Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victims clock vi ... oval:org.secpod.oval:def:1700155 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prio ... oval:org.secpod.oval:def:1701206 Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory oval:org.secpod.oval:def:1700295 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE . Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Jav ... oval:org.secpod.oval:def:1700278 The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privil ... oval:org.secpod.oval:def:1700259 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service or execute arbitrary code via a crafted file.A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial o ... oval:org.secpod.oval:def:1700181 Vulnerability in the Java SE component of Oracle Java SE . Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1700171 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE . Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi ... oval:org.secpod.oval:def:1700162 A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1700149 Vulnerability in the Java SE component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of th ... oval:org.secpod.oval:def:1700144 A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges. oval:org.secpod.oval:def:1700125 libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ... oval:org.secpod.oval:def:1700123 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:1700108 util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. oval:org.secpod.oval:def:1700100 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE . Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Jav ... oval:org.secpod.oval:def:1700511 Logic error in FV parsing in MdeModulePkg\Core\Pei\FwVol\FwVol.c Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. A missing check ... oval:org.secpod.oval:def:1700094 In Apache HTTP Server, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:1700089 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE . Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom ... oval:org.secpod.oval:def:1700071 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in ... oval:org.secpod.oval:def:1700067 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in ... oval:org.secpod.oval:def:1701294 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. Aft ... oval:org.secpod.oval:def:1700343 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinit ... oval:org.secpod.oval:def:1701204 An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to a ... oval:org.secpod.oval:def:1701989 Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0 ... oval:org.secpod.oval:def:1701935 Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at ... oval:org.secpod.oval:def:1701925 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product oval:org.secpod.oval:def:1701979 A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition oval:org.secpod.oval:def:1701596 A vulnerability in the filesystem image parser for Hierarchical File System Plus of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which ... oval:org.secpod.oval:def:1701926 A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is system ... oval:org.secpod.oval:def:1701704 The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object oval:org.secpod.oval:def:1701703 A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A ReDo ... oval:org.secpod.oval:def:1701677 A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is system ... oval:org.secpod.oval:def:1701670 CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. A flaw was found in ruby, where the date object ... oval:org.secpod.oval:def:1701666 The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object oval:org.secpod.oval:def:1700736 A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry file, which would cause hivex to recursively call the _get_children function, leading to a stack overflow. The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1701791 An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc oval:org.secpod.oval:def:1701769 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private ... oval:org.secpod.oval:def:1701729 An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc oval:org.secpod.oval:def:1701662 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private ... oval:org.secpod.oval:def:1701656 A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in appli ... oval:org.secpod.oval:def:1701799 An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy , which may lead to an ... oval:org.secpod.oval:def:1700153 A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.If an application encounters a fatal protocol error and then calls SSL_shutdown twice t ... oval:org.secpod.oval:def:1700120 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key oval:org.secpod.oval:def:1700058 A flaw was discovered in the Apache XML-RPC library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a lt;ex:serializablegt; element. oval:org.secpod.oval:def:1701205 In Sudo before 1.9.12p2, the sudoedit feature mishandles extra arguments passed in the user-provided environment variables , allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. T ... oval:org.secpod.oval:def:1701599 Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check, DH_check_exor EVP_PKEY_param_check to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been ... oval:org.secpod.oval:def:1701827 Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check, DH_check_exor EVP_PKEY_param_check to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been ... oval:org.secpod.oval:def:1701602 Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check, DH_check_exor EVP_PKEY_param_check to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been ... oval:org.secpod.oval:def:1700077 A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or ... oval:org.secpod.oval:def:1702018 On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox less than 120, Firefox less than 115.5, and Thunderbird less than 115.5.0. It was pos ... oval:org.secpod.oval:def:1702033 NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry oval:org.secpod.oval:def:1702031 An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service after running a SELECT statement. An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service after running a SELECT sta ... oval:org.secpod.oval:def:1702032 Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may late ... oval:org.secpod.oval:def:1702030 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.It could do this by exploiting a mixed ... oval:org.secpod.oval:def:1702008 urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body to `GET` as is required by HTTP RFCs. A ... oval:org.secpod.oval:def:1702012 A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition oval:org.secpod.oval:def:1702004 It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service oval:org.secpod.oval:def:1702037 A reachable assertion was found in avahi_alternative_host_name oval:org.secpod.oval:def:1702027 A reachable assertion was found in avahi_rdata_parse oval:org.secpod.oval:def:1702025 Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible oval:org.secpod.oval:def:1702009 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpless thancpdec while loop. mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trail ... oval:org.secpod.oval:def:1702017 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highes ... oval:org.secpod.oval:def:1702028 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availabil ... oval:org.secpod.oval:def:1702011 An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest oval:org.secpod.oval:def:1702034 handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service oval:org.secpod.oval:def:1702040 Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts oval:org.secpod.oval:def:1702035 HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on ... oval:org.secpod.oval:def:1702021 python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability ... oval:org.secpod.oval:def:1702041 A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1702020 For Eclipse Jetty versions less than= 9.4.40, less than= 10.0.2, less than= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml ... oval:org.secpod.oval:def:1702010 An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf oval:org.secpod.oval:def:1702042 Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to informa ... oval:org.secpod.oval:def:1702014 Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users shou ... oval:org.secpod.oval:def:1702029 Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component oval:org.secpod.oval:def:1702057 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check oval:org.secpod.oval:def:1702051 An issue was discovered in the function gdev_prn_open_printer_seekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer oval:org.secpod.oval:def:1702047 In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines oval:org.secpod.oval:def:1702060 Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary ... oval:org.secpod.oval:def:1702052 D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon ca ... oval:org.secpod.oval:def:1702059 When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG oval:org.secpod.oval:def:1702050 An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner oval:org.secpod.oval:def:1702056 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from ... oval:org.secpod.oval:def:1702046 Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving the offset variable. In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png. ... oval:org.secpod.oval:def:1702070 An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the se ... oval:org.secpod.oval:def:1702000 Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack oval:org.secpod.oval:def:1702003 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value oval:org.secpod.oval:def:1701993 On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox less than 120, Firefox less than 115.5, and Thunderbird less than 115.5.0. It was pos ... oval:org.secpod.oval:def:1701994 HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server oval:org.secpod.oval:def:1701992 Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service ... oval:org.secpod.oval:def:1702002 An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero oval:org.secpod.oval:def:1702072 An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the se ... oval:org.secpod.oval:def:1701211 Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local c ... oval:org.secpod.oval:def:1700547 When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command"s arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy if the command is ... oval:org.secpod.oval:def:1701887 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:1701674 The CryptProtectMemory function in cng.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LO ... oval:org.secpod.oval:def:1702038 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be use ... oval:org.secpod.oval:def:1701998 The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR less than 115.6, Thunderbird less than 115.6 ... oval:org.secpod.oval:def:1701923 VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their ... oval:org.secpod.oval:def:1701808 paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'less thanunichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626 oval:org.secpod.oval:def:1701947 A flaw was found in Moby , where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve runs. Containers using Li ... oval:org.secpod.oval:def:1701940 A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup and expo ... oval:org.secpod.oval:def:1700907 A flaw was found in Moby , where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve runs. Containers using Li ... oval:org.secpod.oval:def:1700906 A flaw was found in Moby , where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve runs. Containers using Li ... oval:org.secpod.oval:def:1700852 A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup and expo ... oval:org.secpod.oval:def:1700855 A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup and expo ... oval:org.secpod.oval:def:1701942 containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory cont ... oval:org.secpod.oval:def:1700862 containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory cont ... oval:org.secpod.oval:def:1700861 containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory cont ... oval:org.secpod.oval:def:1701194 Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath oval:org.secpod.oval:def:1701941 A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extend ... oval:org.secpod.oval:def:1700777 A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host#39;s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set ext ... oval:org.secpod.oval:def:1700752 A flaw was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host#39;s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set ext ... oval:org.secpod.oval:def:51008 A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed b ... oval:org.secpod.oval:def:1701593 Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to less than= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only t ... oval:org.secpod.oval:def:1701838 2023-10-11: The severity level was changed from Important to Medium.Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to less than or = 8192 bits. Ba ... oval:org.secpod.oval:def:1701922 Potential PIN bypass.When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its internals. This is dangero ... oval:org.secpod.oval:def:1701964 A heap based buffer overflow in Wireshark's NetScreen file parser may lead to a local arbitrary code execution via a crafted capture file oval:org.secpod.oval:def:1702016 A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. A flaw was fo ... oval:org.secpod.oval:def:1701969 A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration . If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escala ... oval:org.secpod.oval:def:1701934 A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for ... oval:org.secpod.oval:def:1702026 Vulnerability in Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unautho ... oval:org.secpod.oval:def:1701996 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker wit ... oval:org.secpod.oval:def:1701867 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker wit ... oval:org.secpod.oval:def:1701860 Memory corruption bug on JDK 21 and 20 when AVX-512 is enabled. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easi ... oval:org.secpod.oval:def:1701853 Vulnerability in Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unautho ... oval:org.secpod.oval:def:1701824 vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service via the ex_buffer_all method. Use After Free in GitHub repository vim/vim prior to 9.0.1840. Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Out-of-bounds Write i ... oval:org.secpod.oval:def:1701823 libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage in tiffcrop cause heap-buffer-overflow and SEGV. A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow issue via TIFFTAG_INK ... oval:org.secpod.oval:def:1702005 Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the s ... oval:org.secpod.oval:def:1701943 A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left o ... oval:org.secpod.oval:def:1701876 Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.The ReadHuffmanCodes function allocates the ... oval:org.secpod.oval:def:1701858 VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding oval:org.secpod.oval:def:1701840 VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding oval:org.secpod.oval:def:1701932 The Mozilla Foundation Security Advisory describes this flaw as:It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. The Mozilla Foundation Security Advisory describes this flaw as:Drivers are not al ... oval:org.secpod.oval:def:1701831 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Con ... oval:org.secpod.oval:def:1702074 Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out via ... oval:org.secpod.oval:def:1702076 Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out via ... oval:org.secpod.oval:def:1702068 While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The CVE-2021-32027 fix ... oval:org.secpod.oval:def:1702066 Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out via ... oval:org.secpod.oval:def:1702001 While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The CVE-2021-32027 fix ... oval:org.secpod.oval:def:1701797 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1701790 postgresql: Client memory disclosure when connecting with Kerberos to modified server This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. Wh ... oval:org.secpod.oval:def:1701793 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1701777 This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. While CVE-2016-2193 fixed most interaction between row security and user ID changes, it ... oval:org.secpod.oval:def:1701739 postgresql: Client memory disclosure when connecting with Kerberos to modified server This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. Wh ... oval:org.secpod.oval:def:1701699 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1701698 IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct . If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege ... oval:org.secpod.oval:def:1701678 postgresql: Client memory disclosure when connecting with Kerberos to modified server This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. Wh ... oval:org.secpod.oval:def:1701297 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows ... oval:org.secpod.oval:def:1701282 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows ... oval:org.secpod.oval:def:1701288 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows ... oval:org.secpod.oval:def:1701780 URL Redirection to Untrusted Site vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT web ... oval:org.secpod.oval:def:1701757 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted tha ... oval:org.secpod.oval:def:1701745 URL Redirection to Untrusted Site vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT web ... oval:org.secpod.oval:def:1701710 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted tha ... oval:org.secpod.oval:def:1701272 An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25 oval:org.secpod.oval:def:1701752 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:1701708 A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user na ... oval:org.secpod.oval:def:1701671 The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections ... oval:org.secpod.oval:def:1701199 A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, tr ... oval:org.secpod.oval:def:1701146 Use After Free in GitHub repository vim/vim prior to 9.0.0882. Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143 oval:org.secpod.oval:def:1701067 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to add ... oval:org.secpod.oval:def:1700794 vim is vulnerable to Heap-based Buffer Overflow A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well a ... oval:org.secpod.oval:def:1700756 A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. A use-after-free vulnerab ... oval:org.secpod.oval:def:1701157 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability all ... oval:org.secpod.oval:def:1700693 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with n ... oval:org.secpod.oval:def:1700889 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unaut ... oval:org.secpod.oval:def:1700766 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network a ... oval:org.secpod.oval:def:1700734 There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availab ... oval:org.secpod.oval:def:1700773 runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. A flaw was found in runc. An attacker who con ... oval:org.secpod.oval:def:1700742 runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. A flaw was found in runc. An attacker who con ... oval:org.secpod.oval:def:1700590 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. A locking vulnerability was found in the tty subsystem of the Linux kern ... oval:org.secpod.oval:def:1700588 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. A locking vulnerability was found in the tty subsystem of the Linux kern ... oval:org.secpod.oval:def:1700584 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. A locking vulnerability was found in the tty subsystem of the Linux kern ... oval:org.secpod.oval:def:1700578 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. A locking vulnerability was found in the tty subsystem of the Linux kern ... oval:org.secpod.oval:def:1701082 A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause sh ... oval:org.secpod.oval:def:1701740 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind ... oval:org.secpod.oval:def:1701652 jQuery before 1.9.0 is vulnerable to Cross-site Scripting attacks. The jQuery function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the 'less than' character anywhere in the string, giving attac ... oval:org.secpod.oval:def:1700086 Git before 2.14.5, allows remote code execution during processing of a recursive quot;git clonequot; of a superproject if a .gitmodules file has a URL field beginning with a #039;-#039; character. oval:org.secpod.oval:def:1700048 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ... oval:org.secpod.oval:def:1700780 Lack of content verification in Docker-CE versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing oval:org.secpod.oval:def:1700772 The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host#39;s hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness oval:org.secpod.oval:def:1700749 Lack of content verification in Docker-CE versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing oval:org.secpod.oval:def:1700751 The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host#39;s hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness oval:org.secpod.oval:def:1700177 A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.A denial of service flaw was found in libxml2. A remote att ... oval:org.secpod.oval:def:1700210 A use-after-free in onig_new_deluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte en ... oval:org.secpod.oval:def:1701881 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token and ... oval:org.secpod.oval:def:1701141 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:1701140 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:1701798 A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages fo ... oval:org.secpod.oval:def:1702015 There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Buffer Over ... oval:org.secpod.oval:def:1702007 bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution oval:org.secpod.oval:def:1701856 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969 oval:org.secpod.oval:def:1701924 An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request oval:org.secpod.oval:def:1700322 A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted X ... oval:org.secpod.oval:def:1701982 Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub_key ... oval:org.secpod.oval:def:1701976 Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub_key ... oval:org.secpod.oval:def:1701962 Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key togenerate an X9.42 DH key may experience long delays. Likewise, applicationsthat use DH_check_pub_key ... oval:org.secpod.oval:def:1701597 The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with RSA keys to servers that reject sig ... oval:org.secpod.oval:def:1701949 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error oval:org.secpod.oval:def:1701938 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error oval:org.secpod.oval:def:1701085 Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. No description is ... oval:org.secpod.oval:def:1701863 The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. http2/hpack: avoid quadratic complexity in hpack decoding Templates did not properly consider backticks as Javascript string delimiters, and as such didnot escape them ... oval:org.secpod.oval:def:1701718 The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars . This does not impact usages of crypto/ecdsa or crypto/ecdh. HTTP and MIME header parsing could allocate large amounts of memory, even when parsing small inputs. ... oval:org.secpod.oval:def:1701653 An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice causing a panic when calling ImportedSymbols. An a ... oval:org.secpod.oval:def:1702024 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:1701837 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701846 Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling p ... oval:org.secpod.oval:def:1701845 Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling p ... oval:org.secpod.oval:def:1701844 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1702048 The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. The issue was addressed with improved memory handling. T ... oval:org.secpod.oval:def:1702055 Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking . Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an ... oval:org.secpod.oval:def:1702075 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attack ... oval:org.secpod.oval:def:1701873 A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket acces ... oval:org.secpod.oval:def:1702081 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:1702082 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:1702080 AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the container's file system nam ... oval:org.secpod.oval:def:1701638 A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from th ... oval:org.secpod.oval:def:1701972 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB oval:org.secpod.oval:def:1701970 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB oval:org.secpod.oval:def:1701851 Sudo before 1.9.13 does not escape control characters in log messages. Sudo before 1.9.13 does not escape control characters in sudoreplay output oval:org.secpod.oval:def:1701968 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a ca ... oval:org.secpod.oval:def:1701604 An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensurin ... oval:org.secpod.oval:def:1701603 An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensurin ... oval:org.secpod.oval:def:1702122 A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat` in `protect_dir` ... oval:org.secpod.oval:def:1702087 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting . The Jinja `xmlattr` filter can be abused to in ... oval:org.secpod.oval:def:1702118 Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting . The Jinja `xmlattr` filter can be abused to in ... oval:org.secpod.oval:def:1702096 A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash oval:org.secpod.oval:def:1702117 An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox less than 122, Firefox ESR less than 115.7, and Thunderbird less than 115.7. It was possible for certain browser prompts and dialogs to be a ... oval:org.secpod.oval:def:1702104 IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file oval:org.secpod.oval:def:1702124 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data when a handler ... oval:org.secpod.oval:def:1702108 Sudo before 1.9.15 might allow row hammer attacks because application logic sometimes is based on not equaling an error value , and because the values do not resist flips of a single bit oval:org.secpod.oval:def:1702123 Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input oval:org.secpod.oval:def:1702085 NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the su ... oval:org.secpod.oval:def:1702128 GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsingNOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.htmlNOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreame ... oval:org.secpod.oval:def:1702127 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox less than 121 oval:org.secpod.oval:def:1702132 A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During commu ... oval:org.secpod.oval:def:1702129 A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.Applications are only affected if they are using the ChrootOS ht ... oval:org.secpod.oval:def:1702144 Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests ... oval:org.secpod.oval:def:1702137 An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies oval:org.secpod.oval:def:1702145 This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users oval:org.secpod.oval:def:1702133 Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack oval:org.secpod.oval:def:1702138 Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack oval:org.secpod.oval:def:1702135 jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRela ... oval:org.secpod.oval:def:1702136 A vulnerability named 'Non-Responsive Delegation Attack' has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies ... oval:org.secpod.oval:def:1702126 NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the su ... oval:org.secpod.oval:def:1702130 Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. Liblouis ... oval:org.secpod.oval:def:1702142 Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service via a crafted FLI file oval:org.secpod.oval:def:1702155 The description of this advisory is forthcoming. oval:org.secpod.oval:def:1702157 An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020 oval:org.secpod.oval:def:1702095 An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox less than 122, Firefox ESR less than 115.7, and Thunderbird less than 115.7. It was possible for certain browser prompts and dialogs to be a ... oval:org.secpod.oval:def:1702156 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the d ... oval:org.secpod.oval:def:1702153 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user o ... oval:org.secpod.oval:def:1702147 Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT d ... oval:org.secpod.oval:def:1702107 Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. Redis is an in-memory database tha ... oval:org.secpod.oval:def:1702109 Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue oval:org.secpod.oval:def:1702089 Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue oval:org.secpod.oval:def:1700886 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unaut ... oval:org.secpod.oval:def:1700885 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unaut ... oval:org.secpod.oval:def:1700884 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unaut ... oval:org.secpod.oval:def:1702125 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. A correctness issue was addressed with improved checks. This issue is fixed ... oval:org.secpod.oval:def:1702049 GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file oval:org.secpod.oval:def:1701865 libX11: out-of-bounds memory access in _XkbReadKeySyms libX11: integer overflow in XCreateImage leading to a heap overflow oval:org.secpod.oval:def:1701848 libX11: integer overflow in XCreateImage leading to a heap overflow. libXpm: out of bounds read in XpmCreateXpmImageFromBufferNOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0 ... oval:org.secpod.oval:def:1701822 BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file oval:org.secpod.oval:def:1702139 Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c because a single character code in a PDF document can map to more than one Unicode code point oval:org.secpod.oval:def:1700722 A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat ... oval:org.secpod.oval:def:1702084 A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code exec ... oval:org.secpod.oval:def:1702143 Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointerNOTE: https://lists.x.org/archives/xorg/2024-January/061525.htmlNOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 Reattaching to different master device may lead to out-of-bounds memory a ... oval:org.secpod.oval:def:1701859 There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger un ... oval:org.secpod.oval:def:1701747 Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service oval:org.secpod.oval:def:1701289 In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tri ... oval:org.secpod.oval:def:1700328 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed oval:org.secpod.oval:def:1700806 A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j 2.x is available a ... oval:org.secpod.oval:def:1701203 firefox-esr , thunderbird and nss only are affected by this package. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The Mozilla Foundation Security Advisory describ ... oval:org.secpod.oval:def:1701301 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribut ... oval:org.secpod.oval:def:1701642 libjpeg-turbo version 2.0.90 has a heap-based buffer over-read in decompress_smooth_data in jdcoefct.c oval:org.secpod.oval:def:1701700 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1701727 A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags, th ... oval:org.secpod.oval:def:1701751 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1701794 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not ... oval:org.secpod.oval:def:1701974 An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service via crafted SQL statements. An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service via crafted SQL state ... oval:org.secpod.oval:def:1702165 Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE page for fix status oval:org.secpod.oval:def:1702158 When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox less than 123, Firefox ESR less than 115.8, and Thunderbird less than 115.8. Through a series of API calls and redir ... oval:org.secpod.oval:def:1702173 ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c oval:org.secpod.oval:def:1702169 close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE oval:org.secpod.oval:def:1702164 A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby scrip ... oval:org.secpod.oval:def:1702166 An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink ... oval:org.secpod.oval:def:1702163 plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service oval:org.secpod.oval:def:1702172 cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive oval:org.secpod.oval:def:1702161 This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. oval:org.secpod.oval:def:1702196 Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to ... oval:org.secpod.oval:def:1702194 Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled , 3. per-try-timeout is enabled, either through head ... oval:org.secpod.oval:def:1702191 When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox less than 123, Firefox ESR less than 115.8, and Thunderbird less than 115.8. Through a series of API calls and redir ... oval:org.secpod.oval:def:1702190 Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default wil ... oval:org.secpod.oval:def:1702182 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption oval:org.secpod.oval:def:1702179 A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption oval:org.secpod.oval:def:1701933 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead . This could be used, for example, by L2 guests with a virtual disk stored on a virtual disk of an L1 hypervisor to read and/or write data to LBA 0 of vdiskL1, potenti ... oval:org.secpod.oval:def:1702141 EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. EDK2 is susceptible to a vul ... oval:org.secpod.oval:def:1702091 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow oval:org.secpod.oval:def:1701193 The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service due missing to nested depth limitation for collections oval:org.secpod.oval:def:1702019 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial o ... oval:org.secpod.oval:def:1700327 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE . Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi ... oval:org.secpod.oval:def:1702193 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1702180 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1702181 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1702185 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1702175 Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The vi ... oval:org.secpod.oval:def:1701232 firefox-esr , thunderbird and nss only are affected by this package oval:org.secpod.oval:def:1701290 The Mozilla Foundation describes this issue as follows:OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. The Mozilla Foundation describes ... oval:org.secpod.oval:def:1701236 The Mozilla Foundation describes this issue as follows:Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. The Mozilla Foundation describes this issue as follows:When accessi ... oval:org.secpod.oval:def:1701855 A vulnerability was found in ImageMagick where heap use-after-free was found in coders/bmp.c oval:org.secpod.oval:def:1701830 A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to size_t in svg, mvg and other coders oval:org.secpod.oval:def:1701278 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of s ... oval:org.secpod.oval:def:1701886 Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest AuthenticationAn issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block ... oval:org.secpod.oval:def:1702058 It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens befor ... oval:org.secpod.oval:def:1701896 An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curl_easy_duphandle, is used to duplicate the easy_handle associated with a transfer. If a duplicated transfer's easy_handle has cookies enabled whe ... oval:org.secpod.oval:def:1702061 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes f ... oval:org.secpod.oval:def:1701952 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701937 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701915 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701919 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701920 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701909 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701910 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701893 Templates did not properly consider backticks as Javascript string delimiters, and as such didnot escape them as expected. Backticks are used, since ES6, for JS template literals. If a templatecontained a Go template action within a Javascript template literal, the contents of the action couldbe us ... oval:org.secpod.oval:def:1701889 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701888 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701880 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701879 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701877 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701870 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701866 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701857 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1701836 Line directives can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file ... oval:org.secpod.oval:def:1702195 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes f ... oval:org.secpod.oval:def:1702151 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1702146 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023 oval:org.secpod.oval:def:1702111 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could le ... oval:org.secpod.oval:def:1702101 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could le ... oval:org.secpod.oval:def:1701635 A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command oval:org.secpod.oval:def:1700904 A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. A flaw was ... oval:org.secpod.oval:def:1701302 Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow oval:org.secpod.oval:def:1701280 Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query ... oval:org.secpod.oval:def:1701829 An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK 11, 17 and OpenJDK 8, 11, 17, allows attackers to cause a denial of service oval:org.secpod.oval:def:1702097 Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 oval:org.secpod.oval:def:1701160 A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability. A ... oval:org.secpod.oval:def:1701961 In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution oval:org.secpod.oval:def:1701805 In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution oval:org.secpod.oval:def:1701069 A vulnerability was found in curl. The issue occurs when doing HTTP transfers, where curl might erroneously use the read callback to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback. ... oval:org.secpod.oval:def:1701977 An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A l ... oval:org.secpod.oval:def:1700911 A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or by a malicious act ... oval:org.secpod.oval:def:1700757 A flaw was found in libcurl. When sending data to an MQTT server could in some situations lead to libcurl using already freed memory and then try to free it again. The highest threat from this vulnerability is to data confidentiality as well as system availability. A flaw was found in curl. This fla ... oval:org.secpod.oval:def:1700695 A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl"s multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentia ... oval:org.secpod.oval:def:1701967 A flaw was found in net-snmp. A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access issue. A flaw was found in net-snmp. This issue occurs due to improper input validation when simultaneously setting malformed OIDs in the master agent and subage ... oval:org.secpod.oval:def:1702071 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information oval:org.secpod.oval:def:1702073 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchal ... oval:org.secpod.oval:def:1702062 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information oval:org.secpod.oval:def:1702065 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchal ... oval:org.secpod.oval:def:1702063 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:1702053 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:1702088 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:1701918 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when mem ... oval:org.secpod.oval:def:1701293 A NULL pointer dereference exists when parsing XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various ... oval:org.secpod.oval:def:1701644 Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service via supplying a crafted XML file oval:org.secpod.oval:def:1700591 A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. A flaw was found in the Linux kernel. An out-of-bounds read ... oval:org.secpod.oval:def:1700593 A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. A flaw was found in the Linux kernel. An out-of-bounds read ... oval:org.secpod.oval:def:1700582 A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. A flaw was found in the Linux kernel. An out-of-bounds read ... oval:org.secpod.oval:def:1700836 A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind function. This flaw allows a local user to crash or escalate their privileges on the system. A use-after-free flaw was found i ... oval:org.secpod.oval:def:1700834 An issue was discovered in the Linux kernel. Fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end ... oval:org.secpod.oval:def:1700807 A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count c ... oval:org.secpod.oval:def:1700813 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To se ... oval:org.secpod.oval:def:1702013 A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. An issue was discovered in Binutils readelf 2.38.50, reachable asserti ... oval:org.secpod.oval:def:1701960 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c oval:org.secpod.oval:def:1701680 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory panic. The problem is fixed in ... oval:org.secpod.oval:def:1701102 A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect oval:org.secpod.oval:def:1701100 A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect oval:org.secpod.oval:def:1700994 An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. The Linux kernel before ... oval:org.secpod.oval:def:1701239 A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol . A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service oval:org.secpod.oval:def:1701219 A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol . A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service oval:org.secpod.oval:def:1701198 A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The ide ... oval:org.secpod.oval:def:1701147 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch ... oval:org.secpod.oval:def:1701145 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch ... oval:org.secpod.oval:def:1701099 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this ... oval:org.secpod.oval:def:1701081 A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vuln ... oval:org.secpod.oval:def:1701080 A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits . The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1701087 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface oval:org.secpod.oval:def:1701787 An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters oval:org.secpod.oval:def:1701753 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by r ... oval:org.secpod.oval:def:1701720 A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits . The highest threat from this vulnerability is to system availability oval:org.secpod.oval:def:1701222 An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters oval:org.secpod.oval:def:1701695 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface oval:org.secpod.oval:def:1701208 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by r ... oval:org.secpod.oval:def:1701617 In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or discl ... oval:org.secpod.oval:def:1701622 In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or discl ... oval:org.secpod.oval:def:1700859 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:1700863 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:1700867 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:1700849 A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them oval:org.secpod.oval:def:1700856 A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. A heap-based buffer overflow flaw was found in the way t ... oval:org.secpod.oval:def:1700770 Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700759 Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700763 Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700754 Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700896 A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The speci ... oval:org.secpod.oval:def:1701090 The ncurses package is susceptible to a heap overflow on crafted input. When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability. A segmentation fault vulner ... oval:org.secpod.oval:def:1701784 A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read oval:org.secpod.oval:def:1701736 A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. A buffer overrun vulnerability was found in Ruby. The issue occurs in a c ... oval:org.secpod.oval:def:1701202 A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. A flaw was found in the Curl package, where the ... oval:org.secpod.oval:def:1701142 ** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all ... oval:org.secpod.oval:def:1700696 A flaw was found in the Linux kernel, where an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. ... oval:org.secpod.oval:def:1701803 A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An attacker within wireless range could send crafted traffic leading to information disclosure. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when ... oval:org.secpod.oval:def:1701802 A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running ... oval:org.secpod.oval:def:1701800 A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An attacker within wireless range could send crafted traffic leading to information disclosure. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when ... oval:org.secpod.oval:def:1700829 A flaw was found in the Linux kernel. This flaw allows attackers to cause a denial of service by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. The highest threat from this vulnerability is to system availability. A flaw was found in the Linux ker ... oval:org.secpod.oval:def:1700831 A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attacke ... oval:org.secpod.oval:def:1700830 A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device . A flaw use-after-free in function sco_sock_sendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race con ... oval:org.secpod.oval:def:1700835 A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity a ... oval:org.secpod.oval:def:1700817 A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl . The highest threat from this vulnerability is to data confidentiality. A flaw was found in the ... oval:org.secpod.oval:def:1700815 A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An attacker within wireless range could send crafted traffic leading to information disclosure. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when ... oval:org.secpod.oval:def:1700814 A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem . This flaw could even allow a local attacker with special user privilege to a ker ... oval:org.secpod.oval:def:1700818 An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the s ... oval:org.secpod.oval:def:1700820 A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. The highest t ... oval:org.secpod.oval:def:1700824 An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the s ... oval:org.secpod.oval:def:1700821 A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity a ... oval:org.secpod.oval:def:1700809 A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device . A flaw use-after-free in function sco_sock_sendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race con ... oval:org.secpod.oval:def:1700810 A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. A memory leak flaw was found in the Li ... oval:org.secpod.oval:def:1700758 A flaw use-after-free in function sco_sock_sendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del together with the call sco_sock_sendmsg with the expected controllable faulting memory page. A privi ... oval:org.secpod.oval:def:1700737 ALAS2LIVEPATCH-2021-067: Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700729 ALAS2LIVEPATCH-2021-066: Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700727 ALAS2LIVEPATCH-2021-068: Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700726 A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running ... oval:org.secpod.oval:def:1700732 ALAS2LIVEPATCH-2021-065: Vulnerability in kernel-livepatch oval:org.secpod.oval:def:1700720 A flaw was found in the Linux kernel. A race condition was discovered in the ext4 subsystem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability oval:org.secpod.oval:def:1700598 A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system a ... oval:org.secpod.oval:def:1700597 A flaw was found in the Linux kernel"s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the ... oval:org.secpod.oval:def:1700596 A flaw was found in the Linux kernel"s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the ... oval:org.secpod.oval:def:1700595 A flaw was found in the Linux kernel"s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the ... oval:org.secpod.oval:def:1700587 A flaw was found in the Linux kernel"s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the ... oval:org.secpod.oval:def:1700586 A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system a ... oval:org.secpod.oval:def:1700580 A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system a ... oval:org.secpod.oval:def:1700542 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_me ... oval:org.secpod.oval:def:1700403 In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the p ... oval:org.secpod.oval:def:1700819 A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabil ... oval:org.secpod.oval:def:1700823 A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity ... oval:org.secpod.oval:def:1700822 A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcp_sock_bind function. This flaw allows a local user to crash or escalate their privileges on the system. A use-after-free flaw was found i ... oval:org.secpod.oval:def:1700721 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation oval:org.secpod.oval:def:1700044 A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch oper ... oval:org.secpod.oval:def:1700838 A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/ ... oval:org.secpod.oval:def:1700832 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap t ... oval:org.secpod.oval:def:1700812 A NULL pointer dereference flaw may occur in the Linux kernel's relay_open in kernel/relay.c. if the alloc_percpu function is not validated in time of failure and used as a valid address for access. An attacker could use this flaw to cause a denial of service. A new domain bypass transient execution ... oval:org.secpod.oval:def:1700376 An issue where a provided address with access_ok is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting i ... oval:org.secpod.oval:def:1700348 A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent proc ... oval:org.secpod.oval:def:1700600 A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from t ... oval:org.secpod.oval:def:1700602 A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges to add or remove Rados Block Devices from the system oval:org.secpod.oval:def:1700599 A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from t ... oval:org.secpod.oval:def:1700833 A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage the lifetime of internal data structures used. An attacker could use this flaw to corrupt memory or escalate privileges. A use-after-free flaw was found in the debugfs_rem ... oval:org.secpod.oval:def:1700316 A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially ... oval:org.secpod.oval:def:1700276 A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU#039;s local cache and system software#039;s Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, ... oval:org.secpod.oval:def:1700217 An out-of-bounds access issue was found in the way Linux kernels KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer struct kvm_coalesced_mmio object, wherein write indices ring-gt;first and ring-gt;last value could be supplied by a host user-space proces ... oval:org.secpod.oval:def:1700150 A kernel memory leak was found in the kernel_read_file function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service .A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers ... oval:org.secpod.oval:def:1700826 A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. A flaw was found in the Linux kernel. The CX23888 Integrated ... oval:org.secpod.oval:def:1700184 CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernels and are not vuln ... oval:org.secpod.oval:def:1700188 An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, ... oval:org.secpod.oval:def:1700113 In the Linux kernel af_alg_release in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. A local attacker can use this flaw to escalate privileges and take control of the system. oval:org.secpod.oval:def:1700215 Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writin ... oval:org.secpod.oval:def:1700170 A flaw was found in the Linux kernel#039;s implementation of RDS over TCP. A system that has the rds_tcp kernel module loaded could possibly cause a use after free in which an attacker who is able to manipulate socket state while a network namespace is being torn down. This can lead to possible me ... oval:org.secpod.oval:def:1700175 A flaw was found in the Linux kernels freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other ... oval:org.secpod.oval:def:1700166 A flaw was found in the Linux kernel#039;s implementation of logical link control and adaptation protocol , part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a sp ... oval:org.secpod.oval:def:1700130 The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect an ... oval:org.secpod.oval:def:1700116 A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ... oval:org.secpod.oval:def:1700114 A use-after-free vulnerability was found in the way the Linux kernel#039;s KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device, the device holds a reference to a VM object, later this reference is transferred to the caller#039;s file descriptor table ... oval:org.secpod.oval:def:1700091 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.A vulnerability was discover ... oval:org.secpod.oval:def:1700012 Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memor ... oval:org.secpod.oval:def:1701953 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect ... oval:org.secpod.oval:def:1701623 Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calc ... oval:org.secpod.oval:def:1701626 A vulnerability was found in PHP due to an uninitialized array in pg_query_params function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote a ... oval:org.secpod.oval:def:1701612 A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality oval:org.secpod.oval:def:1700187 In Pallets Jinja, str.format allows a sandbox escape oval:org.secpod.oval:def:1700213 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE . Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comp ... oval:org.secpod.oval:def:1700207 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE . Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compro ... oval:org.secpod.oval:def:1700193 OpenJDK: Insufficient restriction of privileges in AccessController OpenJDK: Unbounded memory allocation during deserialization in Collections libpng: png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute. OpenJDK: Insufficient chec ... oval:org.secpod.oval:def:1700179 Mozilla: Buffer overflow in WebGL bufferdata on Linux Mozilla: Use-after-free in XMLHttpRequest Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas e ... oval:org.secpod.oval:def:1700321 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. In the urllib3 library through 1.24.1 for Python, CRLF injectio ... oval:org.secpod.oval:def:1700281 There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.Th ... oval:org.secpod.oval:def:1700083 It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. ... oval:org.secpod.oval:def:1700346 A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave oval:org.secpod.oval:def:1700206 A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service. It was found ... oval:org.secpod.oval:def:1700205 A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service. It was found ... oval:org.secpod.oval:def:1700060 An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service via a large QEMU reply.An industry-wide issue was found in the way many modern micr ... oval:org.secpod.oval:def:1700069 Fixes for L1Terminal Fault security issues:L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault an ... oval:org.secpod.oval:def:1700064 An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode is called with a NULL bp. This can lead to a system crash and a denial of service.An issue was discovered in th ... oval:org.secpod.oval:def:1700061 The fs/ext4/inline.c:ext4_read_inline_data function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or ... oval:org.secpod.oval:def:1700059 A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service. oval:org.secpod.oval:def:1700053 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which ... oval:org.secpod.oval:def:1700052 An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator . It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service ... oval:org.secpod.oval:def:1700051 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which ... oval:org.secpod.oval:def:1700055 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which ... oval:org.secpod.oval:def:1700047 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which ... oval:org.secpod.oval:def:1700026 Race condition in the store_int_with_restart function in cpu/mcheck/mce.c:A race condition in the store_int_with_restart function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service by leveraging root access to write to the check_interval file in ... oval:org.secpod.oval:def:1700014 Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c:A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. oval:org.secpod.oval:def:1700011 Speculative execution branch target injectionAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Varia ... oval:org.secpod.oval:def:1700003 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:1700002 An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon previously incorp ... oval:org.secpod.oval:def:1700000 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:44395 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative exe ... oval:org.secpod.oval:def:1700046 The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2 ... oval:org.secpod.oval:def:1700209 An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location o ... oval:org.secpod.oval:def:1700211 A flaw was found in the Linux kernel in the hid_debug_events_read function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user to achieve an out-of-bounds write and thus receiving user space buffer corruption oval:org.secpod.oval:def:1700105 A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation . The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.An issue was discovered in the Linux ... oval:org.secpod.oval:def:1700082 A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta ... oval:org.secpod.oval:def:1700291 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR lt; 60.8, Firefox lt; 68, and Thunderbird lt; 60.8. A heap-based buffer overflow was found in the NSC_Encry ... oval:org.secpod.oval:def:1700297 A heap-based buffer overflow was found in the NSC_EncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application . While the attack complexity is high, the imp ... oval:org.secpod.oval:def:1700280 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers o ... oval:org.secpod.oval:def:1700287 Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output cou ... oval:org.secpod.oval:def:1700212 urllib in Python 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call oval:org.secpod.oval:def:1700203 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:1700194 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This is similar to the CVE-2019-97 ... oval:org.secpod.oval:def:1700165 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:1700127 A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts ... oval:org.secpod.oval:def:1700104 Python#039;s elementtree C accelerator failed to initialise Expat#039;s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat#039;s internal data structures, co ... oval:org.secpod.oval:def:1700093 During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ... oval:org.secpod.oval:def:1700043 nghttp2 version gt;= 1.10.0 and nghttp2 lt;= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have be ... oval:org.secpod.oval:def:1700029 bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to ... oval:org.secpod.oval:def:1702140 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR less than 60.8, Firefox less than 68, and Thunderbird less than 60.8. A heap-based buffer overflow was foun ... oval:org.secpod.oval:def:1700017 Integer overflow in malloc functions:The malloc implementation in the GNU C Library , from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than request ... oval:org.secpod.oval:def:1700375 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnera ... oval:org.secpod.oval:def:1701586 Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via crafted value as the retry delay. libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message contai ... oval:org.secpod.oval:def:1701835 An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code.When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its default behavior is to pass the hostname to the proxy and allow it to perform the resolution. In cases where ... oval:org.secpod.oval:def:72972 Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only u ... oval:org.secpod.oval:def:72974 Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected. oval:org.secpod.oval:def:97515 Journald (via systemd-journal-remote) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management.Rationale:Storing log data on a remote host protects log integrity from local attacks. If an attacker gains ... oval:org.secpod.oval:def:97510 The noexec mount option specifies that the filesystem cannot contain executable . Rationale: Since the /var/log filesystem is only intended for log files, set this option to ensure that users cannot run executable binaries from /var/log . oval:org.secpod.oval:def:97502 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:97504 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:97497 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97517 systemd-coredump file should configured properly oval:org.secpod.oval:def:97518 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log/audit filesystem is not intended to support devices, set this option to ensure that users cannot create a block or character special devices in /var/log/audit. oval:org.secpod.oval:def:97520 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log/audit filesystem is only intended for variable files such as logs, set this option to ensure that users cannot create setuid files in /var/log/audit. oval:org.secpod.oval:def:97508 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var. oval:org.secpod.oval:def:97498 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97499 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97495 The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Unix-based systems have typically displayed information about the OS release and patch level upon logging in to the system. This information can be useful to developers who ... oval:org.secpod.oval:def:97513 Journald includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is the configuration file used to specify how logs generated by Journald should be rotated.Rationale:By keeping the log ... oval:org.secpod.oval:def:97514 Journald (via systemd-journal-remote) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management.Rationale:Storing log data on a remote host protects log integrity from local attacks. If an attacker gains ... oval:org.secpod.oval:def:97516 Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts.Rationale:If a client is configured to also receive data, thus turning it into a server, the client system is acting outside it's operational boundary. oval:org.secpod.oval:def:97500 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:97494 Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log . Any time a command i ... oval:org.secpod.oval:def:97496 Ensure that the systemd-journald service is enabled to allow capturing of logging events. If the systemd-journald service is not enabled to start on boot, the system will not capture logging events. oval:org.secpod.oval:def:97519 The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/log/audit filesystem is only intended for audit logs, set this option to ensure that users cannot run executable binaries from /var/log/audit oval:org.secpod.oval:def:97511 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/log. oval:org.secpod.oval:def:97506 The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making /tmp its own file system allows an administrator to set the noexec option on the mount, making /tmp useless for an attacker to install executable code. It ... oval:org.secpod.oval:def:97509 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /home filesystem is only intended for user file storage, set this option to ensure that users cannot create setuid files in /home oval:org.secpod.oval:def:97501 sudo provides users with temporary elevated privileges to perform operations, either as the superuser or another user. Creating an audit log of users with temporary elevated privileges and the operation(s) they performed is essential to reporting. Administrators will want to correlate the events wr ... oval:org.secpod.oval:def:97512 The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var. oval:org.secpod.oval:def:97507 The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log filesystem is only intended for temporary file storage, set this option to ensure that users cannot create setuid files in /var/log. oval:org.secpod.oval:def:97503 Sudo caches used credentials for a default of 15 minutes. This is for ease of use when there are multiple administrative tasks to perform. The timeout can be modified to suit local security policies. oval:org.secpod.oval:def:97505 The contents of the file /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. oval:org.secpod.oval:def:1702054 Impact: Visiting a website that frames malicious content may lead to UI spoofing.Description: The issue was addressed with improved UI handling. A website may be able to track the websites a user visited in Safari private browsing mode. A spoofing issue existed in the handling of URLs. This issue wa ... oval:org.secpod.oval:def:1701813 HTTP headers eat all memoryNOTE: https://www.openwall.com/lists/oss-security/2023/09/13/1NOTE: https://curl.se/docs/CVE-2023-38039.htmlNOTE: Introduced by: https://github.com/curl/curl/commit/7c8c723682d524ac9580b9ca3b71419163cb5660 NOTE: Experimental tag removed in: https://github.com/curl/curl/com ... oval:org.secpod.oval:def:1701991 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ... oval:org.secpod.oval:def:1701916 Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely in the Ap ... oval:org.secpod.oval:def:1701229 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-suppli ... oval:org.secpod.oval:def:1702039 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for t ... oval:org.secpod.oval:def:1702023 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are ... oval:org.secpod.oval:def:1701988 Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to ... oval:org.secpod.oval:def:1702092 Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform ... oval:org.secpod.oval:def:1702110 A vulnerability named 'Non-Responsive Delegation Attack' has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies ... oval:org.secpod.oval:def:1701818 The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, ... oval:org.secpod.oval:def:1702159 Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause a denial of service via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of D ... oval:org.secpod.oval:def:1702192 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. In the Linux kernel, the following vulnerability has been resolved:net: prevent mss overflow in skb_seg ... oval:org.secpod.oval:def:1702186 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. In the Linux kernel, the following vulnerability has been resolved:net: prevent mss overflow in skb_seg ... oval:org.secpod.oval:def:1702178 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs whe ... oval:org.secpod.oval:def:1702167 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. A flaw was found in the ATA over Ethernet driver in the Linux kernel. The aoecmd_cfg_pkts function imp ... oval:org.secpod.oval:def:1702162 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete syste ... oval:org.secpod.oval:def:1701904 A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve has a parent without a link-sharing curve, then init_vf will call vttree_insert on the parent, but vttree_remove will be sk ... oval:org.secpod.oval:def:1701894 A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve has a parent without a link-sharing curve, then init_vf will call vttree_insert on the parent, but vttree_remove will be sk ... oval:org.secpod.oval:def:1701809 A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve has a parent without a link-sharing curve, then init_vf will call vttree_insert on the parent, but vttree_remove will be sk ... oval:org.secpod.oval:def:1701811 The upstream commit describes this issue as follows:The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. A use-after-free vulner ... oval:org.secpod.oval:def:1700828 A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. A f ... oval:org.secpod.oval:def:1700811 A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. A f ... oval:org.secpod.oval:def:1701216 A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution oval:org.secpod.oval:def:1701215 A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution oval:org.secpod.oval:def:1701217 A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution oval:org.secpod.oval:def:1700909 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. A vulnerability was found in the pfkey_register function in net/key/a ... oval:org.secpod.oval:def:1701283 An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure . This flaw allows a local user to crash or potentially escalate their privileges on the system oval:org.secpod.oval:def:1701286 An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure . This flaw allows a local user to crash or potentially escalate their privileges on the system oval:org.secpod.oval:def:1701274 A flaw was found in the Linux kernel Traffic Control subsystem. Using a specific networking configuration a local unprivileged user could trigger a CPU soft lockup when the transport protocol in use does a retransmission, resulting in a denial of service condition. RESERVEDNOTE: https://www.open ... oval:org.secpod.oval:def:1701273 kernel: Type confusion in pick_next_rt_entity, which can result in memory corruption. do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition oval:org.secpod.oval:def:1701271 kernel: Type confusion in pick_next_rt_entity, which can result in memory corruption. do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition oval:org.secpod.oval:def:1701268 kernel: Type confusion in pick_next_rt_entity, which can result in memory corruption. do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition oval:org.secpod.oval:def:1701985 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information oval:org.secpod.oval:def:1701585 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality oval:org.secpod.oval:def:1701574 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality oval:org.secpod.oval:def:1701906 A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests oval:org.secpod.oval:def:1701903 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div, used indirectly by ctrl_cdev_ioctl, when mtd-greater than erasesize is 0. A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen gu ... oval:org.secpod.oval:def:1701912 A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests oval:org.secpod.oval:def:1701984 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU oval:org.secpod.oval:def:1701978 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU oval:org.secpod.oval:def:1701950 A race condition between two functions, lmLogClose and txEnd, in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events component can be exploited to achieve local privile ... oval:org.secpod.oval:def:1701939 A race condition between two functions, lmLogClose and txEnd, in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access chec ... oval:org.secpod.oval:def:1701944 An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory . This d ... oval:org.secpod.oval:def:1701929 A race condition between two functions, lmLogClose and txEnd, in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events component can be exploited to achieve local privile ... oval:org.secpod.oval:def:1701892 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div, used indirectly by ctrl_cdev_ioctl, when mtd-greater than erasesize is 0. A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen gu ... oval:org.secpod.oval:def:1702115 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702112 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702093 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702150 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow function can cause a double free vulnerabi ... oval:org.secpod.oval:def:1702154 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow function can cause a double free vulnerabi ... oval:org.secpod.oval:def:1702131 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow function can cause a double free vulnerabi ... oval:org.secpod.oval:def:1702119 A flaw has been found in Xen. An unprivileged guest can cause Denial of Service of the host by sending network packets to the backend, causing the backend to crash. An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter tab ... oval:org.secpod.oval:def:1702114 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. A race cond ... oval:org.secpod.oval:def:1702098 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702171 libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` , truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered v ... oval:org.secpod.oval:def:1702160 wpa_supplicant: potential authorization bypass oval:org.secpod.oval:def:1701598 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is ... oval:org.secpod.oval:def:1700895 A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write. A flaw was found in expat. Passing malformed 2- and 3-byt ... oval:org.secpod.oval:def:1701646 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is ... oval:org.secpod.oval:def:1701212 Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Server-Side Request Forgery ... oval:org.secpod.oval:def:1702189 Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attackThe package openssl098e is provided purely for binary compatibility with older Amazon Linux versions. It does not receive security updates oval:org.secpod.oval:def:1702170 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. EDK2's Network Packa ... oval:org.secpod.oval:def:1702174 Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attackThe package openssl098e is provided purely for binary compatibility with older Amazon Linux versions. It does not receive security updates oval:org.secpod.oval:def:1702168 Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attackThe package openssl098e is provided purely for binary compatibility with older Amazon Linux versions. It does not receive security updates oval:org.secpod.oval:def:1702067 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702045 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702043 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702044 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702103 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702083 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702069 An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attack ... oval:org.secpod.oval:def:1702064 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. An out-of-bounds read vulner ... oval:org.secpod.oval:def:1701997 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. An out-of-bounds read vulner ... oval:org.secpod.oval:def:1701995 An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attack ... oval:org.secpod.oval:def:1701999 An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed to the kernel ring buffer . A heap out-of-bounds write ... oval:org.secpod.oval:def:1701971 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve l ... oval:org.secpod.oval:def:1701958 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve l ... oval:org.secpod.oval:def:1701965 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.We recommend upgrading past commit f15f29fd4779be8a4 ... oval:org.secpod.oval:def:1701839 A flaw was found in rsvp_change. The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables componen ... oval:org.secpod.oval:def:1701843 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference cou ... oval:org.secpod.oval:def:1702183 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702187 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702176 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-b ... oval:org.secpod.oval:def:1702152 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The nft_verdict_init function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow function can cause a double free vulnerabi ... oval:org.secpod.oval:def:1702148 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter table, lack of a safeguard against invalid nf_tables family values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. In rds_recv ... oval:org.secpod.oval:def:1702105 A flaw has been found in Xen. An unprivileged guest can cause Denial of Service of the host by sending network packets to the backend, causing the backend to crash. An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter tab ... oval:org.secpod.oval:def:1702106 A flaw has been found in Xen. An unprivileged guest can cause Denial of Service of the host by sending network packets to the backend, causing the backend to crash. An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 ; While creating a new netfilter tab ... oval:org.secpod.oval:def:1702036 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.A race condition can be exploited to cause a timer be mistakenly regist ... oval:org.secpod.oval:def:1701158 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this ... oval:org.secpod.oval:def:1701153 In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_ ... oval:org.secpod.oval:def:1701151 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this ... oval:org.secpod.oval:def:1701156 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this ... oval:org.secpod.oval:def:1701143 In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_ ... oval:org.secpod.oval:def:1701139 Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an assumption in the rest of the Linux network stack that packet protocol hea ... oval:org.secpod.oval:def:1701101 A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this ... oval:org.secpod.oval:def:1701575 A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.Mishandled error handling with NFT_MSG_NEWRULE makes it po ... oval:org.secpod.oval:def:1701573 A Gather Data Sampling transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction to infer stale data from previously used vector registers on the same physical core. A division-by-zero error on some A ... oval:org.secpod.oval:def:1701907 A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.When route4_change is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when ... oval:org.secpod.oval:def:1701901 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.When fw_change is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updatin ... oval:org.secpod.oval:def:1701077 In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ... oval:org.secpod.oval:def:1701897 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.When nf_tables_delrule is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain c ... oval:org.secpod.oval:def:1701899 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.When fw_change is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updatin ... oval:org.secpod.oval:def:1701890 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.When fw_change is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updatin ... oval:org.secpod.oval:def:1701833 A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.When route4_change is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when ... oval:org.secpod.oval:def:1701819 A flaw was found in the Linux kernel's IP framework for transforming packets . This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params, leading to a possible kernel crash and denial of service. A use-after-free vulnerability ... oval:org.secpod.oval:def:1701821 A flaw was found in the Linux kernel's IP framework for transforming packets . This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params, leading to a possible kernel crash and denial of service. The upstream commit describes ... oval:org.secpod.oval:def:1701820 A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.When route4_change is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when ... oval:org.secpod.oval:def:1701300 An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure . This flaw allows a local user to crash or potentially escalate their privileges on the system. cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 ... oval:org.secpod.oval:def:1701782 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1701764 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1701767 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1700837 A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests.A local user could use this flaw to starve the resources resulting in a denial of service. A denial of service ... oval:org.secpod.oval:def:1700825 A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests.A local user could use this flaw to starve the resources resulting in a denial of service. A denial of service ... oval:org.secpod.oval:def:1701284 A double-free flaw was found in the Linux kernel and rsquo;s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails . This flaw allows a local user to crash or potentially escalate their privileges on the system. A use-after-free flaw was fo ... oval:org.secpod.oval:def:1702120 A memory corruption flaw was found in the Linux kernel's human interface device subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system oval:org.secpod.oval:def:1702121 A memory corruption flaw was found in the Linux kernel's human interface device subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_m ... oval:org.secpod.oval:def:1701269 do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition oval:org.secpod.oval:def:1701267 RESERVEDNOTE: https://www.openwall.com/lists/oss-security/2022/12/14/3NOTE: https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/ do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition oval:org.secpod.oval:def:1702100 A Linux Kernel flaw found in memory management. If allocation failure happens in pagefault_out_of_memory with VM_FAULT_OOM, then it can lead to memory overflow when many tasks trigger this. An issue may cause multi-tenant denial of service . It was reported that a malicious workload may be allowed t ... oval:org.secpod.oval:def:1701238 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM advertising eIBRS support to L1. An attacker at L2 with code execution ... oval:org.secpod.oval:def:1701231 In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure during the renaming of a device oval:org.secpod.oval:def:1701228 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM advertising eIBRS support to L1. An attacker at L2 with code execution ... oval:org.secpod.oval:def:1701220 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM advertising eIBRS support to L1. An attacker at L2 with code execution ... oval:org.secpod.oval:def:1701693 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1701689 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1701672 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1701667 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attack ... oval:org.secpod.oval:def:1702102 Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manage ... oval:org.secpod.oval:def:1701954 When doing NTLM authentication, the client sends replies tocryptographic challenges back to the server. These replieshave variable length. Winbind did not properly bounds-checkthe lan manager response length, which despite the lanmanager version no longer being used is still part of theprotocol.If t ... oval:org.secpod.oval:def:1701981 When installing a package from a Mercurial VCS URL with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call . Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability ... oval:org.secpod.oval:def:1701150 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate ap ... oval:org.secpod.oval:def:1701624 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in ... oval:org.secpod.oval:def:1702090 There is a potential buffer overflow in the PHP built-in web server - setting the environment variable PHP_CLI_SERVER_WORKERS to a large value can lead to a heap buffer overflow |
