Download
| Alert*
|
oval:org.secpod.oval:def:2001400
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2000503 A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000176 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENC ... oval:org.secpod.oval:def:2001083 An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size in the file rec-fex.c of librec.a. oval:org.secpod.oval:def:2000211 The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001119 The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001568 The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001196 An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name in the file rec-field.c in librec.a. oval:org.secpod.oval:def:2000708 An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user ... oval:org.secpod.oval:def:2001237 An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2000497 In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. oval:org.secpod.oval:def:2000465 A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2000083 In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. oval:org.secpod.oval:def:2000767 SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. oval:org.secpod.oval:def:2000044 Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. oval:org.secpod.oval:def:2000087 sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim"s browser must follow ... oval:org.secpod.oval:def:2000175 ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. oval:org.secpod.oval:def:2000153 An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c. oval:org.secpod.oval:def:2001444 In uClibc 0.9.33.2, there is stack exhaustion in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. oval:org.secpod.oval:def:2000590 ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. oval:org.secpod.oval:def:602260 Two vulnerabilities have been found in unzip, a de-archiver for .zip files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7696 Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system we ... oval:org.secpod.oval:def:603184 Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password. oval:org.secpod.oval:def:2000678 Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. oval:org.secpod.oval:def:2000648 There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is ... oval:org.secpod.oval:def:2001134 The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers. oval:org.secpod.oval:def:2000325 An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000300 PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value. oval:org.secpod.oval:def:2000390 There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is ... oval:org.secpod.oval:def:2001225 An error within the "find_green" function in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. oval:org.secpod.oval:def:602522 Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using gdk-pixbuf , or potentially, to execute arbitrary code with the privile ... oval:org.secpod.oval:def:2001218 An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c. oval:org.secpod.oval:def:2001212 The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001297 An error within the "LibRaw::parse_exif" function in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. oval:org.secpod.oval:def:2000495 An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c. oval:org.secpod.oval:def:2000077 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/L ... oval:org.secpod.oval:def:2000081 PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index. oval:org.secpod.oval:def:603018 A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service or have unspecified other impact, if a specially crafted file is processed. oval:org.secpod.oval:def:2001402 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image function in coders/jp2.c. oval:org.secpod.oval:def:602719 Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection of libraries implementing the DICOM standard, did not properly handle the size of data received the network. This could lead to denial-of-service or arbitrary code execution. oval:org.secpod.oval:def:2000505 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case. oval:org.secpod.oval:def:2000171 The __hash_open function in hash.c:229 in Mozilla Network Security Services allows context-dependent attackers to cause a denial of service via a crafted cert8.db file. oval:org.secpod.oval:def:2001488 Netwide Assembler through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. oval:org.secpod.oval:def:2001446 The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG data. oval:org.secpod.oval:def:2000104 An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore . oval:org.secpod.oval:def:602790 Marco Romano discovered that libquicktime, a library for reading and writing QuickTime files, was vulnerable to an integer overflow attack. When opened, a specially crafted MP4 file would cause a denial of service by crashing the application. oval:org.secpod.oval:def:2001439 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. oval:org.secpod.oval:def:2000114 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case. oval:org.secpod.oval:def:602222 A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service. oval:org.secpod.oval:def:602252 Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execute ... oval:org.secpod.oval:def:2000602 The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:2000201 The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. oval:org.secpod.oval:def:2000667 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. oval:org.secpod.oval:def:2000652 samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution oval:org.secpod.oval:def:602826 Several vulnerabilities have been discovered in the audiofile library, which may result in denial of service or the execution of arbitrary code if a malformed audio file is processed. oval:org.secpod.oval:def:602857 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.9 oval:org.secpod.oval:def:602843 It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability, which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed. oval:org.secpod.oval:def:2000287 libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. oval:org.secpod.oval:def:2000258 WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function for a purpose other than initializing a bitvect ... oval:org.secpod.oval:def:2000240 libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. oval:org.secpod.oval:def:602378 Stepan Golosunov discovered that xdelta3, a diff utility which works with binary files, is affected by a buffer overflow vulnerability within the main_get_appheader function, which may lead to the execution of arbitrary code. oval:org.secpod.oval:def:2001191 cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. oval:org.secpod.oval:def:602393 Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed. oval:org.secpod.oval:def:602382 Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio, a tool for creating and extracting cpio archive files, leading to a denial of service . oval:org.secpod.oval:def:603277 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. oval:org.secpod.oval:def:2000341 An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which can lead to buffer overflows, and result in aborts or code execution. The process_iscsid_broadcast function i ... oval:org.secpod.oval:def:2000333 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case. oval:org.secpod.oval:def:2000797 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. oval:org.secpod.oval:def:602938 Multiple security vulnerabilities have been found in oSIP, a library implementing the Session Initiation Protocol, which might result in denial of service through malformed SIP messages. oval:org.secpod.oval:def:2000743 In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. oval:org.secpod.oval:def:2000752 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. oval:org.secpod.oval:def:602509 It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service. oval:org.secpod.oval:def:2001201 There is a reachable assertion abort in the function dict_rename_var in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. oval:org.secpod.oval:def:602455 Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed. oval:org.secpod.oval:def:602445 Kashyap Thimmaraju and Bhargava Shastry discovered a remotely triggerable buffer overflow vulnerability in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. ... oval:org.secpod.oval:def:602440 It was discovered that libmatroska, an extensible open standard audio/video container format, incorrectly processed EBML lacing. By providing maliciously crafted input, an attacker could use this flaw to force some leakage of information located in the process heap memory. oval:org.secpod.oval:def:2001290 A remote code execution vulnerability in the Android system . Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. oval:org.secpod.oval:def:2001296 In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service via a crafted pdf file. oval:org.secpod.oval:def:2000843 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case. oval:org.secpod.oval:def:2000820 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2000803 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. oval:org.secpod.oval:def:2000815 Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstr ... oval:org.secpod.oval:def:2001303 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000457 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. oval:org.secpod.oval:def:2000432 In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. oval:org.secpod.oval:def:2000888 There is a reachable assertion abort in the function dict_add_mrset in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000868 In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. oval:org.secpod.oval:def:2000865 The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. oval:org.secpod.oval:def:2000053 The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service via a crafted .asn1 file. oval:org.secpod.oval:def:2000064 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseTo ... oval:org.secpod.oval:def:2001386 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. oval:org.secpod.oval:def:2000480 The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service via a "!2" string. oval:org.secpod.oval:def:2000069 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case. oval:org.secpod.oval:def:2001409 af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2001492 ntopng before 3.0 allows HTTP Response Splitting. oval:org.secpod.oval:def:602770 Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. oval:org.secpod.oval:def:602247 Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service. oval:org.secpod.oval:def:602333 Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site. oval:org.secpod.oval:def:602399 Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues: CVE-2016-2054 The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service ... oval:org.secpod.oval:def:2001634 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol . oval:org.secpod.oval:def:2000352 A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. oval:org.secpod.oval:def:2000357 A Persistent XSS vulnerability exists in Kodi through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user"s browser via a playlist. oval:org.secpod.oval:def:2000860 PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. oval:org.secpod.oval:def:602060 Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. CVE-2015-3011 Hugh Davenport discovered that the contacts application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. This vulne ... oval:org.secpod.oval:def:603095 A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress. oval:org.secpod.oval:def:2001372 ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. oval:org.secpod.oval:def:2000986 The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. oval:org.secpod.oval:def:2001572 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file th ... oval:org.secpod.oval:def:603244 Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ... oval:org.secpod.oval:def:602485 Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in ... oval:org.secpod.oval:def:2000433 An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script execu ... oval:org.secpod.oval:def:2000419 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to in ... oval:org.secpod.oval:def:2001015 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and co ... oval:org.secpod.oval:def:2001008 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure fill ... oval:org.secpod.oval:def:602741 Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. oval:org.secpod.oval:def:602798 An SQL injection vulnerability has been discovered in the "Latest data" page of the web frontend of the Zabbix network monitoring system oval:org.secpod.oval:def:602304 Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:2000117 A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. oval:org.secpod.oval:def:2001081 In FreeBSD before 11.1-STABLE and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privilege ... oval:org.secpod.oval:def:602261 John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them. This can lead to a disclosure of the plaintext of previously processed packets. oval:org.secpod.oval:def:24884 Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server certificat ... oval:org.secpod.oval:def:2000670 HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done ... oval:org.secpod.oval:def:2001528 PySAML2 allows remote attackers to conduct XML external entity attacks via a crafted SAML XML request or response. oval:org.secpod.oval:def:2000674 Triplea version <= 1.9.0.0.10291 contains a XML External Entity vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file . oval:org.secpod.oval:def:602435 Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure. oval:org.secpod.oval:def:2000225 In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel co ... oval:org.secpod.oval:def:602390 Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:2001164 JabRef version <=4.3.1 contains a XML External Entity vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerabi ... oval:org.secpod.oval:def:602904 It was discovered that an XML external entities vulnerability in the Apache FOP XML formatter may result in information disclosure. oval:org.secpod.oval:def:602452 Several vulnerabilities were discovered in libebml, a library for manipulating Extensible Binary Meta Language files. CVE-2015-8789 Context-dependent attackers could trigger a use-after-free vulnerability by providing a maliciously crafted EBML document. CVE-2015-8790 Context-dependent attackers cou ... oval:org.secpod.oval:def:602087 It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection . oval:org.secpod.oval:def:2001300 NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. oval:org.secpod.oval:def:602601 Two vulnerabilities have been discovered in the server for the Tryton application platform, which may result in information disclosure of password hashes or file contents. oval:org.secpod.oval:def:2000027 An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kern ... oval:org.secpod.oval:def:2000041 FreeCol version <= nightly-2018-08-22 contains a XML External Entity vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. oval:org.secpod.oval:def:2000970 Prayer through 1.3.5 sends a Referer header, containing a user"s username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. oval:org.secpod.oval:def:602175 It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic. oval:org.secpod.oval:def:602239 It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service. oval:org.secpod.oval:def:602244 It was discovered that FreeType did not properly handle some malformed inputs. This could allow remote attackers to cause a denial of service via crafted font files. oval:org.secpod.oval:def:602321 Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak. oval:org.secpod.oval:def:2000747 The backtrack compilation code in the Irregex package before 0.9.6 for Scheme allows remote attackers to cause a denial of service via a crafted regular expression with a repeating pattern. oval:org.secpod.oval:def:602518 Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes or openssl_random_pseudo_bytes are not available, the out ... oval:org.secpod.oval:def:602090 Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash. oval:org.secpod.oval:def:2001041 An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow. oval:org.secpod.oval:def:2001518 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created ... oval:org.secpod.oval:def:602332 Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. oval:org.secpod.oval:def:2000895 An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. oval:org.secpod.oval:def:602763 Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. in an ex ... oval:org.secpod.oval:def:602797 It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. in an extracted filename. oval:org.secpod.oval:def:2001141 In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that ... oval:org.secpod.oval:def:602379 Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem. oval:org.secpod.oval:def:2000348 WordPress through 5.0.3 allows Path Traversal in wp_crop_image. An attacker can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. oval:org.secpod.oval:def:602068 John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. oval:org.secpod.oval:def:2000434 sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:602158 Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons. When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with "verify = 2" or higher, ... oval:org.secpod.oval:def:2000953 The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions . oval:org.secpod.oval:def:602325 Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. oval:org.secpod.oval:def:2000062 Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service or execute arbitrary code via a crafted RAR archive. oval:org.secpod.oval:def:2000130 Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. oval:org.secpod.oval:def:2000143 ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. oval:org.secpod.oval:def:2000102 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. oval:org.secpod.oval:def:2001042 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map function in coders/wmf.c. oval:org.secpod.oval:def:2000331 An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2001380 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. oval:org.secpod.oval:def:2000951 An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. oval:org.secpod.oval:def:602415 Alvaro Muñoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute arbitrary commands: applications including BeanShell in their classpath are vulnerable to this flaw if they deserialize data from an untrusted source. oval:org.secpod.oval:def:2001167 beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to ... oval:org.secpod.oval:def:2001512 The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." oval:org.secpod.oval:def:602668 Nicolas Braud-Santoni discovered that incorrect sanitising of character escape sequences in the Terminology terminal emulator may result in the execution of arbitrary commands. oval:org.secpod.oval:def:2000572 Open Shortest Path First protocol implementations may improperly determine Link State Advertisement recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally ... oval:org.secpod.oval:def:2001006 There is an assertion abort in the function parse_attributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. oval:org.secpod.oval:def:2001490 In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. oval:org.secpod.oval:def:602865 It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling. oval:org.secpod.oval:def:602439 It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, oval:org.secpod.oval:def:602328 It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected. oval:org.secpod.oval:def:2000795 runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. oval:org.secpod.oval:def:602508 Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based renderer library for SVG files, parses SVG files with circular definitions. A remote attacker can take advantage of these flaws to cause an application using the librsvg library to crash. oval:org.secpod.oval:def:602086 Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command. oval:org.secpod.oval:def:2001313 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p9, 12.0-STABLE, and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. oval:org.secpod.oval:def:602159 It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http" or " ... oval:org.secpod.oval:def:2001438 libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. oval:org.secpod.oval:def:2001550 infinite loop due to malformed request payload oval:org.secpod.oval:def:2000685 An issue was discovered in network-manager-applet in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the ... oval:org.secpod.oval:def:2001143 Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000741 In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. oval:org.secpod.oval:def:2000957 In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl in the file fromsixel.c, as demonstrated by sixel2png. oval:org.secpod.oval:def:2000913 In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then exe ... oval:org.secpod.oval:def:602311 Cédric Krier discovered a vulnerability in the server-side of Tryton, an application framework written in Python. An aunthenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written. The oldstable distribut ... oval:org.secpod.oval:def:602402 Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator ... oval:org.secpod.oval:def:602336 It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session. oval:org.secpod.oval:def:602345 Jann Horn discovered a vulnerability in the fuse package in Debian. The fuse package ships an udev rules adjusting permissions on the related /dev/cuse character device, making it world writable. This permits a local, unprivileged attacker to create an arbitrarily-named character device in /dev and ... oval:org.secpod.oval:def:603220 Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked signatures, plain text leaks and denial of service. Additional information can be found under https://enigmail.net/download/other/Enigmail%20Pentest%20Re ... oval:org.secpod.oval:def:603237 Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/se ... oval:org.secpod.oval:def:602098 The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the --skip option of cpansign. Updated packages are now available to address this regression. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in libmodu ... oval:org.secpod.oval:def:602099 Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-3406 John Lightsey discovered that Module::Signature could parses the unsigned portion ... oval:org.secpod.oval:def:603051 Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service. oval:org.secpod.oval:def:602630 Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery attacks by malicious web sites. oval:org.secpod.oval:def:2001531 In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. oval:org.secpod.oval:def:2001503 In FreeBSD before 11.2-RELEASE, an application which calls setrlimit to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. oval:org.secpod.oval:def:2000657 In FreeBSD before 11.2-STABLE and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. oval:org.secpod.oval:def:2001174 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE, and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged aut ... oval:org.secpod.oval:def:2000808 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE, and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the ke ... oval:org.secpod.oval:def:2001345 In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow. oval:org.secpod.oval:def:2001316 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. oval:org.secpod.oval:def:2001417 In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excess ... oval:org.secpod.oval:def:2001011 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to ... oval:org.secpod.oval:def:2001482 In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the i ... oval:org.secpod.oval:def:2001549 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privile ... oval:org.secpod.oval:def:2001537 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p10, 10.4-STABLE, and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated loc ... oval:org.secpod.oval:def:2001128 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged ... oval:org.secpod.oval:def:2001591 The Stream Control Transmission Protocol module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service via a crafted ICMPv6 packet. oval:org.secpod.oval:def:2001126 In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. oval:org.secpod.oval:def:2001067 One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in th ... oval:org.secpod.oval:def:2001019 Binaries compiled against targets that use the libssp library in GCC for stack smashing protection might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. oval:org.secpod.oval:def:2000581 The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. oval:org.secpod.oval:def:2000140 An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy in the file rec-mset.c. oval:org.secpod.oval:def:2000607 OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. oval:org.secpod.oval:def:2001525 In all android releases from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic. oval:org.secpod.oval:def:2000314 Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. oval:org.secpod.oval:def:2001226 An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. oval:org.secpod.oval:def:2001553 cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for Libgcrypt"s ElGamal implementation. oval:org.secpod.oval:def:2000694 In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. oval:org.secpod.oval:def:2000679 There is a use-after-free at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service during a line-number increment attempt. oval:org.secpod.oval:def:2000250 WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. oval:org.secpod.oval:def:2001100 In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. oval:org.secpod.oval:def:2000316 In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. oval:org.secpod.oval:def:2001612 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash ... oval:org.secpod.oval:def:2001609 In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ... oval:org.secpod.oval:def:2000362 In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. oval:org.secpod.oval:def:2000822 VIM version 8.0.1187 ignores umask when creating a swap file resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. oval:org.secpod.oval:def:2000453 A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, lea ... oval:org.secpod.oval:def:2000878 ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service via a crafted ntfs filesystem. oval:org.secpod.oval:def:2001376 There is a use after free in radare2 2.6.0 in r_anal_bb_free in libr/anal/bb.c via a crafted Java binary file. oval:org.secpod.oval:def:2000042 There is a use-after-free at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service during certain finishes tests. oval:org.secpod.oval:def:602577 Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql , or potentially to execute arbitrary code with the privileges o ... oval:org.secpod.oval:def:2001547 The string component in the GNU C Library through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligne ... oval:org.secpod.oval:def:2001103 The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dict ... oval:org.secpod.oval:def:2001163 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage function in coders/mpc.c. oval:org.secpod.oval:def:602059 Debian 8.x is installed oval:org.secpod.oval:def:602206 James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates. oval:org.secpod.oval:def:602234 Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client, the client-side of the ownCloud file sharing services. The vulnerability allows man-in-the-middle attacks in situations where the server is using self-signed certificates and the connection is already established. If the user i ... oval:org.secpod.oval:def:602226 It was discovered that vzctl, a set of control tools for the OpenVZ server virtualisation solution, determined the storage layout of containers based on the presense of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over ploop-b ... oval:org.secpod.oval:def:602266 It was discovered that the web-based administration interface in the Horde Application Framework did not guard against Cross-Site Request Forgery attacks. As a result, other, malicious web pages could cause Horde applications to perform actions as the Horde user. The oldstable distribution did not ... oval:org.secpod.oval:def:602092 It was discovered that libzmq, a lightweight messaging kernel, is susceptible to a protocol downgrade attack on sockets using the ZMTP v3 protocol. This could allow remote attackers to bypass ZMTP v3 security mechanisms by sending ZMTP v2 or earlier headers. oval:org.secpod.oval:def:602147 Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens. For mo ... oval:org.secpod.oval:def:602194 Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the ap ... oval:org.secpod.oval:def:602267 The previous update for libvdpau, DSA-3355-1, introduced a regression in the stable distribution causing a segmentation fault when the DRI_PRIME environment variable is set. For reference, the original advisory text follows. Florian Weimer of Red Hat Product Security discovered that libvdpau, the V ... oval:org.secpod.oval:def:602538 A privilege escalation vulnerability has been found in the User module of the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-002 oval:org.secpod.oval:def:602559 A vulnerability was discovered in mysql-connector-java, a Java database driver for MySQL, which may result in unauthorized update, insert or delete access to some MySQL Connectors accessible data as well as read access to a subset of MySQL Connectors accessible data. The vulnerability was addressed ... oval:org.secpod.oval:def:602441 Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service. oval:org.secpod.oval:def:602470 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression causing an additional dependency on the samba binary package for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules binary packages. Updated packages are now available to address this problem. oval:org.secpod.oval:def:602710 The update for php5 issued as DSA-3732-1 caused segfaults in php-ssh2. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:602738 The update for python-bottle issued as DSA-3743-1 would cause a crash if a unicode string was used as a header. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:602777 The update for tomcat7 issued as DSA-3787-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of HT ... oval:org.secpod.oval:def:602778 The update for tomcat8 issued as DSA-3788-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of HT ... oval:org.secpod.oval:def:602773 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. oval:org.secpod.oval:def:602772 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. oval:org.secpod.oval:def:602799 The update for munin issued as DSA-3794-2 caused a regression leading to Perl warnings being appended to the munin-cgi-graph log file. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie Trujillo discovered a local file write vulnerabil ... oval:org.secpod.oval:def:602791 The update for munin issues as DSA-3794-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie Trujillo discovered a local file write vulnerability in munin, a network- ... oval:org.secpod.oval:def:602694 Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened oval:org.secpod.oval:def:602818 It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content , which allows malicious game servers to modify configuration settings including driver settings. oval:org.secpod.oval:def:602838 DSA-3798-1 for tnef introduced a regression that caused crashes on some attachments. oval:org.secpod.oval:def:602850 The Dovecot update issued as DSA-3828-1 introduced a regression, this update reverts the backported patch. Further analysis by the Dovecot team has shown that only versions starting from 2.2.26 are affected. For reference, the original advisory text follows. It was discovered that the Dovecot email ... oval:org.secpod.oval:def:602842 Two regressions were introduced by the samba update in DSA-3816-1. Updated packages are now available to address these problems. Additionally a regression from DSA-3548-1 causing `net ads join` to freeze when run a second time is fixed along with this update. For reference, the original advisory tex ... oval:org.secpod.oval:def:602887 The update for the shadow suite issued as DSA-3793-1 introduced a regression in su signal handling. If su receives a signal like SIGTERM, it is not propagated to the child. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:602634 It was discovered that the patch to fix CVE-2016-6635 added a function already present in the code, preventing the website to display completely. The package has been updated to fix this regression. oval:org.secpod.oval:def:602625 This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed. oval:org.secpod.oval:def:602658 The update for ghostscript issued as DSA-3691-1 caused regressions for certain Postscript document viewers . Updated packages are now available to address this problem. For reference, the original advisory text follows. Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF i ... oval:org.secpod.oval:def:602652 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.27, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602674 Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream a dvisory at https://www.drupal.org/SA-CORE-2016-005 oval:org.secpod.oval:def:602675 Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code. oval:org.secpod.oval:def:602671 Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code oval:org.secpod.oval:def:602664 Hartmut Goebel discovered that MAT, a toolkit to anonymise/remove metadata from files did not remove metadata from images embededed in PDF documents. oval:org.secpod.oval:def:603276 This update doesn"t fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. oval:org.secpod.oval:def:602274 The update for unzip issued as DSA-3386-1 introduced a regression when extracting 0-byte files. Updated packages are now available to address this regression. oval:org.secpod.oval:def:602273 The update for freexl issued as DSA-3208-1 introduced a regression when handling certain Microsoft Excel spreadsheets files. Updated packages are now available to address this regression. For reference the original advisory text follows. Jodie Cunningham discovered multiple vulnerabilities in freexl ... oval:org.secpod.oval:def:602289 This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to "true". This fixes a vulnerability in unsafe applications deserialising obj ... oval:org.secpod.oval:def:602169 It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened. oval:org.secpod.oval:def:602312 It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation. oval:org.secpod.oval:def:602428 This update disables the Graphite font shaping library in Iceweasel, Debian"s version of the Mozilla Firefox web browser. oval:org.secpod.oval:def:602331 The update for ganeti issued as DSA-3431-1 causes the gnt-instance info command to fail for all instances of type DRBD. Updated packages are now available to address this regression. For reference the original advisory text follows. Pierre Kim discovered two vulnerabilities in the restful API of Gan ... oval:org.secpod.oval:def:602363 Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability. CVE-2016-2222 Ronni Skansing discovered a server-side request forgery ... oval:org.secpod.oval:def:602385 Multiple security vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-001 oval:org.secpod.oval:def:602461 The update for didiwiki issued as DSA-3485-1 introduced a regression that caused a large number of valid pages to not be accessible anymore. This occurred mostly for pages whose names started with non-ascii characters. oval:org.secpod.oval:def:2000214 The r_strbuf_fini function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. oval:org.secpod.oval:def:2000377 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. oval:org.secpod.oval:def:2000580 In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain ... oval:org.secpod.oval:def:2000576 In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. oval:org.secpod.oval:def:2000459 mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" P ... oval:org.secpod.oval:def:2000749 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require hum ... oval:org.secpod.oval:def:2001496 XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. oval:org.secpod.oval:def:2001481 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." oval:org.secpod.oval:def:2001508 Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST . oval:org.secpod.oval:def:2001396 An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code . oval:org.secpod.oval:def:2001321 Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service via a negative length value to the memset function. oval:org.secpod.oval:def:603030 In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility. oval:org.secpod.oval:def:603265 Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ... oval:org.secpod.oval:def:2000697 ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate ... oval:org.secpod.oval:def:2001352 The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the "transport.ssl" methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to c ... oval:org.secpod.oval:def:2001403 Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ... oval:org.secpod.oval:def:2000167 procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel"s proc_pid_readdir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower P ... oval:org.secpod.oval:def:2000618 In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final "\0" character. oval:org.secpod.oval:def:2000462 In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. oval:org.secpod.oval:def:2001489 In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. oval:org.secpod.oval:def:2001053 Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service via a specially crafted OOXML file, aka an XML Entity Expansion attack. oval:org.secpod.oval:def:2000215 The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service via vectors involving compressed items in a reply. oval:org.secpod.oval:def:2001513 In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. oval:org.secpod.oval:def:2001520 Scrapy 1.4 allows remote attackers to cause a denial of service via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dat ... oval:org.secpod.oval:def:2000251 In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service by using the large list of registered .js files to construct a series of requests to load every file many times. oval:org.secpod.oval:def:2001249 The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. oval:org.secpod.oval:def:2001280 The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service via a crafted packet. oval:org.secpod.oval:def:2000065 The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. oval:org.secpod.oval:def:2000483 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. oval:org.secpod.oval:def:2000502 bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script e ... oval:org.secpod.oval:def:2001227 A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, ... oval:org.secpod.oval:def:2000160 In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. oval:org.secpod.oval:def:2001127 A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2000777 A type confusion error within the "identify" function in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. oval:org.secpod.oval:def:2000855 A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2001431 The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerabilit ... oval:org.secpod.oval:def:2000530 In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg in the file loader.c, as demonstrated by img2sixel. oval:org.secpod.oval:def:2000532 There is a heap out of bounds read in radare2 2.6.0 in _6502_op in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. oval:org.secpod.oval:def:2000985 The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted Mini Crash Dump file. oval:org.secpod.oval:def:2000982 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and ... oval:org.secpod.oval:def:2000170 The avr_op_analyze function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000166 The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001486 In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. oval:org.secpod.oval:def:2001461 In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. oval:org.secpod.oval:def:2001454 Netwide Assembler 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:2001077 The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. oval:org.secpod.oval:def:2001078 The parse_import_ptr function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted Mach-O file. oval:org.secpod.oval:def:2000616 The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000217 In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier. oval:org.secpod.oval:def:2001521 Fast C++ CSV Parser before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h. oval:org.secpod.oval:def:2000200 The get_debug_info function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted PE file. oval:org.secpod.oval:def:2000677 The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001504 Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. oval:org.secpod.oval:def:2000276 In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. oval:org.secpod.oval:def:2000253 The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000259 The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001185 In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. oval:org.secpod.oval:def:2000734 The sh_op function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:2000321 When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock function in lib/ttf.c. oval:org.secpod.oval:def:2001631 An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. oval:org.secpod.oval:def:2000313 An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001602 In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. oval:org.secpod.oval:def:2001276 There is an illegal address access in the function output_hex in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. oval:org.secpod.oval:def:2001231 Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service via a crafted DNS response. oval:org.secpod.oval:def:2000353 The string_scan_range function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000851 The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000887 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. oval:org.secpod.oval:def:2000869 The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000025 The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001351 The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." oval:org.secpod.oval:def:2001343 There is a heap out of bounds read in radare2 2.6.0 in java_switch_op in libr/anal/p/anal_java.c via a crafted Java binary file. oval:org.secpod.oval:def:2000097 An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. oval:org.secpod.oval:def:2000962 The r_read_le32 function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:2000925 The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000924 The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000900 In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. oval:org.secpod.oval:def:602227 This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we"ve decided to update these to ... oval:org.secpod.oval:def:602259 Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. oval:org.secpod.oval:def:602287 Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. oval:org.secpod.oval:def:2000374 The File Manager module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. oval:org.secpod.oval:def:602189 Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been im ... oval:org.secpod.oval:def:602186 The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem. oval:org.secpod.oval:def:2001179 In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. oval:org.secpod.oval:def:2001223 In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be trig ... oval:org.secpod.oval:def:2000999 The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. oval:org.secpod.oval:def:2001502 mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. oval:org.secpod.oval:def:2000796 The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. oval:org.secpod.oval:def:2000810 Mercurial version 4.5 and earlier contains a Incorrect Access Control vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. oval:org.secpod.oval:def:2001089 An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker. oval:org.secpod.oval:def:2001574 An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. oval:org.secpod.oval:def:2000799 An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. oval:org.secpod.oval:def:602558 Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service , overwrite files, information disclosure, or potentially to execute arbit ... oval:org.secpod.oval:def:602812 It was discovered a vulnerability in Pidgin, a multi-protocol instant messaging client. A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side. oval:org.secpod.oval:def:602550 Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB, Toshiba, CoSine, NetScreen, WBXML which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:602530 Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened. oval:org.secpod.oval:def:2000732 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2000552 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. oval:org.secpod.oval:def:2000469 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000633 In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000343 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. oval:org.secpod.oval:def:2001626 OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. oval:org.secpod.oval:def:2001230 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. oval:org.secpod.oval:def:2000821 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. oval:org.secpod.oval:def:2000980 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000575 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2001544 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2000380 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2001618 Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service or execute arbitrary code via a crafted RAR archive. oval:org.secpod.oval:def:2000724 In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000852 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human i ... oval:org.secpod.oval:def:2000492 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful atta ... oval:org.secpod.oval:def:2000304 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnera ... oval:org.secpod.oval:def:2001165 A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:2000513 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2001017 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage function in coders/histogram.c. oval:org.secpod.oval:def:2001534 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. oval:org.secpod.oval:def:2001511 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c. oval:org.secpod.oval:def:2000275 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. oval:org.secpod.oval:def:2001564 In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field , only the last instance can ever be freed. oval:org.secpod.oval:def:2000721 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. oval:org.secpod.oval:def:2000712 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2000742 In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. oval:org.secpod.oval:def:2001232 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. oval:org.secpod.oval:def:2001207 In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2000344 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. oval:org.secpod.oval:def:2001294 In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. oval:org.secpod.oval:def:2000490 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:2001339 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. oval:org.secpod.oval:def:2001412 Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vu ... oval:org.secpod.oval:def:2001362 rzsz: sz can leak data to receiving side oval:org.secpod.oval:def:602343 Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges. oval:org.secpod.oval:def:2000228 An infinite recursion issue was discovered in eval.c in Netwide Assembler through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of "{" characters. Remote attackers could leverage this v ... oval:org.secpod.oval:def:2001630 An issue was discovered in the function expr6 in eval.c in Netwide Assembler through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of "!" or "+" or "-" characters. Remote attackers could leverage this v ... oval:org.secpod.oval:def:2000367 Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. oval:org.secpod.oval:def:2001287 Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. oval:org.secpod.oval:def:2000533 Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet function in the send_packets.c file uses the memcpy function unsafely to copy sequences from the source buffer pktdata to the destination ->pktdata. This will result in a Denial of Service and potentially Informat ... oval:org.secpod.oval:def:2001107 An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove. The length can be larger than source value because the function fails to ens ... oval:org.secpod.oval:def:2000375 A heap-based buffer over-read exists in the function fast_edit_packet in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service and potentially Information Exposure when the application attempts to process a crafted pcap file. oval:org.secpod.oval:def:2001348 get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service via crafted packets, as demonstrated by tcpprep. oval:org.secpod.oval:def:2001270 The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code when TLS communication is enabled. oval:org.secpod.oval:def:2000128 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can b ... oval:org.secpod.oval:def:2001250 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this ... oval:org.secpod.oval:def:2000920 The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. oval:org.secpod.oval:def:2000839 An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. oval:org.secpod.oval:def:2000028 The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000884 In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. oval:org.secpod.oval:def:2000643 The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rb file. oval:org.secpod.oval:def:602277 Several vulnerabilities have been discovered in wpa_supplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfer ... oval:org.secpod.oval:def:2000713 Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. oval:org.secpod.oval:def:2000826 Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag . oval:org.secpod.oval:def:2000578 Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not ena ... oval:org.secpod.oval:def:2001028 Spring Framework allow web applications to change the HTTP request method to any HTTP method using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user can use this filter to escalate to an XST attack. oval:org.secpod.oval:def:2001251 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user can craft a message to the broker ... oval:org.secpod.oval:def:2000853 Netwide Assembler 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. oval:org.secpod.oval:def:2000870 An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000116 An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000946 A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash. oval:org.secpod.oval:def:2000809 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.1. There is a NULL pointer dereference in ifilter_bank in libfaad/filtbank.c. oval:org.secpod.oval:def:2000172 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.1. There was a stack-based buffer overflow in the function calculate_gain in libfaad/sbr_hfadj.c. oval:org.secpod.oval:def:2001036 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.1. There was a heap-based buffer overflow in the function excluded_channels in libfaad/syntax.c. oval:org.secpod.oval:def:2000688 An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2001429 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. oval:org.secpod.oval:def:55330 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:2000593 In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. oval:org.secpod.oval:def:2001058 In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. oval:org.secpod.oval:def:2000209 In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. oval:org.secpod.oval:def:2000857 In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine"s web crawler if an unusual configuration were chosen. The search engine could then index and display a user"s e-mail address and the password that was generated by default. oval:org.secpod.oval:def:2001328 In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. oval:org.secpod.oval:def:2001315 In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. oval:org.secpod.oval:def:55472 Simon Scannell of Ripstech Technologies discovered multiple vulnerabilities in wordpress, a web blogging manager. oval:org.secpod.oval:def:2000923 murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service via a message flood. oval:org.secpod.oval:def:2000990 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2001035 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2001039 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2000709 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage function in coders/png.c. oval:org.secpod.oval:def:603292 Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.tx ... oval:org.secpod.oval:def:603348 It was discovered that a race condition in beep allows local privilege escalation. oval:org.secpod.oval:def:603351 Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ... oval:org.secpod.oval:def:603366 Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened. oval:org.secpod.oval:def:603385 Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the "quasselcore" service after upgrading the Quassel packages. oval:org.secpod.oval:def:2000301 An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603076 Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in t ... oval:org.secpod.oval:def:603082 It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code. oval:org.secpod.oval:def:603098 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation. CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in infor ... oval:org.secpod.oval:def:603160 It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in. oval:org.secpod.oval:def:603181 Several vulnerabilities have been found in VLC, the VideoLAN project"s media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603186 Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents. oval:org.secpod.oval:def:603190 Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command. oval:org.secpod.oval:def:603162 Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. oval:org.secpod.oval:def:602952 The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For reference, the relevant part of the original advisory text fol ... oval:org.secpod.oval:def:2001156 Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbi ... oval:org.secpod.oval:def:602117 Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Räsänen also discovered that ... oval:org.secpod.oval:def:602256 Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Multiple cross-site scripting vulnerabilities. CVE-2014-9218 Denial of service via a long password. CVE-2015-2206 Risk of BREACH attack due to reflected parameter. CVE-2015-3902 XSRF/CSRF vulnerabi ... oval:org.secpod.oval:def:602164 Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service . oval:org.secpod.oval:def:602162 Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service . oval:org.secpod.oval:def:602097 Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. oval:org.secpod.oval:def:602075 Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected ressources, depending o ... oval:org.secpod.oval:def:602066 Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in the ... oval:org.secpod.oval:def:602221 Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service . oval:org.secpod.oval:def:602110 Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of service. oval:org.secpod.oval:def:602127 Jakub Zalas discovered that Symfony, a framework to create websites and web applications, was vulnerable to restriction bypass. It was affecting applications with ESI or SSI support enabled, that use the FragmentListener. A malicious user could call any controller via the /_fragment path by providin ... oval:org.secpod.oval:def:602096 Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ... oval:org.secpod.oval:def:602115 The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ... oval:org.secpod.oval:def:602125 Ansgar Burchardt discovered that the Git plugin for FusionForge, a web-based project-management and collaboration software, does not sufficiently validate user provided input as parameter to the method to create secondary Git repositories. A remote attacker can use this flaw to execute arbitrary cod ... oval:org.secpod.oval:def:602113 Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the envi ... oval:org.secpod.oval:def:602112 Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features v ... oval:org.secpod.oval:def:602108 The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umo ... oval:org.secpod.oval:def:602149 Several vulnerabilities were found in drupal7, a content management platform used to power websites. CVE-2015-3231 Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users. CVE-2015-3232 A flaw in the Field UI module made it possible for attac ... oval:org.secpod.oval:def:602384 Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ... oval:org.secpod.oval:def:602148 Bastian Blank from credativ discovered that cinder, a storage-as-a-service system for the OpenStack cloud computing suite, contained a bug that would allow an authenticated user to read any file from the cinder server. oval:org.secpod.oval:def:602163 Several vulnerabilities were discovered in Django, a high-level Python web development framework: CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in th ... oval:org.secpod.oval:def:602500 It was discovered that libidn, the GNU library for Internationalized Domain Names , did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library. oval:org.secpod.oval:def:602258 The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5622 The robustness of the ... oval:org.secpod.oval:def:602263 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ... oval:org.secpod.oval:def:602199 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your ... oval:org.secpod.oval:def:602178 Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-1331 Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exp ... oval:org.secpod.oval:def:602064 Juliane Holzt discovered that Icecast2, a streaming media server, could dereference a NULL pointer when URL authentication is configured and the stream_auth URL is trigged by a client without setting any credentials. This could allow remote attackers to cause a denial of service . oval:org.secpod.oval:def:602183 Tomek Rabczak from the NCC Group discovered a flaw in the normalize_params method in Rack, a modular Ruby webserver interface. A remote attacker can use this flaw via specially crafted requests to cause a `SystemStackError` and potentially cause a denial of service condition for the service. oval:org.secpod.oval:def:602196 It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT"s use ... oval:org.secpod.oval:def:602214 Several vulnerabilities were discovered in Drupal, a content management framework: CVE-2015-6658 The form autocomplete functionality did not properly sanitize the requested URL, allowing remote attackers to perform a cross-site scripting attack. CVE-2015-6659 The SQL comment filtering system could a ... oval:org.secpod.oval:def:602218 Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns, an authoritative DNS server, was incorrectly processing some DNS packets; this would enable a remote attacker to trigger a DoS by sending specially crafted packets causing the server to crash. oval:org.secpod.oval:def:602249 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability has b ... oval:org.secpod.oval:def:602367 It was discovered that polarssl, a library providing SSL and TLS support, contained two heap-based buffer overflows that could allow a remote attacker to trigger denial of service or arbitrary code execution. oval:org.secpod.oval:def:602225 Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges. oval:org.secpod.oval:def:602280 Roman Fiedler discovered a directory traversal flaw in LXC, the Linux Containers userspace tools. A local attacker with access to a LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. oval:org.secpod.oval:def:602339 When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit arbitrary files. Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wi ... oval:org.secpod.oval:def:602504 It was discovered that the swift3 middleware plugin for Swift performed insufficient validation of date headers which might result in replay attacks. oval:org.secpod.oval:def:602136 Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current director ... oval:org.secpod.oval:def:602285 Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the &quo ... oval:org.secpod.oval:def:602284 Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application"s settings. oval:org.secpod.oval:def:602197 Lin Hua Cheng discovered that a session could be created when anonymously accessing the django.contrib.auth.views.logout view. This could allow remote attackers to saturate the session store or cause other users" session records to be evicted. Additionally the contrib.sessions.backends.base.SessionB ... oval:org.secpod.oval:def:602268 Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image. oval:org.secpod.oval:def:602392 Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn"t verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. oval:org.secpod.oval:def:602357 Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The multifilesystem storage backend allows read and write access to arbitrary files . CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*", he can bypass read/write limitations imposed by r ... oval:org.secpod.oval:def:602329 Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody"s HTTP file-serving module that allows it to serve requests outside of the config ... oval:org.secpod.oval:def:602327 David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ... oval:org.secpod.oval:def:602463 Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. oval:org.secpod.oval:def:602355 It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service. oval:org.secpod.oval:def:602356 It was discovered that insecure handling of dialback keys may allow a malicious XMPP server to impersonate another server. oval:org.secpod.oval:def:602301 Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library for email transfer, used by many CMSs. The library accepted email addresses and SMTP commands containing line breaks, which can be abused by an attacker to inject messages. oval:org.secpod.oval:def:602348 Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authentic ... oval:org.secpod.oval:def:602394 It was discovered that php-horde-core, a set of classes providing the core functionality of the Horde Application Framework, is prone to a cross-site scripting vulnerability. oval:org.secpod.oval:def:602388 It was discovered that php-horde, a flexible, modular, general-purpose web application framework written in PHP, is prone to a cross-site scripting vulnerability. oval:org.secpod.oval:def:602307 Ivan Zhakov discovered an integer overflow in mod_dav_svn, which allows an attacker with write access to the server to execute arbitrary code or cause a denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:602191 Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion"s mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous ... oval:org.secpod.oval:def:602482 Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector if i ... oval:org.secpod.oval:def:602417 A local root privilege escalation vulnerability was found in Exim, Debian"s default mail transfer agent, in configurations using the "perl_startup" option . To address the vulnerability, updated Exim versions clean the complete execution environment by default, affecting Exim and subprocesses such a ... oval:org.secpod.oval:def:602386 Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks. oval:org.secpod.oval:def:602464 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication credentia ... oval:org.secpod.oval:def:602409 Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is using li ... oval:org.secpod.oval:def:602424 Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from ... oval:org.secpod.oval:def:2001573 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service via a crafted Jpeg2000 file. oval:org.secpod.oval:def:602488 It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened. oval:org.secpod.oval:def:602167 Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:602450 Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2014-9762 A segmentation fault could occur when opening GIFs without a colormap. CVE-2014-9763 Several divisions by zero, resulting in a program crash, could occur when handling PNM files. CVE-2014-9764 A segmentat ... oval:org.secpod.oval:def:602496 Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks via specially crafted file and directory names in repositories. oval:org.secpod.oval:def:602371 Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file. oval:org.secpod.oval:def:602582 Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle attacks or initiate connections to arb ... oval:org.secpod.oval:def:602501 Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service via stack exhaustion, using crafted JSON data. oval:org.secpod.oval:def:602609 Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a ... oval:org.secpod.oval:def:48009 libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ... oval:org.secpod.oval:def:41157 Several vulnerabilities have been found in VLC, the VideoLAN project"s media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:2001310 In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because "subevent" is overflowed. oval:org.secpod.oval:def:2001220 The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. oval:org.secpod.oval:def:2000611 Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vul ... oval:org.secpod.oval:def:2000073 The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2000651 python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection oval:org.secpod.oval:def:602879 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment ... oval:org.secpod.oval:def:2000819 A SQL injection bypass exists in OWASP ModSecurity Core Rule Set through v3.1.0-rc3 via {`a`b} where a is a special function name and b is the SQL statement to be executed. oval:org.secpod.oval:def:2000159 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. oval:org.secpod.oval:def:2000690 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. ... oval:org.secpod.oval:def:603379 Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. oval:org.secpod.oval:def:603371 Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. oval:org.secpod.oval:def:2001061 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case. oval:org.secpod.oval:def:603314 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. oval:org.secpod.oval:def:2000541 There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. oval:org.secpod.oval:def:2001468 An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000302 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. oval:org.secpod.oval:def:2000830 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE ... oval:org.secpod.oval:def:603017 The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. oval:org.secpod.oval:def:603431 Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection. oval:org.secpod.oval:def:2000254 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. oval:org.secpod.oval:def:2000356 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. oval:org.secpod.oval:def:602608 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7092 Jeremie Boutoille of Quarkslab and Shangcong Luan of Alibaba discovered a flaw in the handling of L3 pagetable entries, allowing a m ... oval:org.secpod.oval:def:38255 A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capab ... oval:org.secpod.oval:def:602387 Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or p ... oval:org.secpod.oval:def:602502 Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner. oval:org.secpod.oval:def:602555 Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud. oval:org.secpod.oval:def:602551 Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is prone to a use-after-free vulnerability in the channel and layer properties parsing process when loading a XCF file. An attacker can take advantage of this flaw to potentially execute arbitrary code with the privileges of the user ... oval:org.secpod.oval:def:602568 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8338 Julien Grall discovered that Xen on ARM was susceptible to denial of service via long running memory operations. CVE-2016-4480 Jan Be ... oval:org.secpod.oval:def:602377 An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file. oval:org.secpod.oval:def:602166 It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code. oval:org.secpod.oval:def:2000141 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. oval:org.secpod.oval:def:2000838 The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering crafted operations on array data structures. oval:org.secpod.oval:def:2001458 An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. oval:org.secpod.oval:def:602293 A memory-corrupting integer overflow in the handling of the ECH control sequence was discovered in PuTTY"s terminal emulator. A remote attacker can take advantage of this flaw to mount a denial of service or potentially to execute arbitrary code. oval:org.secpod.oval:def:2000956 An issue was discovered in Anti-Grain Geometry 2.4 as used in SVG++ 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to . If dx >= dx_limit, which is , this function will call itself recursively. There can be a situation where is always bigger than dx_limit during the recursion, ... oval:org.secpod.oval:def:2000529 An issue was discovered in singledocparser.cpp in yaml-cpp 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage ... oval:org.secpod.oval:def:2000959 The SingleDocParser::HandleFlowSequence function in yaml-cpp 0.6.2 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2001632 The SingleDocParser::HandleFlowMap function in yaml-cpp 0.6.2 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2000901 The Scanner::EnsureTokensInQueue function in yaml-cpp 0.6.2 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:602638 Paul Rohar discovered that libdbd-mysql-perl, the Perl DBI database driver for MySQL and MariaDB, constructed an error message in a fixed-length buffer, leading to a crash and, potentially, to denial of service. oval:org.secpod.oval:def:602647 It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority. oval:org.secpod.oval:def:602288 Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package in the o ... oval:org.secpod.oval:def:602686 Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data. oval:org.secpod.oval:def:2000800 An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. oval:org.secpod.oval:def:2001340 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. oval:org.secpod.oval:def:602736 Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a parti ... oval:org.secpod.oval:def:602747 It was discovered that mapserver, a CGI-based framework for Internet map services, was vulnerable to a stack-based overflow. This issue allowed a remote user to crash the service, or potentially execute arbitrary code. oval:org.secpod.oval:def:602782 Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible accessible by the user running the cgi-pr ... oval:org.secpod.oval:def:602698 Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices. CVE-2016-6255 Matthew Garret discovered that libupnp by default allows any user to write to the filesystem of the host running a libupnp-based server application. CVE-2016-8863 Scott Tenaglia discovered a heap buffer ov ... oval:org.secpod.oval:def:602836 George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions , thus allowing remote authenticated users to execute arbitrary code on the firebird server. oval:org.secpod.oval:def:602878 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized ... oval:org.secpod.oval:def:602901 It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way t ... oval:org.secpod.oval:def:602876 Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. oval:org.secpod.oval:def:602907 It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. oval:org.secpod.oval:def:602926 Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash. oval:org.secpod.oval:def:602574 It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions. Users and systems administrators may want to proactively change permissions on existing ~/rediscli_history files, instead of ... oval:org.secpod.oval:def:2001222 There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000579 The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001474 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. oval:org.secpod.oval:def:2001452 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage function in coders/mat.c. oval:org.secpod.oval:def:2001090 The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service via a crafted file, related to the WriteMSLImage function. oval:org.secpod.oval:def:2000671 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. oval:org.secpod.oval:def:2001155 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:2001587 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file that is mishandled in an AcquireSemaphoreInfo call. oval:org.secpod.oval:def:2000232 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. oval:org.secpod.oval:def:2000342 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. oval:org.secpod.oval:def:2000759 The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. oval:org.secpod.oval:def:2000413 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000896 The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001395 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. oval:org.secpod.oval:def:2000060 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file that is mishandled in an OpenPixelCache call. oval:org.secpod.oval:def:603088 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ... oval:org.secpod.oval:def:602788 Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type "application/ms-tnef". Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious ... oval:org.secpod.oval:def:602917 It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash. oval:org.secpod.oval:def:2000511 In lib/ofp-util.c in Open vSwitch before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct an ... oval:org.secpod.oval:def:602927 It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with ... oval:org.secpod.oval:def:603171 Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes. oval:org.secpod.oval:def:2000636 A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host"s logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the ... oval:org.secpod.oval:def:2001261 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:603195 Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system. oval:org.secpod.oval:def:603226 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code. oval:org.secpod.oval:def:2000285 Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string can append a chunk onto itself. oval:org.secpod.oval:def:602706 It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection. oval:org.secpod.oval:def:603233 Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files. oval:org.secpod.oval:def:2000222 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. oval:org.secpod.oval:def:2000973 Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browse ... oval:org.secpod.oval:def:2000730 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2000003 The function MP4Free in mp4property.cpp in libmp4v2 2.1.0 internally calls free on a invalid pointer, raising a SIGABRT signal. oval:org.secpod.oval:def:2000145 The function mp4v2:impl::MP4Track::FinishSdtp in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. oval:org.secpod.oval:def:2000079 An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. oval:org.secpod.oval:def:2001383 In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. oval:org.secpod.oval:def:603298 Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth m ... oval:org.secpod.oval:def:2000963 HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP funct ... oval:org.secpod.oval:def:2000124 The af_get_page function in lib/afflib_pages.cpp in AFFLIB through 3.7.16 allows remote attackers to cause a denial of service via a corrupt AFF image that triggers an unexpected pagesize value. oval:org.secpod.oval:def:2000264 gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. oval:org.secpod.oval:def:2000569 In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is "fixed" by jQuery after sanitization, making it dangerous. oval:org.secpod.oval:def:603167 Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code. oval:org.secpod.oval:def:2000370 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000095 OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. oval:org.secpod.oval:def:2001057 libephymain.so in GNOME Web through 3.28.2.1 allows remote attackers to cause a denial of service via certain window.open and document.write calls. oval:org.secpod.oval:def:2000766 ephy-session.c in libephymain.so in GNOME Web through 3.28.2.1 allows remote attackers to cause a denial of service via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. oval:org.secpod.oval:def:2001209 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function . Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. oval:org.secpod.oval:def:2000402 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2000553 webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. oval:org.secpod.oval:def:2001150 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating the domain parameter of the samba URL. oval:org.secpod.oval:def:2000701 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script "mount.cifs.wrapper" uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards . oval:org.secpod.oval:def:2001216 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere by passing directory traversal sequences such as a home/../usr substring. oval:org.secpod.oval:def:2000950 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. oval:org.secpod.oval:def:2001275 An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of other users" icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user"s $HOME/.face locat ... oval:org.secpod.oval:def:603316 Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ... oval:org.secpod.oval:def:2000409 webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. oval:org.secpod.oval:def:2001413 The wavwritehdr function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted snd file, during conversion to a wav file. oval:org.secpod.oval:def:2001465 The read_samples function in hcom.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted hcom file. oval:org.secpod.oval:def:2000230 In lsx_aiffstartread in aiff.c in Sound eXchange 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. oval:org.secpod.oval:def:2000306 The startread function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:2000463 There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2001382 There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2000018 There is a reachable assertion abort in the function sox_append_comment in formats.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2001086 An issue was discovered in libtskimg.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory caus ... oval:org.secpod.oval:def:2000454 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmappe ... oval:org.secpod.oval:def:2000067 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me ... oval:org.secpod.oval:def:2001361 An issue was discovered in libtskbase.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unm ... oval:org.secpod.oval:def:2000995 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. oval:org.secpod.oval:def:2000378 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. oval:org.secpod.oval:def:2000545 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16. oval:org.secpod.oval:def:2000542 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:2000557 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1. oval:org.secpod.oval:def:2000284 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8. oval:org.secpod.oval:def:2000358 An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:2000066 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32. oval:org.secpod.oval:def:2001334 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4. oval:org.secpod.oval:def:2000720 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string"s length, allowing attackers to cause a denial of service by crafting an input file with certain translation dictionaries. oval:org.secpod.oval:def:602354 Multiple security issues have been discovered in the Rails on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. oval:org.secpod.oval:def:603387 Several vulnerabilities were discovered in MAD, an MPEG audio decoder library, which could result in denial of service if a malformed audio file is processed. oval:org.secpod.oval:def:2000182 A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. oval:org.secpod.oval:def:2001464 The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service via a forged NTP packet, which triggers a communication loop. oval:org.secpod.oval:def:2001236 Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". oval:org.secpod.oval:def:2001208 PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D;" because empty geometries are mishandled. oval:org.secpod.oval:def:2000472 An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. oval:org.secpod.oval:def:2000977 An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2001432 A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. oval:org.secpod.oval:def:2000515 An error within the "leaf_hdr_load_raw" function in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. oval:org.secpod.oval:def:2000733 A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. oval:org.secpod.oval:def:2000846 A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. oval:org.secpod.oval:def:2000408 A boundary error within the "quicktake_100_load_raw" function in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. oval:org.secpod.oval:def:2000899 A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. oval:org.secpod.oval:def:2000216 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. oval:org.secpod.oval:def:2000814 A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t ... oval:org.secpod.oval:def:602465 Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:2000440 The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure via a crafted audio file. oval:org.secpod.oval:def:602459 Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary ... oval:org.secpod.oval:def:2000663 The SingleDocParser::HandleNode function in yaml-cpp 0.5.3 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2001530 An issue has been discovered in mpruett Audio File Library 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. oval:org.secpod.oval:def:2000549 The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000906 The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000371 BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service via BGP mask expressions in birdc. oval:org.secpod.oval:def:2001485 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. oval:org.secpod.oval:def:2000588 keepalived 2.0.8 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalive ... oval:org.secpod.oval:def:2001076 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:2000940 Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-DH cipher suites. oval:org.secpod.oval:def:2001318 In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:602548 Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c l ... oval:org.secpod.oval:def:2000238 An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject->GetDictionary.AddKey can be problematic due to the function GetObject being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer derefer ... oval:org.secpod.oval:def:2001498 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. oval:org.secpod.oval:def:2000441 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. oval:org.secpod.oval:def:2001459 An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. oval:org.secpod.oval:def:2000447 An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. oval:org.secpod.oval:def:2000863 A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. oval:org.secpod.oval:def:2000976 SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2000938 A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000937 A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:603245 It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. oval:org.secpod.oval:def:603256 FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch. For reference, the relevant part of the original advisory text follows. It was discovered that Smarty, a PHP template engine, was vulnerable to ... oval:org.secpod.oval:def:2001475 CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. oval:org.secpod.oval:def:602313 Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. oval:org.secpod.oval:def:602319 Michal Kowalczyk and Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. oval:org.secpod.oval:def:602224 Frediano Ziglio of Red Hat discovered a race condition flaw in spice"s worker_update_monitors_config function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service or, potentially execute arbitrary code on the host with ... oval:org.secpod.oval:def:602245 Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service , execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary ... oval:org.secpod.oval:def:602270 Multiple vulnerabilities have been discovered in LibreOffice, a full-featured office productivity: CVE-2015-4551 Federico Scrinzi discovered an information leak in the handling of ODF documents. Quoting from https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/: The LinkUpdateMode ... oval:org.secpod.oval:def:602292 Michal Kowalczyk discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. The oldstable distribution is not affected. oval:org.secpod.oval:def:602429 Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code. oval:org.secpod.oval:def:602380 Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ... oval:org.secpod.oval:def:603334 A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications, triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process or, potentially, ... oval:org.secpod.oval:def:602111 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ... oval:org.secpod.oval:def:602109 Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ... oval:org.secpod.oval:def:602135 It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server. oval:org.secpod.oval:def:602157 Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or sessi ... oval:org.secpod.oval:def:602161 Insufficient input sanitising in libwmf, a library to process Windows metafile data, may result in denial of service or the execution of arbitrary code if a malformed WMF file is opened. oval:org.secpod.oval:def:602683 Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html oval:org.secpod.oval:def:602682 Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecure ... oval:org.secpod.oval:def:602062 It was discovered that missing input sanitising in Libreoffice"s filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened. oval:org.secpod.oval:def:2000642 stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token oval:org.secpod.oval:def:602713 Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based sh ... oval:org.secpod.oval:def:603429 Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive. oval:org.secpod.oval:def:2000509 An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. oval:org.secpod.oval:def:602456 Randell Jesup and the Firefox team discovered that srtp, Cisco"s reference implementation of the Secure Real-time Transport Protocol , does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against l ... oval:org.secpod.oval:def:602366 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by send ... oval:org.secpod.oval:def:602400 Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl"s taint secu ... oval:org.secpod.oval:def:602948 libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for exa ... oval:org.secpod.oval:def:2001442 Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states "We understand that the OpenSSH developers do not want to treat such a username enumeration as a vul ... oval:org.secpod.oval:def:2000236 In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditio ... oval:org.secpod.oval:def:2000351 Crypto++ through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertio ... oval:org.secpod.oval:def:2001030 perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option"s setting. oval:org.secpod.oval:def:602297 Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic C ... oval:org.secpod.oval:def:602849 Quan Nguyen discovered that a missing boundary check in the Galois/Counter mode implementation of Bouncy Castle may result in information disclosure. oval:org.secpod.oval:def:2001495 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, th ... oval:org.secpod.oval:def:2001142 A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service. oval:org.secpod.oval:def:2000716 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. oval:org.secpod.oval:def:2001277 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently hig ... oval:org.secpod.oval:def:2001581 contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service via a member MODDN operation. oval:org.secpod.oval:def:2000355 In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. oval:org.secpod.oval:def:2000563 improper implementation of GPOs due to too restrictive permissions oval:org.secpod.oval:def:2000223 Multiple integer overflow and buffer overflow issues were discovered in spice-client"s handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. oval:org.secpod.oval:def:2000958 ** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $" and "python $" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code. oval:org.secpod.oval:def:2001173 In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-servic ... oval:org.secpod.oval:def:2001516 In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. oval:org.secpod.oval:def:2000016 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by craf ... oval:org.secpod.oval:def:2000947 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. oval:org.secpod.oval:def:2000932 This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck. A crafted request can ... oval:org.secpod.oval:def:2000861 sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. oval:org.secpod.oval:def:2001323 To provide fine-grained controls over the ability to use Dynamic DNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update reques ... oval:org.secpod.oval:def:2000516 samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms where glibc is not used, possibly leading to a buffer overflow. oval:org.secpod.oval:def:2000911 QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. oval:org.secpod.oval:def:2001471 An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. oval:org.secpod.oval:def:2001598 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. oval:org.secpod.oval:def:2000326 A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying filesystem may have changed since the time lstat was called in usb_mtp_object_alloc, a classic ... oval:org.secpod.oval:def:2001579 The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service , or possibly have unspecified other impact. oval:org.secpod.oval:def:2000625 LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. oval:org.secpod.oval:def:2000653 An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service via a crafted .webp file. oval:org.secpod.oval:def:2000337 An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service via a crafted .ps file. oval:org.secpod.oval:def:603273 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:2001529 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in ... oval:org.secpod.oval:def:2001072 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service or information disclosure. oval:org.secpod.oval:def:603146 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.11 oval:org.secpod.oval:def:602839 Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. oval:org.secpod.oval:def:2001153 NULL Pointer Access in function imagetopnm of convert.c:2226 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. oval:org.secpod.oval:def:2000393 NULL Pointer Access in function imagetopnm of convert.c:1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. oval:org.secpod.oval:def:2000811 There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization. Impact is Denial of Service. oval:org.secpod.oval:def:2000935 There is a NULL Pointer Access in function imagetopnm of convert.c:1943 of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization. Impact is Denial of Service. oval:org.secpod.oval:def:2000918 Heap Buffer Over-read in function imagetotga of convert.c:942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. oval:org.secpod.oval:def:602208 Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data. oval:org.secpod.oval:def:602376 Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries , ... oval:org.secpod.oval:def:602323 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause th ... oval:org.secpod.oval:def:602095 Hanno Boeck discovered a heap-based buffer overflow flaw in the way Libtasn1, a library to manage ASN.1 structures, decoded certain DER-encoded input. A specially crafted DER-encoded input could cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code. oval:org.secpod.oval:def:602438 Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ... oval:org.secpod.oval:def:602072 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1243 Saif El-Sherei discovered a use-after-free issue. CVE-2015-1250 The chrome 42 team found and fixed multiple issues during internal auditing. oval:org.secpod.oval:def:602116 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was ... oval:org.secpod.oval:def:602216 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DO ... oval:org.secpod.oval:def:602250 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library. CVE-2015- ... oval:org.secpod.oval:def:602300 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library. CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2015-6765 A use-after-free issue was discovered in Ap ... oval:org.secpod.oval:def:602298 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-6788 A type confusion issue was discovered in the handling of extensions. CVE-2015-6789 cloudfuzzer discovered a use-after-free issue. CVE-2015-6790 Inti De Ceukelaire discovered a way to inject HTML into serialized w ... oval:org.secpod.oval:def:602350 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-6792 An issue was found in the handling of MIDI files. CVE-2016-1612 cloudfuzzer discovered a logic error related to receiver compatibility in the v8 javascript library. CVE-2016-1613 A use-after-free issue was discovered ... oval:org.secpod.oval:def:602381 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a buff ... oval:org.secpod.oval:def:602410 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1643 cloudfuzzer discovered a type confusion issue in Blink/Webkit. CVE-2016-1644 Atte Kettunen discovered a use-after-free issue in Blink/Webkit. CVE-2016-1645 An out-of-bounds write issue was discovered in the pdfiu ... oval:org.secpod.oval:def:602437 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling of extensions. CVE-2016-16 ... oval:org.secpod.oval:def:602605 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5147 A cross-site scripting issue was discovered. CVE-2016-5148 Another cross-site scripting issue was discovered. CVE-2016-5149 Max Justicz discovered a script injection issue in extension handling. CVE-2016-5150 A u ... oval:org.secpod.oval:def:2000928 Insecure handling of arguments in helpers oval:org.secpod.oval:def:2000449 improper polymorphic deserialization of types from Oracle JDBC driver oval:org.secpod.oval:def:2000461 improper polymorphic deserialization of types from Jodd-db library oval:org.secpod.oval:def:2001453 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other im ... oval:org.secpod.oval:def:2000368 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000494 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other ... oval:org.secpod.oval:def:2000566 An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. oval:org.secpod.oval:def:2001273 An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. oval:org.secpod.oval:def:2000833 embed/ephy-web-view.c in GNOME Web through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type . This is similar to the CVE-2018-8383 issue in Microsoft Edge. oval:org.secpod.oval:def:2001099 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2001252 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2001096 In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. oval:org.secpod.oval:def:2000193 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2000630 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2000096 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2001234 commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. oval:org.secpod.oval:def:2000458 Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. oval:org.secpod.oval:def:2000774 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. oval:org.secpod.oval:def:2000933 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. oval:org.secpod.oval:def:2000908 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. oval:org.secpod.oval:def:2001120 There is memory leak at liblas::Open in libLAS 1.8.1. oval:org.secpod.oval:def:2001199 There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF in libLAS 1.8.1 that will cause a denial of service. oval:org.secpod.oval:def:2000489 There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF in libLAS 1.8.1 that will cause a denial of service. oval:org.secpod.oval:def:2000645 There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF in libLAS 1.8.1 that will cause a denial of service. oval:org.secpod.oval:def:2001517 An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti ... oval:org.secpod.oval:def:2000115 An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method of a class that"s the `data_class` of a form, and when a file upload is submit ... oval:org.secpod.oval:def:2001080 In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine. oval:org.secpod.oval:def:2001175 In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD. oval:org.secpod.oval:def:2001071 In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack . oval:org.secpod.oval:def:2001595 An issue has been found in Mini-XML 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. oval:org.secpod.oval:def:2001168 An issue has been found in Mini-XML 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the "<order type="real">" substring, as demonstrated by testmxml. oval:org.secpod.oval:def:2001629 In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service via a crafted svg file, as demonstrated by mupdf-gl. oval:org.secpod.oval:def:2000944 In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service via a crafted svg file, as demonstrated by mupdf-gl. oval:org.secpod.oval:def:2000681 In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. oval:org.secpod.oval:def:2001281 The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. oval:org.secpod.oval:def:2000019 In The Sleuth Kit through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:2001195 A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args at tcpbridge.c, causing a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000770 A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4 in incremental_checksum.h, causing a denial of service. oval:org.secpod.oval:def:2001170 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:2000132 cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c and cairo-image-compositor.c . oval:org.secpod.oval:def:2001146 Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. oval:org.secpod.oval:def:2000487 Gitolite before 3.6.9 does not properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. oval:org.secpod.oval:def:2001010 TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. oval:org.secpod.oval:def:2000165 A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by provi ... oval:org.secpod.oval:def:2000585 GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id, after a long time, the program will be killed. This attack appears to be exploitable via parsi ... oval:org.secpod.oval:def:2001393 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting attack in the default servlet/services. oval:org.secpod.oval:def:2001259 MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted MP4 file. oval:org.secpod.oval:def:603374 A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004 oval:org.secpod.oval:def:2000263 MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. oval:org.secpod.oval:def:2000605 MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted MP4 file, because access to the data structur ... oval:org.secpod.oval:def:2001469 In MP4v2 2.0.0, there is an integer overflow when resizing MP4Array for the ftyp atom in mp4array.h. oval:org.secpod.oval:def:2000684 In MP4v2 2.0.0, there is an integer underflow when parsing MP4Atom in mp4atom.cpp. oval:org.secpod.oval:def:2000903 A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. oval:org.secpod.oval:def:2000624 In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox"s AFMParser. oval:org.secpod.oval:def:2001589 A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2001075 The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. oval:org.secpod.oval:def:2001311 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001583 In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user"s control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is su ... oval:org.secpod.oval:def:2000669 An error in the "read_metadata_vorbiscomment_" function in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. oval:org.secpod.oval:def:2000858 LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. oval:org.secpod.oval:def:2000531 In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. oval:org.secpod.oval:def:2001224 In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. oval:org.secpod.oval:def:2000939 In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. oval:org.secpod.oval:def:603390 An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure. oval:org.secpod.oval:def:603356 Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment. oval:org.secpod.oval:def:2000486 Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in ... oval:org.secpod.oval:def:2000226 MIT libkrb5-dev 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service or bypass a DN container check by supplying tagged data that is internal to the database module. oval:org.secpod.oval:def:2001263 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string ... oval:org.secpod.oval:def:603388 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525. oval:org.secpod.oval:def:603297 Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service. oval:org.secpod.oval:def:2000847 In the startread function in xa.c in Sound eXchange through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. oval:org.secpod.oval:def:2001327 In Apache JMeter 2.X and 3.X, when using Distributed Test only , jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. oval:org.secpod.oval:def:603332 Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute ... oval:org.secpod.oval:def:2000589 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks wr ... oval:org.secpod.oval:def:2001187 An issue was discovered in MIT Kerberos 5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center , which allows remote authenticated users to cause a denial of service via a mo ... oval:org.secpod.oval:def:2000438 An issue was discovered in MIT Kerberos 5 through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other ... oval:org.secpod.oval:def:603326 Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:603322 Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:2000916 A NULL pointer dereference Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:602707 It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation. oval:org.secpod.oval:def:2001578 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:603175 Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. oval:org.secpod.oval:def:44751 rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. oval:org.secpod.oval:def:2001623 There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:603039 Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ... oval:org.secpod.oval:def:603207 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code. oval:org.secpod.oval:def:2000836 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service because of mishandling of an unexpected malloc call. oval:org.secpod.oval:def:602953 Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. oval:org.secpod.oval:def:2000294 Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. oval:org.secpod.oval:def:602861 It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC. oval:org.secpod.oval:def:602765 Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. oval:org.secpod.oval:def:2000381 Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000968 Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000298 Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:602717 Gergely Nagy from Tresorit discovered that libcrypto++, a C++ cryptographic library, contained a bug in several ASN.1 parsing routines. This would allow an attacker to remotely cause a denial of service. oval:org.secpod.oval:def:602816 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX , DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code. oval:org.secpod.oval:def:602649 Roland Tapken discovered that insufficient input sanitising in KMail"s plain text viewer allowed the injection of HTML code. oval:org.secpod.oval:def:602678 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code. oval:org.secpod.oval:def:2001329 Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution oval:org.secpod.oval:def:602637 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.8 oval:org.secpod.oval:def:602619 Multiple vulnerabilities were discovered in the dissectors for H.225, Catapult DCT2000, UMTS FP and IPMI, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602597 Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. oval:org.secpod.oval:def:602591 Multiple vulnerabilities were discovered in the dissectors for NDS, PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2000196 The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. oval:org.secpod.oval:def:602537 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7 oval:org.secpod.oval:def:602243 Multiple vulnerabilities were discovered in Zend Framework, a PHP framework: CVE-2015-5723 It was discovered that due to incorrect permissions masks when creating directories, local attackers could potentially execute arbitrary code or escalate privileges. ZF2015-08 Chris Kings-Lynne discovered an ... oval:org.secpod.oval:def:602484 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL librar ... oval:org.secpod.oval:def:602507 Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. oval:org.secpod.oval:def:602369 Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details. oval:org.secpod.oval:def:602344 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. oval:org.secpod.oval:def:602419 Multiple vulnerabilities were discovered in the dissectors/parsers for DNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial of service. oval:org.secpod.oval:def:602433 It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation oval:org.secpod.oval:def:602421 Multiple vulnerabilities were discovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service. oval:org.secpod.oval:def:602420 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7560 Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles gettin ... oval:org.secpod.oval:def:602281 Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without pr ... oval:org.secpod.oval:def:602237 A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service . oval:org.secpod.oval:def:602210 Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files. oval:org.secpod.oval:def:602238 Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service. oval:org.secpod.oval:def:602198 It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command. oval:org.secpod.oval:def:602201 It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-1 update. For reference the original advisory text follows. The InCommo ... oval:org.secpod.oval:def:602174 The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service via crafted XML data. oval:org.secpod.oval:def:602184 William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened. oval:org.secpod.oval:def:602153 Multiple vulnerabilities were discovered in the dissectors for WCCP and GSM DTAP, which could result in denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:602141 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4 oval:org.secpod.oval:def:602133 It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code. oval:org.secpod.oval:def:602126 Multiple vulnerabilities were discovered in the dissectors/parsers for LBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which could result in denial of service. oval:org.secpod.oval:def:602069 Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply function called during a TCP connection, which is used then as a size argument in a function which writes data on the client"s connection. A remote attack ... oval:org.secpod.oval:def:602129 An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to ... oval:org.secpod.oval:def:2000603 The iconv program in the GNU C Library 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. oval:org.secpod.oval:def:2001499 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000683 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000026 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000468 An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" componen ... oval:org.secpod.oval:def:2000909 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:603208 It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB. oval:org.secpod.oval:def:2001462 Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP error page generation for certificate errors. oval:org.secpod.oval:def:2001477 Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service via a crafted TCP-based service. oval:org.secpod.oval:def:603417 It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2001002 GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ... oval:org.secpod.oval:def:2000789 The function Object::isName in Object.h in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001624 CCITTFaxStream::readRow in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:602248 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. CVE-2 ... oval:org.secpod.oval:def:602271 Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context on a partially-established SPNEGO context can caus ... oval:org.secpod.oval:def:602368 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings for PL/Java will now be modifiable only by the database superuser to mitigate this issue. C ... oval:org.secpod.oval:def:602187 Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cache_peer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a ga ... oval:org.secpod.oval:def:2001414 The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. oval:org.secpod.oval:def:602309 It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. ... oval:org.secpod.oval:def:602219 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3214 Matt Tait of Google"s Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute ... oval:org.secpod.oval:def:602215 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which occurs ... oval:org.secpod.oval:def:602691 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7777 Jan Beulich from SUSE discovered that Xen does not properly honor CR0.TS and CR0.EM for x86 HVM guests, potentially allowing guest u ... oval:org.secpod.oval:def:602232 It was discovered that the International Components for Unicode library mishandles converter names starting with x- , which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:602231 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service . CVE-2015-5279 Qinghao Tang of QIHU 360 Inc ... oval:org.secpod.oval:def:602228 Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service via a specially crafted packet. oval:org.secpod.oval:def:602220 Hanno Boeck discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service. Updates oval:org.secpod.oval:def:602253 Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit for image loading and pixel buffer manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7673 Gustavo Grieco discovered a heap overflow in the processing of TGA images which may ... oval:org.secpod.oval:def:602246 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into ... oval:org.secpod.oval:def:602265 It was discovered that the code to validate level 2 page table entries is bypassed when certain conditions are satisfied. A malicious PV guest administrator can take advantage of this flaw to gain privileges via a crafted superpage mapping. oval:org.secpod.oval:def:602872 Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks. In additional to the CVE identifiers listed above, this update also addresses the vulnerabilities announced as ... oval:org.secpod.oval:def:602418 Two vulnerabilities have been discovered in ISC"s BIND DNS server. CVE-2016-1285 A maliciously crafted rdnc, a way to remotely administer a BIND server, operation can cause named to crash, resulting in denial of service. CVE-2016-1286 An error parsing DNAME resource records can cause named to crash, ... oval:org.secpod.oval:def:602341 It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service. oval:org.secpod.oval:def:602472 Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-3158, CVE-2016-3159 Jan Beulich from SUSE discovered that Xen does not properly handle writes to the hardware FSW.ES bit when running on ... oval:org.secpod.oval:def:602467 Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" i ... oval:org.secpod.oval:def:602091 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. oval:org.secpod.oval:def:602088 Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ... oval:org.secpod.oval:def:602606 It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Upd ... oval:org.secpod.oval:def:602596 Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources. Affected applications need to be rebuild. bogofilter will be rebuild against ... oval:org.secpod.oval:def:602101 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. oval:org.secpod.oval:def:602138 Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-3209 Matt Tait discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled c ... oval:org.secpod.oval:def:602123 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation. oval:org.secpod.oval:def:602140 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3209 Matt Tait of Google"s Project Zero security team discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest wit ... oval:org.secpod.oval:def:602179 Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit. oval:org.secpod.oval:def:602171 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44 oval:org.secpod.oval:def:602165 Breno Silveira Soares of Servico Federal de Processamento de Dados discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminat ... oval:org.secpod.oval:def:602195 Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2721 Karthikeyan Bhargavan discovered that NSS incorrectly handles state transitions for the TLS state machi ... oval:org.secpod.oval:def:602314 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. oval:org.secpod.oval:def:602335 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. oval:org.secpod.oval:def:602469 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager. oval:org.secpod.oval:def:602061 It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. oval:org.secpod.oval:def:2001406 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory o ... oval:org.secpod.oval:def:2001025 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:2001050 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_infile PHP configu ... oval:org.secpod.oval:def:2000622 A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request wi ... oval:org.secpod.oval:def:2001596 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:2000794 An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vu ... oval:org.secpod.oval:def:2000748 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. oval:org.secpod.oval:def:2000436 A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user"s session. oval:org.secpod.oval:def:2000054 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. oval:org.secpod.oval:def:2000960 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "" . This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:2000504 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in Private DNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later ... oval:org.secpod.oval:def:2000987 An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of ... oval:org.secpod.oval:def:2000151 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy function in DriverManager/__info.c. oval:org.secpod.oval:def:2000150 Netwide Assembler before 2.13.02 has a use-after-free in detoken at asm/preproc.c. oval:org.secpod.oval:def:2000164 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2001448 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1 ... oval:org.secpod.oval:def:2000599 An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation ... oval:org.secpod.oval:def:2001094 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade an ... oval:org.secpod.oval:def:2001098 The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. oval:org.secpod.oval:def:2001045 An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_for ... oval:org.secpod.oval:def:2000600 ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. oval:org.secpod.oval:def:2000203 Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. oval:org.secpod.oval:def:2000626 Netwide Assembler 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. oval:org.secpod.oval:def:2000299 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. oval:org.secpod.oval:def:2000277 Netwide Assembler 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. oval:org.secpod.oval:def:2000272 Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance"s port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to ... oval:org.secpod.oval:def:2001135 Netwide Assembler 2.14rc15 has a buffer over-read in x86/regflags.c. oval:org.secpod.oval:def:2001116 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:2000255 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. oval:org.secpod.oval:def:2000235 Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. oval:org.secpod.oval:def:2000339 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000310 The DGifDecompressLine function in dgif_lib.c in GIFLIB , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000793 In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. oval:org.secpod.oval:def:2000786 Netwide Assembler 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. oval:org.secpod.oval:def:2001611 Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. oval:org.secpod.oval:def:2001606 Incorrect returning of an error code in the index.c:read_entry function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:2000758 An issue was discovered in shadow 4.5. newgidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator ... oval:org.secpod.oval:def:2001264 An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:2001248 When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17"s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, ... oval:org.secpod.oval:def:2001241 Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. oval:org.secpod.oval:def:603389 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ... oval:org.secpod.oval:def:2001304 In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000862 There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer. oval:org.secpod.oval:def:2000051 In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. oval:org.secpod.oval:def:2000047 Integer overflow in the index.c:read_entry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:2000059 The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a craft ... oval:org.secpod.oval:def:2001363 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. oval:org.secpod.oval:def:2000038 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:2000008 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:2001312 Netwide Assembler 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. oval:org.secpod.oval:def:2000479 asm/labels.c in Netwide Assembler is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603413 It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ... oval:org.secpod.oval:def:603414 It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation. D ... oval:org.secpod.oval:def:2000971 nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. oval:org.secpod.oval:def:2000943 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000955 Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. oval:org.secpod.oval:def:2000914 NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption of nasm when handling a crafted file due to function assemble_file at asm/nasm.c:482. vulnerability in function assemble_file at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack app ... oval:org.secpod.oval:def:2000560 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 oval:org.secpod.oval:def:2001032 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. oval:org.secpod.oval:def:2001009 Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker to execute arbitrary code as the user running Ohcount. oval:org.secpod.oval:def:2001483 XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. oval:org.secpod.oval:def:2000144 The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service via a crafted HTML file. oval:org.secpod.oval:def:2000142 The function d2ulaw_array in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246. oval:org.secpod.oval:def:602762 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims" credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks. oval:org.secpod.oval:def:2000122 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:2000121 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service via a file that begins with many "\0" characters. oval:org.secpod.oval:def:2000598 In The Sleuth Kit 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read in tsk/img/img_io.c in libtskimg.a. oval:org.secpod.oval:def:2001087 Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. oval:org.secpod.oval:def:2000197 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. oval:org.secpod.oval:def:603122 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak oval:org.secpod.oval:def:603130 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. oval:org.secpod.oval:def:603169 It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overf ... oval:org.secpod.oval:def:603176 Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. oval:org.secpod.oval:def:602835 Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. oval:org.secpod.oval:def:2001154 In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control ... oval:org.secpod.oval:def:2000244 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:2001560 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash . oval:org.secpod.oval:def:2000234 The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603227 Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened. oval:org.secpod.oval:def:2001194 The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:603218 Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ... oval:org.secpod.oval:def:603215 It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. oval:org.secpod.oval:def:603216 Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. oval:org.secpod.oval:def:2001158 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. oval:org.secpod.oval:def:2000725 The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service by triggering many media connections. oval:org.secpod.oval:def:2000771 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by re ... oval:org.secpod.oval:def:2001600 The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. oval:org.secpod.oval:def:2000859 In The Sleuth Kit 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. oval:org.secpod.oval:def:2000824 backintime before 1.1.24 did improper escaping/quoting of file paths used as arguments to the "notify-send" command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file ... oval:org.secpod.oval:def:2001307 spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. oval:org.secpod.oval:def:2000429 In The Sleuth Kit 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. oval:org.secpod.oval:def:2000035 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02 ... oval:org.secpod.oval:def:2000007 Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. oval:org.secpod.oval:def:2000005 plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 through 1.15.2 mishandles Distinguished Name fields, which allows remote attackers to execute arbitrary code or cause a denial of service in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_o ... oval:org.secpod.oval:def:2001355 The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:2001337 In PyYAML before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used. oval:org.secpod.oval:def:2000484 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option. oval:org.secpod.oval:def:2000091 main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "k ... oval:org.secpod.oval:def:2000078 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:2000967 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets. oval:org.secpod.oval:def:603040 Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies. oval:org.secpod.oval:def:2000907 NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. oval:org.secpod.oval:def:603089 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands oval:org.secpod.oval:def:2000584 The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted archive. oval:org.secpod.oval:def:2001415 The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2001404 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. oval:org.secpod.oval:def:2000522 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash when parsing an invalid file. oval:org.secpod.oval:def:2000521 The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:2000998 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2000510 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service via a crafted binary file, related to use of a variable-size stack array. oval:org.secpod.oval:def:602749 Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. oval:org.secpod.oval:def:2001467 Incorrect interaction of the parse_packet and parse_part_sign_sha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:602786 Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened. oval:org.secpod.oval:def:2000118 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001092 The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2001532 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:602828 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms. oval:org.secpod.oval:def:602894 Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client: CVE-2017-9078 Mark Shepard discovered a double free in the TCP listener cleanup which could result in denial of service by an authenticated user if Dropbear is running with the "-a" option. CVE-2017-9079 Jann ... oval:org.secpod.oval:def:602889 Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client . oval:org.secpod.oval:def:2001566 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service via a large AXFR response, and possibly allows IXFR servers to cause a denial of service via a large IXFR response and allows remote authenticated users to cause ... oval:org.secpod.oval:def:2000227 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001561 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603239 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions. oval:org.secpod.oval:def:603281 Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-001 oval:org.secpod.oval:def:2000329 PoDoFo 0.9.5 allows denial of service via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure . oval:org.secpod.oval:def:2000340 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. oval:org.secpod.oval:def:602918 Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. oval:org.secpod.oval:def:2000773 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:602949 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to ... oval:org.secpod.oval:def:2001242 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001228 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001211 The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. oval:org.secpod.oval:def:602460 Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation. oval:org.secpod.oval:def:602499 It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks. oval:org.secpod.oval:def:2000886 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:602610 It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. oval:org.secpod.oval:def:602611 Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. oval:org.secpod.oval:def:2000049 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:602607 It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. oval:org.secpod.oval:def:2000058 In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000011 The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. oval:org.secpod.oval:def:2000010 The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. oval:org.secpod.oval:def:602598 Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6265 Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an applicati ... oval:org.secpod.oval:def:603069 Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation. oval:org.secpod.oval:def:603056 Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the XEP-0146: Remote Controlling Clients extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and made o ... oval:org.secpod.oval:def:2000917 The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted tnef file. oval:org.secpod.oval:def:2000915 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001430 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. oval:org.secpod.oval:def:2000561 In Long Range Zip 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000500 Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O lookup time. oval:org.secpod.oval:def:602751 Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers. oval:org.secpod.oval:def:2001068 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:2000207 The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000676 An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc. With an unexpected size, the impact may have been a segfault or ... oval:org.secpod.oval:def:2000658 In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:602832 Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. oval:org.secpod.oval:def:2000631 etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. oval:org.secpod.oval:def:2001147 libical allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:2000252 The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. oval:org.secpod.oval:def:2001110 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:2001102 In Long Range Zip 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2001193 In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. oval:org.secpod.oval:def:2000707 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:2000705 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. oval:org.secpod.oval:def:602915 It was discovered that Zookeeper, a service for maintaining configuration information, didn"t restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configura ... oval:org.secpod.oval:def:2000369 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot"s AES-CBC encryption feature using environment encryption read environment variables from disk as the encrypted disk image is processed. An attacker with physical access ... oval:org.secpod.oval:def:2001210 Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. oval:org.secpod.oval:def:2000817 A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. oval:org.secpod.oval:def:2000421 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000867 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. oval:org.secpod.oval:def:2001390 http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-162 ... oval:org.secpod.oval:def:2001374 The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2000017 In Long Range Zip 0.631, there is an infinite loop and application hang in the get_fileinfo function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2000485 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001026 ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. oval:org.secpod.oval:def:2001044 The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:2000205 A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thu ... oval:org.secpod.oval:def:2000220 QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:2000656 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000628 The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2001157 In the GNU C Library through 2.29, the memcmp function for the x32 architecture can incorrectly return zero because the RDX most significant bit is mishandled. oval:org.secpod.oval:def:602866 Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code. For additional details, please refer to the advisory at https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt oval:org.secpod.oval:def:602890 Two vulnerabilities have been found in the MySQL Connector/J JDBC driver. oval:org.secpod.oval:def:2000265 In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS. oval:org.secpod.oval:def:603238 It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution. oval:org.secpod.oval:def:2000397 marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. oval:org.secpod.oval:def:2000366 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:2001221 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn"t stop when it should after no match is found; inste ... oval:org.secpod.oval:def:2001308 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a IIS header that lets users override the path in the request URL via the X-Origina ... oval:org.secpod.oval:def:2001399 The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 . oval:org.secpod.oval:def:2001373 The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2000045 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. oval:org.secpod.oval:def:2000493 In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. oval:org.secpod.oval:def:602667 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ oval:org.secpod.oval:def:602565 Several vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface. CVE-2016-1927 The suggestPassword function relied on a non-secure random number generator which makes it easier for remote attackers to guess generated passwords via a brute-force approach. CVE-2016- ... oval:org.secpod.oval:def:2001427 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. oval:org.secpod.oval:def:602739 Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vu ... oval:org.secpod.oval:def:2001020 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2001449 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2001047 libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. oval:org.secpod.oval:def:2001551 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. oval:org.secpod.oval:def:2000219 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. oval:org.secpod.oval:def:2000290 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. oval:org.secpod.oval:def:602845 It was discovered that the original patch to address CVE-2016-1242 did not cover all cases, which may result in information disclosure of file contents. oval:org.secpod.oval:def:2001186 In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001178 The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2000723 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:2000735 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. oval:org.secpod.oval:def:2000704 Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from an ... oval:org.secpod.oval:def:603275 Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ... oval:org.secpod.oval:def:602924 Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges. oval:org.secpod.oval:def:2000391 In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion capability of various XML parsers. UIMA as part of its configura ... oval:org.secpod.oval:def:2000383 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:2001203 The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of C ... oval:org.secpod.oval:def:2000346 In SWFTools, a memcpy buffer overflow was found in swfc. oval:org.secpod.oval:def:602494 Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki"s use of imagemagick in the img plugin. oval:org.secpod.oval:def:603330 Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ... oval:org.secpod.oval:def:2000881 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000023 In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000014 improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt oval:org.secpod.oval:def:2001324 The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:602581 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service. oval:org.secpod.oval:def:2000919 In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001426 The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. oval:org.secpod.oval:def:2000508 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:602737 Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage ... oval:org.secpod.oval:def:2000169 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, a ... oval:org.secpod.oval:def:2001491 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. oval:org.secpod.oval:def:2000113 A stack-based buffer overflow in the find_green function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. oval:org.secpod.oval:def:2001082 GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:2001060 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001046 The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:603142 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. oval:org.secpod.oval:def:2000691 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001552 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:2001515 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. oval:org.secpod.oval:def:602817 Cory Duplantis discovered a buffer overflow in the R programming langauage. A malformed encoding file may lead to the execution of arbitrary code during PDF generation. oval:org.secpod.oval:def:2000649 In Long Range Zip 0.631, there is a use-after-free in the ucompthread function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2000660 In Long Range Zip 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. oval:org.secpod.oval:def:2000620 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" c ... oval:org.secpod.oval:def:2000291 SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. oval:org.secpod.oval:def:2000280 batteriesConfig.mlp in OCaml Batteries Included 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000278 The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2001593 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:602884 It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service , or potentially execute arbitrary commands. oval:org.secpod.oval:def:602432 Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection. CVE-2016-3153 g0uZ et sambecks, from team root-me, discovered that arbitrary PHP code could be injected when adding content. CVE-2016-3154 Gilles Vincent discovered that deserializing untrusted ... oval:org.secpod.oval:def:2000334 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. oval:org.secpod.oval:def:2000305 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonst ... oval:org.secpod.oval:def:2000303 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot"s use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt th ... oval:org.secpod.oval:def:2001622 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c ... oval:org.secpod.oval:def:602936 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6127 It was discovered that Request Tracker is vulnerable to a cross-site scripting attack if ... oval:org.secpod.oval:def:2000781 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000760 liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash or possibly have unspecified other impact. oval:org.secpod.oval:def:2000386 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. oval:org.secpod.oval:def:602543 It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks. oval:org.secpod.oval:def:2001200 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. oval:org.secpod.oval:def:602447 Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy which might result in the execution of arbitrary code. oval:org.secpod.oval:def:2000834 The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service via an empty field that should have contained a hostname or IP address. oval:org.secpod.oval:def:2000894 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. oval:org.secpod.oval:def:2001391 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:602653 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation. oval:org.secpod.oval:def:2000488 A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. oval:org.secpod.oval:def:2000467 DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. oval:org.secpod.oval:def:602575 Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, secur ... oval:org.secpod.oval:def:602587 Several vulnerabilites have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue. CVE-20 ... oval:org.secpod.oval:def:2000922 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack. oval:org.secpod.oval:def:2000931 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. oval:org.secpod.oval:def:2000571 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ... oval:org.secpod.oval:def:2000577 The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000550 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PNG file. oval:org.secpod.oval:def:2000544 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." oval:org.secpod.oval:def:2000559 realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service via a crafted iso file. oval:org.secpod.oval:def:2000523 The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000984 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create ... oval:org.secpod.oval:def:2000983 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a." oval:org.secpod.oval:def:2000149 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000146 Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:2001014 In SWFTools, an address access exception was found in swfdump swf_GetBits. oval:org.secpod.oval:def:2000110 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono function in lib/wav.c. oval:org.secpod.oval:def:2000594 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. oval:org.secpod.oval:def:2001441 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. oval:org.secpod.oval:def:2001085 The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001052 It was found that the "mknod" call derived from mknod can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. oval:org.secpod.oval:def:2001533 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. oval:org.secpod.oval:def:2001536 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. oval:org.secpod.oval:def:2001539 An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. oval:org.secpod.oval:def:2001526 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service via a crafted WAV file. oval:org.secpod.oval:def:2000675 An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerab ... oval:org.secpod.oval:def:2000646 In Long Range Zip 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2000659 SSRF issue oval:org.secpod.oval:def:2000293 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001132 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596." oval:org.secpod.oval:def:2001113 In SWFTools, a memcpy buffer overflow was found in gif2swf. oval:org.secpod.oval:def:2001101 rbenv is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution oval:org.secpod.oval:def:2001567 In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. oval:org.secpod.oval:def:2001575 SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. oval:org.secpod.oval:def:2002030 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:2000738 print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted iso file. oval:org.secpod.oval:def:2000736 In SWFTools, a stack overflow was found in pdf2swf. oval:org.secpod.oval:def:2000731 When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load function in lib/png.c. oval:org.secpod.oval:def:2000702 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. oval:org.secpod.oval:def:2000718 It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. oval:org.secpod.oval:def:2000332 A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. oval:org.secpod.oval:def:2001620 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate function in lib/modules/swftools.c. oval:org.secpod.oval:def:602934 It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI mode is vulnerable. oval:org.secpod.oval:def:2001625 When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup function in lib/q.c. oval:org.secpod.oval:def:2001628 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. oval:org.secpod.oval:def:2000769 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer si ... oval:org.secpod.oval:def:2000765 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter function in lib/modules/swffilter.c. oval:org.secpod.oval:def:2001614 SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS . oval:org.secpod.oval:def:2001268 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by s ... oval:org.secpod.oval:def:2001274 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. oval:org.secpod.oval:def:2000394 When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite function in lib/rxfswf.c. oval:org.secpod.oval:def:2001253 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF oval:org.secpod.oval:def:2001239 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1(POI bugs 61338 and 61294 oval:org.secpod.oval:def:2001213 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. oval:org.secpod.oval:def:2000831 The Htpasswd authentication source in the authcrypt module and SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. oval:org.secpod.oval:def:2000875 The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000055 A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. oval:org.secpod.oval:def:2001387 In SWFTools, a memory leak was found in wav2swf. oval:org.secpod.oval:def:2001368 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer ... oval:org.secpod.oval:def:2000043 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. oval:org.secpod.oval:def:2001359 A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. oval:org.secpod.oval:def:2000037 It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. oval:org.secpod.oval:def:2001350 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. oval:org.secpod.oval:def:2000015 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on ... oval:org.secpod.oval:def:2001322 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." oval:org.secpod.oval:def:2000093 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:2000966 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access ... oval:org.secpod.oval:def:2001423 soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. oval:org.secpod.oval:def:2000537 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/ ... oval:org.secpod.oval:def:2000517 OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. oval:org.secpod.oval:def:2001480 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2001093 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. oval:org.secpod.oval:def:2001070 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. oval:org.secpod.oval:def:2001055 There is a NULL Pointer Dereference in the function ll_insert of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000610 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:2000218 In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:2001541 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001151 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service . The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list ... oval:org.secpod.oval:def:2001138 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:2001585 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000256 Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to m_offsets.size. oval:org.secpod.oval:def:2001181 MathJax version prior to version 2.7.4 contains a Cross Site Scripting vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed us ... oval:org.secpod.oval:def:2000739 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. oval:org.secpod.oval:def:2000717 The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000327 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are bui ... oval:org.secpod.oval:def:2000798 The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000782 An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. oval:org.secpod.oval:def:2001616 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. oval:org.secpod.oval:def:2000755 In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001284 The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000816 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulner ... oval:org.secpod.oval:def:2000450 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000435 ppc64: sPAPR emulator leaks the host hardware identity oval:org.secpod.oval:def:2000891 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000407 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnera ... oval:org.secpod.oval:def:2000416 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF file. oval:org.secpod.oval:def:2000057 xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service oval:org.secpod.oval:def:2000029 Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. oval:org.secpod.oval:def:2001375 Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:2000036 URI_FUNC in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. oval:org.secpod.oval:def:2000473 The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000961 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. oval:org.secpod.oval:def:2000905 In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specifi ... oval:org.secpod.oval:def:602715 Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can ... oval:org.secpod.oval:def:2000512 PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. oval:org.secpod.oval:def:602735 Several denial-of-service vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an assertion failure. CVE-2016-9147 A crafted upstream response with self-contradicting DNSSEC data could cause an assertion failure. ... oval:org.secpod.oval:def:2001027 A race condition in Guacamole"s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a ... oval:org.secpod.oval:def:603106 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. oval:org.secpod.oval:def:603143 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. oval:org.secpod.oval:def:2001545 In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:602430 Alex Rousskov from The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not properly handle errors for certain malformed HTTP responses. A remote HTTP server can exploit this flaw to cause a denial of service . oval:org.secpod.oval:def:603206 It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys. oval:org.secpod.oval:def:603278 Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ... oval:org.secpod.oval:def:602937 It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure. oval:org.secpod.oval:def:602923 The cPanel Security Team reported a time of check to time of use race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value. oval:org.secpod.oval:def:2000387 In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. oval:org.secpod.oval:def:2000349 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:602480 Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads and unre ... oval:org.secpod.oval:def:603399 OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response. oval:org.secpod.oval:def:44752 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. oval:org.secpod.oval:def:44754 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44755 In the cron package through 3.0pl1-128 on Debian, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:602603 Hanno Boeck discovered multiple vulnerabilities in libidn, the GNU library for Internationalized Domain Names, allowing a remote attacker to cause a denial of service against an application using the libidn library . oval:org.secpod.oval:def:602624 It was discovered that the original patch applied for CVE-2016-2182 in DSA-3673-1 was incomplete, causing a regression when parsing certificates. Updated packages are now available to address this problem. oval:org.secpod.oval:def:602665 Nick Wellnhofer discovered that the xsltFormatNumberConversion function in libxslt, an XSLT processing runtime library, does not properly check for a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds the pattern string. oval:org.secpod.oval:def:602660 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case insensitive co ... oval:org.secpod.oval:def:602570 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many ... oval:org.secpod.oval:def:2000942 In the GNU C Library through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HT ... oval:org.secpod.oval:def:38097 The host is installed with cryptsetup before 2:1.6.6-5 on Debian 8 or before 2:1.4.3-4 on Debian 7 and is prone to security bypass vulnerability. A flaw is present in scripts, which unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). Successful exploitati ... oval:org.secpod.oval:def:2000565 Heap-based buffer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. oval:org.secpod.oval:def:2000524 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:50202 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:2000180 slirp: heap buffer overflow in tcp_emu oval:org.secpod.oval:def:602750 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.29. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/ oval:org.secpod.oval:def:2000125 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:2000693 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. oval:org.secpod.oval:def:2000692 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. oval:org.secpod.oval:def:2000689 It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user , a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other ser ... oval:org.secpod.oval:def:2001514 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan. oval:org.secpod.oval:def:2001140 There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. oval:org.secpod.oval:def:2000279 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming. oval:org.secpod.oval:def:2001584 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:2001571 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ... oval:org.secpod.oval:def:2000224 hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to a use-after-free outcome. oval:org.secpod.oval:def:2001169 Integer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to cause a denial of service via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. oval:org.secpod.oval:def:2001176 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:2000336 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. oval:org.secpod.oval:def:2000780 In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. oval:org.secpod.oval:def:2001272 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:602505 Julien Bernard discovered that libndp, a library for the IPv6 Neighbor Discovery Protocol, does not properly perform input and origin checks during the reception of a NDP message. An attacker in a non-local network could use this flaw to advertise a node as a router, and cause a denial of service at ... oval:org.secpod.oval:def:602527 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions and as well a packaging regression causing errors on upgrading the packages. Updated packages are now available to address these problems. oval:org.secpod.oval:def:2000382 Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service via a crafted image file, a different vulnerability than CVE-2018-10999. oval:org.secpod.oval:def:602468 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ... oval:org.secpod.oval:def:602466 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial ... oval:org.secpod.oval:def:602497 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ... oval:org.secpod.oval:def:602495 Rock Stevens, Andrew Ruef and Marcin "Icewall" Noga discovered a heap-based buffer overflow vulnerability in the zip_read_mac_metadata function in libarchive, a multi-format archive and compression library, which may lead to the execution of arbitrary code if a user or automated system is tricked in ... oval:org.secpod.oval:def:603336 A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002 oval:org.secpod.oval:def:602483 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1660 Atte Kettunen discovered an out-of-bounds write issue. CVE-2016-1661 Wadih Matar discovered a memory corruption issue. CVE-2016-1662 Rob Wu discovered a use-after-free issue related to extensions. CVE-2016-1663 A ... oval:org.secpod.oval:def:2000825 makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. oval:org.secpod.oval:def:2000805 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2001301 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. oval:org.secpod.oval:def:2001306 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. oval:org.secpod.oval:def:2000455 libvterm through 0+bzr726, as used in Vim and other products, ... oval:org.secpod.oval:def:2000885 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. oval:org.secpod.oval:def:2000420 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:2001370 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executio ... oval:org.secpod.oval:def:2000039 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:2000006 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:2000004 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000020 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, ... oval:org.secpod.oval:def:2001326 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2001319 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:603432 Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ... oval:org.secpod.oval:def:2000089 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:2000979 Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb in user.c. oval:org.secpod.oval:def:2000927 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. oval:org.secpod.oval:def:602714 Bjoern Jacke discovered that Exim, Debian"s default mail transfer agent, may leak the private DKIM signing key to the log files if specific configuration options are met. oval:org.secpod.oval:def:602712 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:602734 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy. oval:org.secpod.oval:def:602731 It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. oval:org.secpod.oval:def:602730 It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. oval:org.secpod.oval:def:602724 Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation. oval:org.secpod.oval:def:602722 A stack overflow vulnerability was discovered within the gdImageFillToBorder function in libgd2, a library for programmatic graphics creation and manipulation, triggered when invalid colors are used with truecolor images. A remote attacker can take advantage of this flaw to cause a denial-of-service ... oval:org.secpod.oval:def:602758 Multiple vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602753 Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation. oval:org.secpod.oval:def:602754 Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause ... oval:org.secpod.oval:def:602759 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue. C ... oval:org.secpod.oval:def:602746 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.54, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes oval:org.secpod.oval:def:602776 Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the main_channel_alloc_msg_rcv_buf ... oval:org.secpod.oval:def:602768 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel attacks. oval:org.secpod.oval:def:602760 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. oval:org.secpod.oval:def:602761 Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:2000111 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. oval:org.secpod.oval:def:602787 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, IPL, MPC or PSB files are processed. oval:org.secpod.oval:def:602784 Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information. oval:org.secpod.oval:def:602783 It was discovered that a maliciously crafted query can cause ISC"s BIND DNS server to crash if both Response Policy Zones and DNS64 are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice. This update also c ... oval:org.secpod.oval:def:602699 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602696 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information leaks. oval:org.secpod.oval:def:602697 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.28, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602695 Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files , can take advantage of this flaw to ... oval:org.secpod.oval:def:602692 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602693 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181 A cross-site scripting issue was discovered. CVE-2016-5182 Giwan Go discovered a heap overflow issue. CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. CVE-2016-5184 Another use-after-fre ... oval:org.secpod.oval:def:602687 A use-after-free vulnerability in the SVG Animation was discovered in the Mozilla Firefox web browser, allowing a remote attacker to cause a denial of service or execute arbitrary code, if a user is tricked into opening a specially crafted website. oval:org.secpod.oval:def:602685 Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include several problems in memory handling that can result in a denial of service attack or in execution of arbitrary code by an attacker with control on the image input. oval:org.secpod.oval:def:602813 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service. oval:org.secpod.oval:def:602819 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.30. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/ oval:org.secpod.oval:def:602815 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed. This update also fixes visual artefacts ... oval:org.secpod.oval:def:602834 Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. oval:org.secpod.oval:def:602837 Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened. oval:org.secpod.oval:def:602820 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5029 Holger Fuhrmannek discovered an integer overflow issue in the libxslt library. CVE-2017-5030 Brendon Tiszka discovered a memory corruption issue in the v8 javascript library. CVE-2017-5031 Looben Yang discovered ... oval:org.secpod.oval:def:602827 Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition. oval:org.secpod.oval:def:602856 Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed bac ... oval:org.secpod.oval:def:602858 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes oval:org.secpod.oval:def:602859 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Orac ... oval:org.secpod.oval:def:602847 It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand to perform %variable expansion. Sending specially crafted %v ... oval:org.secpod.oval:def:2000270 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. oval:org.secpod.oval:def:602863 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. oval:org.secpod.oval:def:2000727 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site ... oval:org.secpod.oval:def:34321 ImageMagick allows to get content of the files from the server by using 'label' pseudo protocol. oval:org.secpod.oval:def:34320 ImageMagick allows to move image files to file with any extension in any folder by using 'msl' pseudo protocol. oval:org.secpod.oval:def:34318 ImageMagick allows to make HTTP GET or FTP request. oval:org.secpod.oval:def:34319 ImageMagick allows to delete files by using 'ephemeral' pseudo protocol which deletes files after reading. oval:org.secpod.oval:def:34316 ImageMagick allows to process files with external libraries. This feature is called 'delegate'. It is implemented as a system() with command string ('command') from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filteri ... oval:org.secpod.oval:def:2000318 Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service and possibly execute arbitrary code via huge allocation. oval:org.secpod.oval:def:2000764 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service as demonstrated in a large number of . oval:org.secpod.oval:def:2001254 JavaScriptCore in WebKit allows attackers to cause a denial of service via a crafted Javascript file. oval:org.secpod.oval:def:602503 Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control o ... oval:org.secpod.oval:def:602525 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1696 A cross-origin bypass was found in the bindings to extensions. CVE-2016-1697 Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1698 Rob Wu discovered an information leak. CVE-2016-1699 Gr ... oval:org.secpod.oval:def:602523 It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes. oval:org.secpod.oval:def:602521 Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. T ... oval:org.secpod.oval:def:602528 Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-0749 Jing Zhao of Red Hat discovered a memory allocation flaw, leading to a heap-based buffer overflow in spice"s ... oval:org.secpod.oval:def:602552 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-9904 It was discovered that the snd_compress_check_input function used in the ALSA subsystem does not properly check for an integer overflow, all ... oval:org.secpod.oval:def:602547 Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. oval:org.secpod.oval:def:602615 It was discovered that there was a CSRF vulnerability in mailman, a web-based mailing list manager, which could allow an attacker to obtain a user"s password. oval:org.secpod.oval:def:602613 Dawid Golunski discovered that the mysqld_safe wrapper provided by the MySQL database server insufficiently restricted the load path for custom malloc implementations, which could result in privilege escalation. The vulnerability was addressed by upgrading MySQL to the new upstream version 5.5.52, w ... oval:org.secpod.oval:def:602604 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-5696 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. Krishnamurthy of the University of California, Riverside; and Lisa M. Marvel ... oval:org.secpod.oval:def:602602 Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in libarchive; processing malformed archives may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602632 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5177 A use-after-free issue was discovered in the v8 javascript library. CVE-2016-5178 The chrome development team found and fixed various issues during internal auditing. oval:org.secpod.oval:def:602633 Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. oval:org.secpod.oval:def:602626 Several vulnerabilities were discovered in libarchive, a multi-format archive and compression library, which may lead to denial of service , bypass of sandboxing restrictions and overwrite arbitrary files with arbitrary data from an archive, or the execution of arbitrary code. oval:org.secpod.oval:def:602622 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:602620 Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client. oval:org.secpod.oval:def:602629 Two vulnerabilities were reported in BIND, a DNS server. CVE-2016-2775 The lwresd component in BIND could crash while processing an overlong request name. This could lead to a denial of service. CVE-2016-2776 A crafted query could crash the BIND name server daemon, leading to a denial of service. A ... oval:org.secpod.oval:def:602628 Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery protections built into Django. oval:org.secpod.oval:def:602656 Harry Sintonen discovered that GNU tar does not properly handle member names containing "..", thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory. oval:org.secpod.oval:def:602657 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects ... oval:org.secpod.oval:def:602654 Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, ... oval:org.secpod.oval:def:602655 The update for nginx issued as DSA-3701-1 to address CVE-2016-1247 introduced a packaging issue, which prevents nginx from being reinstalled or upgraded to a subsequent release. Updated packages are now available to address this problem. For reference, the original advisory text follows. Dawid Golun ... oval:org.secpod.oval:def:602648 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ... oval:org.secpod.oval:def:602646 It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. oval:org.secpod.oval:def:602643 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed. oval:org.secpod.oval:def:602644 Multiple vulnerabilities have been discovered in the GD Graphics Library, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:602642 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602640 Two vulnerabilities were reported in NSPR, a library to abstract over operating system interfaces developed by the Mozilla project. CVE-2016-1951 q1 reported that the NSPR implementation of sprintf-style string formatting function miscomputed memory allocation sizes, potentially leading to heap-base ... oval:org.secpod.oval:def:2001341 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. oval:org.secpod.oval:def:602672 Several cross-site scripting vulnerabilities were discovered in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor"s attachment dialogue , the AttachFile view and the GUI editor"s link dialogue . oval:org.secpod.oval:def:602673 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism ... oval:org.secpod.oval:def:602661 Aleksandar Nikolic of Cisco Talos discovered several integer overflow vulnerabilities in memcached, a high-performance memory object caching system. A remote attacker can take advantage of these flaws to cause a denial of service , or potentially to execute arbitrary code. oval:org.secpod.oval:def:602662 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes oval:org.secpod.oval:def:602579 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service. oval:org.secpod.oval:def:602578 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS ... oval:org.secpod.oval:def:602576 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie dis ... oval:org.secpod.oval:def:602571 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ oval:org.secpod.oval:def:602566 Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users pass ... oval:org.secpod.oval:def:602564 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.50 oval:org.secpod.oval:def:602563 Several security issues have been discovered in the Squid caching proxy. CVE-2016-4051: CESG and Yuriy M. Kaminskiy discovered that Squid cachemgr.cgi was vulnerable to a buffer overflow when processing remotely supplied inputs relayed through Squid. CVE-2016-4052: CESG discovered that a buffer over ... oval:org.secpod.oval:def:602560 It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin"s add/change related popup. oval:org.secpod.oval:def:602561 Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP re ... oval:org.secpod.oval:def:602595 Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tamás Németh discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance han ... oval:org.secpod.oval:def:602593 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for ... oval:org.secpod.oval:def:602594 This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, E ... oval:org.secpod.oval:def:602592 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ... oval:org.secpod.oval:def:602588 Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan ... oval:org.secpod.oval:def:602586 Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using cra ... oval:org.secpod.oval:def:36752 net/ipv4/tcp_input.c in the Linux kernel through 0:3.16.7-ckt25-2+deb8u3 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. oval:org.secpod.oval:def:2001401 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To tri ... oval:org.secpod.oval:def:2001497 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. oval:org.secpod.oval:def:602740 It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn"t correctly validate MQTT connection authentication. This allowed anyone to login to an existing user account without having to provide a password. oval:org.secpod.oval:def:602775 Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution. oval:org.secpod.oval:def:2000596 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. oval:org.secpod.oval:def:2001451 Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. oval:org.secpod.oval:def:2000586 OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. oval:org.secpod.oval:def:2001437 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. oval:org.secpod.oval:def:602780 Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap ... oval:org.secpod.oval:def:602781 Several vulnerabilities were discovered in the Apache2 HTTP server. CVE-2016-0736 RedTeam Pentesting GmbH discovered that mod_session_crypto was vulnerable to padding oracle attacks, which could allow an attacker to guess the session cookie. CVE-2016-2161 Maksim Malyutin discovered that malicious in ... oval:org.secpod.oval:def:2001091 poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash when parsing an invalid PDF file. oval:org.secpod.oval:def:603108 Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. oval:org.secpod.oval:def:2001048 In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. oval:org.secpod.oval:def:603127 Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, re ... oval:org.secpod.oval:def:603128 Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure. oval:org.secpod.oval:def:603123 Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP ser ... oval:org.secpod.oval:def:603120 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has n ... oval:org.secpod.oval:def:603118 An integer overflow vulnerability was discovered in decode_digit in libidn2-0, the GNU library for Internationalized Domain Names , allowing a remote attacker to cause a denial of service against an application using the library . oval:org.secpod.oval:def:603119 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ... oval:org.secpod.oval:def:603116 Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbit ... oval:org.secpod.oval:def:603114 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ... oval:org.secpod.oval:def:603115 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed. oval:org.secpod.oval:def:603148 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603140 Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server. oval:org.secpod.oval:def:603139 Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read. oval:org.secpod.oval:def:603135 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes oval:org.secpod.oval:def:603132 Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:603131 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ... oval:org.secpod.oval:def:603163 A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions. oval:org.secpod.oval:def:603155 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-10965 Brian "geeknik" Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with inv ... oval:org.secpod.oval:def:603180 A use-after-free vulnerability was discovered in XML::LibXML, a Perl interface to the libxml2 library, allowing an attacker to execute arbitrary code by controlling the arguments to a replaceChild call. oval:org.secpod.oval:def:603183 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ... oval:org.secpod.oval:def:603179 Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail"s formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss. oval:org.secpod.oval:def:603174 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy. oval:org.secpod.oval:def:2001548 A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. oval:org.secpod.oval:def:2000698 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. oval:org.secpod.oval:def:602802 It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code . Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for a ... oval:org.secpod.oval:def:602823 DSA-3796-1 for apache2 introduced a regression in sitesummary: fixing CVE-2016-8743 meant being more stringent when dealing with whitespace patterns in HTTP requests, and that change broke the upload tool of sitesummary-client. oval:org.secpod.oval:def:602829 Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file is opened. oval:org.secpod.oval:def:2001148 An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. oval:org.secpod.oval:def:602854 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:602853 It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution ... oval:org.secpod.oval:def:602846 Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. oval:org.secpod.oval:def:602873 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". oval:org.secpod.oval:def:602868 Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects ... oval:org.secpod.oval:def:2000283 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. oval:org.secpod.oval:def:602864 Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602869 Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects ... oval:org.secpod.oval:def:602860 It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened. oval:org.secpod.oval:def:602896 Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into proces ... oval:org.secpod.oval:def:602897 steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it. oval:org.secpod.oval:def:602888 Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file is opened. oval:org.secpod.oval:def:602880 Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small dumper/library for RTMP media streams, which may result in denial of service or the execution of arbitrary code if a malformed stream is dumped. oval:org.secpod.oval:def:603209 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603204 Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:603225 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses. oval:org.secpod.oval:def:603248 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:603242 The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. oval:org.secpod.oval:def:603241 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes oval:org.secpod.oval:def:2001159 TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. oval:org.secpod.oval:def:603234 Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named. oval:org.secpod.oval:def:603267 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. oval:org.secpod.oval:def:603255 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:603272 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ... oval:org.secpod.oval:def:602911 Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. CVE-2017-9022 RSA public keys passed to the gmp plugin aren"t validated sufficiently before attempting signature verification, so that invalid input might lead to a float ... oval:org.secpod.oval:def:602910 The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 . A sudoers user can take advantage of this flaw on an SELinux-enabled ... oval:org.secpod.oval:def:602916 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:2000784 In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. oval:org.secpod.oval:def:602900 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PC ... oval:org.secpod.oval:def:602909 Karsten Heymann discovered that the OpenLDAP directory server can be crashed by performing a paged search with a page size of 0, resulting in denial of service. This vulnerability is limited to the MDB storage backend. oval:org.secpod.oval:def:602933 Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed. oval:org.secpod.oval:def:2001621 In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. oval:org.secpod.oval:def:602935 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases ... oval:org.secpod.oval:def:602925 It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened. oval:org.secpod.oval:def:602954 The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/ ... oval:org.secpod.oval:def:602958 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:2000740 A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. oval:org.secpod.oval:def:602943 Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash . oval:org.secpod.oval:def:602946 The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt oval:org.secpod.oval:def:602947 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9468 Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host. A malicious IRC se ... oval:org.secpod.oval:def:602966 Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ... oval:org.secpod.oval:def:602967 Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ... oval:org.secpod.oval:def:602962 Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-75 ... oval:org.secpod.oval:def:602995 An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. oval:org.secpod.oval:def:602996 Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol client and server library which may result in memory disclosure, denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:2000818 An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. oval:org.secpod.oval:def:603094 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603099 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. oval:org.secpod.oval:def:603097 An information disclosure vulnerability was discovered in the Service Discovery Protocol in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys. oval:org.secpod.oval:def:603096 Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data . oval:org.secpod.oval:def:2000061 A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. oval:org.secpod.oval:def:602645 Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed. oval:org.secpod.oval:def:2000090 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in libraw-dev 0.18.2. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:603028 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases. oval:org.secpod.oval:def:603016 It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives . Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. oval:org.secpod.oval:def:603013 Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type "Digest" between successive key=value assignments, leading to information disclosure or denial of service. oval:org.secpod.oval:def:603012 This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EP ... oval:org.secpod.oval:def:603048 It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command. oval:org.secpod.oval:def:603049 Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ... oval:org.secpod.oval:def:603047 Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All thos ... oval:org.secpod.oval:def:603043 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ... oval:org.secpod.oval:def:603041 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:603033 Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side. oval:org.secpod.oval:def:603031 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes oval:org.secpod.oval:def:603064 Han Han of Red Hat discovered that augeas, a configuration editing tool, improperly handled some escaped strings. A remote attacker could leverage this flaw by sending maliciously crafted strings, thus causing an augeas-enabled application to crash or potentially execute arbitrary code. oval:org.secpod.oval:def:603065 Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS with craft KDC or TIFF file. oval:org.secpod.oval:def:603050 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:603057 It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code. oval:org.secpod.oval:def:603052 Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. oval:org.secpod.oval:def:603086 A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process cr ... oval:org.secpod.oval:def:603085 A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. oval:org.secpod.oval:def:2001422 An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. oval:org.secpod.oval:def:2000573 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." oval:org.secpod.oval:def:2000570 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in __zzip_fetch_disk_trailer . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2001407 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows ... oval:org.secpod.oval:def:2000555 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. oval:org.secpod.oval:def:2000507 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. oval:org.secpod.oval:def:2000518 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000994 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. oval:org.secpod.oval:def:2000177 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. oval:org.secpod.oval:def:2000168 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000156 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2001494 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001013 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000127 An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. oval:org.secpod.oval:def:2001473 An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2001476 In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001460 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000109 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. oval:org.secpod.oval:def:2000106 An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. oval:org.secpod.oval:def:2000105 ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. oval:org.secpod.oval:def:2001434 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData function. oval:org.secpod.oval:def:2001443 ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. oval:org.secpod.oval:def:2001073 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. oval:org.secpod.oval:def:2001062 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. oval:org.secpod.oval:def:2000194 An error within the "LibRaw::unpack" function in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. oval:org.secpod.oval:def:2000190 lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for PyCrypto"s ElGamal implementation. oval:org.secpod.oval:def:2000608 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." oval:org.secpod.oval:def:2000606 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000617 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. oval:org.secpod.oval:def:603178 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:2001543 NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. oval:org.secpod.oval:def:2000204 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000686 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service , related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. oval:org.secpod.oval:def:2001542 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned ... oval:org.secpod.oval:def:2001523 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000682 ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. oval:org.secpod.oval:def:2001500 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. oval:org.secpod.oval:def:2000641 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000661 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. oval:org.secpod.oval:def:2000638 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service via a crafted PDF file, as demonstrated by pdftops. oval:org.secpod.oval:def:2000295 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. oval:org.secpod.oval:def:2001144 An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw" function in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. oval:org.secpod.oval:def:2001145 ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. oval:org.secpod.oval:def:2001125 An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. oval:org.secpod.oval:def:2000271 An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. oval:org.secpod.oval:def:2001131 An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. oval:org.secpod.oval:def:2000269 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service. oval:org.secpod.oval:def:2000268 In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001115 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. oval:org.secpod.oval:def:2001117 ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. oval:org.secpod.oval:def:2000282 An error within the "kodak_radc_load_raw" function related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. oval:org.secpod.oval:def:2001121 In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. oval:org.secpod.oval:def:2001122 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2001104 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2001588 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. oval:org.secpod.oval:def:2001592 In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2001597 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:2001577 ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. oval:org.secpod.oval:def:2000262 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. oval:org.secpod.oval:def:2001586 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. oval:org.secpod.oval:def:603205 It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file. oval:org.secpod.oval:def:603229 Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. oval:org.secpod.oval:def:603219 Gabriel Corona reported that sensible-browser from sensible-utils, a collection of small utilities used to sensibly select and spawn an appropriate browser, editor or pager, does not validate strings before launching the program specified by the BROWSER environment variable, potentially allowing a r ... oval:org.secpod.oval:def:603214 Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. oval:org.secpod.oval:def:2001177 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite lo ... oval:org.secpod.oval:def:603235 Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running. oval:org.secpod.oval:def:2001161 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. oval:org.secpod.oval:def:2001162 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. oval:org.secpod.oval:def:603269 Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document. oval:org.secpod.oval:def:2000728 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:603266 Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. oval:org.secpod.oval:def:603251 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ... oval:org.secpod.oval:def:603250 Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. This update also fixes a regression in the handling of Type 3 fonts. oval:org.secpod.oval:def:603296 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ... oval:org.secpod.oval:def:2000335 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. oval:org.secpod.oval:def:2000787 An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. oval:org.secpod.oval:def:2001627 An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service via a crafted .asf file. oval:org.secpod.oval:def:2000778 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .avi file. oval:org.secpod.oval:def:2001604 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000761 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000389 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000388 An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, an ... oval:org.secpod.oval:def:2001240 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. oval:org.secpod.oval:def:2001202 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:603404 The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ... oval:org.secpod.oval:def:603402 This update fixes several vulnerabilities in imagemagick, a graphical software suite. Various memory handling problems or issues about incomplete input sanitizing would result in denial of service or memory disclosure. oval:org.secpod.oval:def:602554 Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to ... oval:org.secpod.oval:def:603409 Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ... oval:org.secpod.oval:def:603302 Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ... oval:org.secpod.oval:def:603309 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ... oval:org.secpod.oval:def:603329 It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603317 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. oval:org.secpod.oval:def:603312 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:603313 Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. oval:org.secpod.oval:def:603341 James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that m ... oval:org.secpod.oval:def:603335 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:603333 It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. oval:org.secpod.oval:def:2001292 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2001293 An error related to the "LibRaw::panasonic_load_raw" function in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. oval:org.secpod.oval:def:603359 It was discovered that the poppler upload for the oldstable distribution , released as DSA-4079-1, did not correctly address CVE-2017-9776 and additionally caused regressions when rendering PDFs embedding JBIG2 streams. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:2001282 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603353 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions. oval:org.secpod.oval:def:2000844 An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject function in libqpdf/QPDFWriter.cc. oval:org.secpod.oval:def:2000856 ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. oval:org.secpod.oval:def:603370 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes oval:org.secpod.oval:def:2000807 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000464 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000427 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. oval:org.secpod.oval:def:2000406 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000883 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:2000866 In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. oval:org.secpod.oval:def:2000882 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2000877 The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could ... oval:org.secpod.oval:def:2000046 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001356 In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data. oval:org.secpod.oval:def:2001360 An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:2001366 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demon ... oval:org.secpod.oval:def:2000012 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loo ... oval:org.secpod.oval:def:2001346 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. oval:org.secpod.oval:def:2000022 An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. oval:org.secpod.oval:def:2000021 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:2001342 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001344 In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001325 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:2000471 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. oval:org.secpod.oval:def:2001331 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000466 An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. oval:org.secpod.oval:def:2001320 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. oval:org.secpod.oval:def:603428 Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive. oval:org.secpod.oval:def:603425 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation. oval:org.secpod.oval:def:603423 Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ... oval:org.secpod.oval:def:603420 Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ... oval:org.secpod.oval:def:603421 Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:603418 Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached triggered by specially crafted ... oval:org.secpod.oval:def:2000099 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000074 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line in pch.c can possibly lead to DoS via a crafted input file. oval:org.secpod.oval:def:2000071 NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. oval:org.secpod.oval:def:2000082 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. oval:org.secpod.oval:def:2000969 An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .qt file. oval:org.secpod.oval:def:2000965 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. oval:org.secpod.oval:def:2000948 The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqp ... oval:org.secpod.oval:def:2000941 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. oval:org.secpod.oval:def:2000926 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000936 In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:2000930 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000912 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp. oval:org.secpod.oval:def:2000910 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore fun ... oval:org.secpod.oval:def:2000526 In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. oval:org.secpod.oval:def:2000520 An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. oval:org.secpod.oval:def:2000536 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. oval:org.secpod.oval:def:2000535 Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. oval:org.secpod.oval:def:2000519 An infinite loop when reaching EOL unexpectedly in compose/parser.c in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. oval:org.secpod.oval:def:2000997 Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. oval:org.secpod.oval:def:2001033 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2001466 An error within the "rollei_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. oval:org.secpod.oval:def:2000126 An integer overflow error within the "parse_qt" function in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. oval:org.secpod.oval:def:2000112 Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. oval:org.secpod.oval:def:2001440 An error within the "nikon_coolscan_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. oval:org.secpod.oval:def:2001088 Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. oval:org.secpod.oval:def:2001049 Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. oval:org.secpod.oval:def:603113 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote at ... oval:org.secpod.oval:def:2001043 In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${...} on an empty array result. oval:org.secpod.oval:def:2000612 Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. oval:org.secpod.oval:def:2000696 WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. oval:org.secpod.oval:def:2000672 An error within the "nikon_coolscan_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. oval:org.secpod.oval:def:2000680 The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. oval:org.secpod.oval:def:2001509 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:2000644 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structu ... oval:org.secpod.oval:def:2000623 pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. oval:org.secpod.oval:def:2001130 An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. oval:org.secpod.oval:def:2000247 An error within the "parse_minolta" function in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. oval:org.secpod.oval:def:2001554 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and includ ... oval:org.secpod.oval:def:603240 Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation. oval:org.secpod.oval:def:603236 It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened. oval:org.secpod.oval:def:2000311 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. oval:org.secpod.oval:def:2000772 The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. oval:org.secpod.oval:def:2000745 Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. oval:org.secpod.oval:def:602975 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:2001271 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. oval:org.secpod.oval:def:2001260 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... oval:org.secpod.oval:def:2001266 Cache side-channel variant of the Bleichenbacher attack oval:org.secpod.oval:def:2000392 Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on th ... oval:org.secpod.oval:def:2000347 Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upo ... oval:org.secpod.oval:def:2000364 In GNOME GLib 2.56.1, g_markup_parse_context_end_parse in gmarkup.c has a NULL pointer dereference. oval:org.secpod.oval:def:2000363 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are beli ... oval:org.secpod.oval:def:603354 A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context. oval:org.secpod.oval:def:603395 Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ... oval:org.secpod.oval:def:2000801 An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. oval:org.secpod.oval:def:2001302 An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. oval:org.secpod.oval:def:50175 In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. oval:org.secpod.oval:def:50176 In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. oval:org.secpod.oval:def:50177 In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. oval:org.secpod.oval:def:2000431 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse in gmarkup.c, related to utf8_str. oval:org.secpod.oval:def:2000864 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. oval:org.secpod.oval:def:2001389 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. oval:org.secpod.oval:def:2000068 An error within the "samsung_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. oval:org.secpod.oval:def:2000063 In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. oval:org.secpod.oval:def:2001388 Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. oval:org.secpod.oval:def:2000496 ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. oval:org.secpod.oval:def:2000477 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fil ... oval:org.secpod.oval:def:2000076 Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file. oval:org.secpod.oval:def:2000954 A buffer underwrite vulnerability in get_line in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. oval:org.secpod.oval:def:2000921 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-31 ... oval:org.secpod.oval:def:2000902 Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. oval:org.secpod.oval:def:603087 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. oval:org.secpod.oval:def:2000574 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. oval:org.secpod.oval:def:2000546 There is an illegal WRITE memory access at common-image.c in libcaca-dev 0.99.beta19 for 1bpp data. oval:org.secpod.oval:def:2000554 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ... oval:org.secpod.oval:def:50201 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50203 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50204 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:2000186 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. oval:org.secpod.oval:def:2000163 libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes that can result in a crash . This attack appears to be exploitable via the victim opening a special ... oval:org.secpod.oval:def:2001484 NULL pointer dereference in several CMS functions resulting in a denial of service oval:org.secpod.oval:def:2001456 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. oval:org.secpod.oval:def:2000139 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys oval:org.secpod.oval:def:2000120 Zone transfer controls for writable DLZ zones were not effective oval:org.secpod.oval:def:2000615 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:2000666 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. oval:org.secpod.oval:def:2000655 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. oval:org.secpod.oval:def:2000288 There is an illegal WRITE memory access at common-image.c in libcaca-dev 0.99.beta19 for 4bpp data. oval:org.secpod.oval:def:2001594 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user"s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. oval:org.secpod.oval:def:2000261 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in pdfdetach. oval:org.secpod.oval:def:2000239 An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. oval:org.secpod.oval:def:2001184 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:603258 "landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ... oval:org.secpod.oval:def:2001615 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2001262 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XM ... oval:org.secpod.oval:def:602532 Marcin "Icewall" Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitra ... oval:org.secpod.oval:def:2000345 avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service and may cause information leakage by obtaining potentially sensitive information from the responding dev ... oval:org.secpod.oval:def:2001285 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards contains a CWE-835: Loop with Unreachable Exit Condition vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE/parse_rockridge that can result in DoS by infinite loop. This attack appears to be exp ... oval:org.secpod.oval:def:2000841 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. oval:org.secpod.oval:def:603372 Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened. oval:org.secpod.oval:def:2000823 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. oval:org.secpod.oval:def:2000897 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. oval:org.secpod.oval:def:2000482 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. oval:org.secpod.oval:def:2001405 The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:2000539 In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. oval:org.secpod.oval:def:2000996 Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. oval:org.secpod.oval:def:2000188 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service or possibly have unspecified other impact because it tries to decompress twice. oval:org.secpod.oval:def:2001493 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. oval:org.secpod.oval:def:2001479 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. oval:org.secpod.oval:def:2000134 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:2001455 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:2001433 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. oval:org.secpod.oval:def:2001069 A type confusion error within the "unpacked_load_raw" function within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. oval:org.secpod.oval:def:2000221 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of ... oval:org.secpod.oval:def:2001527 An error within the "parse_rollei" function within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. oval:org.secpod.oval:def:2000664 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. oval:org.secpod.oval:def:2000627 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. oval:org.secpod.oval:def:2000632 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service via a crafted PNG file. oval:org.secpod.oval:def:2001111 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:2001565 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. oval:org.secpod.oval:def:2000237 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. oval:org.secpod.oval:def:2001562 In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:2000319 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. oval:org.secpod.oval:def:2001238 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service because ebl_core_note does not reject malformed core file notes. oval:org.secpod.oval:def:2001219 GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. oval:org.secpod.oval:def:2000379 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:2000854 A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. oval:org.secpod.oval:def:2000425 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000056 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. oval:org.secpod.oval:def:2001397 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes. oval:org.secpod.oval:def:2001384 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. oval:org.secpod.oval:def:2001335 An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds r ... oval:org.secpod.oval:def:2001314 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. oval:org.secpod.oval:def:2000084 An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. oval:org.secpod.oval:def:2000080 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure via a crafted vcf file. oval:org.secpod.oval:def:2000974 An error within the "parse_sinar_ia" function within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. oval:org.secpod.oval:def:2000952 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ... oval:org.secpod.oval:def:2001004 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c . oval:org.secpod.oval:def:2001470 SDL through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. oval:org.secpod.oval:def:59474 A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. oval:org.secpod.oval:def:59475 A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. oval:org.secpod.oval:def:59476 The "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:2000591 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. oval:org.secpod.oval:def:2000208 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating ... oval:org.secpod.oval:def:2001197 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. oval:org.secpod.oval:def:2000763 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. oval:org.secpod.oval:def:2000783 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. oval:org.secpod.oval:def:2000776 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service via the background color index in a GIF file. oval:org.secpod.oval:def:2001214 The DGifDecompressLine function in dgif_lib.c in GIFLIB , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000850 SDL through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. oval:org.secpod.oval:def:2000412 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c . oval:org.secpod.oval:def:2000872 University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open in PHP and other products, launches an rsh command without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input and if rsh has been rep ... oval:org.secpod.oval:def:2001371 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. oval:org.secpod.oval:def:2001365 An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a special ... oval:org.secpod.oval:def:602583 Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is ... oval:org.secpod.oval:def:2000086 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. oval:org.secpod.oval:def:2001034 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. oval:org.secpod.oval:def:2001505 tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. oval:org.secpod.oval:def:2001124 In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. oval:org.secpod.oval:def:2001192 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. oval:org.secpod.oval:def:603291 Two vulnerabilities have been found in Solr, a search server based on Lucene, which could result in the execution of arbitrary code or path traversal. oval:org.secpod.oval:def:603300 It was discovered that incorrect validation of frame widths in the libvpx multimedia library may result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603327 Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603324 Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. oval:org.secpod.oval:def:44750 tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. oval:org.secpod.oval:def:2000548 ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. oval:org.secpod.oval:def:2001016 An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. oval:org.secpod.oval:def:2001487 The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This ... oval:org.secpod.oval:def:2000260 Floating Point Exception in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. oval:org.secpod.oval:def:602700 Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution. As part of this update, several regressions stemming from inc ... oval:org.secpod.oval:def:602701 Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution. As part of this update, several regressions stemming from inc ... oval:org.secpod.oval:def:602705 It was discovered that the Flight Gear flight simulator performs insufficient sanitising of Nasal scripts which allows a malicious script to overwrite arbitrary files with the privileges of the user running Flight Gear. oval:org.secpod.oval:def:2001029 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directo ... oval:org.secpod.oval:def:602729 It was discovered that libvncserver0, a collection of libraries used to implement VNC/RFB clients and servers, incorrectly processed incoming network packets. This resulted in several heap-based buffer overflows, allowing a rogue server to either cause a DoS by crashing the client, or potentially ex ... oval:org.secpod.oval:def:2000133 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:603107 It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure , allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbe ... oval:org.secpod.oval:def:602877 Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break- ... oval:org.secpod.oval:def:602874 Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file. oval:org.secpod.oval:def:2001188 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:2000307 The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service via a crafted object. oval:org.secpod.oval:def:603375 It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting. oval:org.secpod.oval:def:602614 Dawid Golunski of LegalHackers discovered that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. oval:org.secpod.oval:def:602612 Dawid Golunski of LegalHackers discovered that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. oval:org.secpod.oval:def:602679 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, ... oval:org.secpod.oval:def:602677 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, ... oval:org.secpod.oval:def:603419 Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents. oval:org.secpod.oval:def:602732 Choongwoo Han discovered that a programming error in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed. oval:org.secpod.oval:def:602742 Several programming errors in the wrestool tool of icoutils, a suite of tools to create and extract MS Windows icons and cursors, allow denial of service or the execution of arbitrary code if a malformed binary is parsed. oval:org.secpod.oval:def:2001000 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:603137 Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:603177 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. oval:org.secpod.oval:def:2001519 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:602814 Multiple vulnerabilities were discovered in the icotool and wrestool tools of Icoutils, a set of programs that deal with MS Windows icons and cursors, which may result in denial of service or the execution of arbitrary code if a malformed .ico or .exe file is processed. oval:org.secpod.oval:def:2000715 Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. oval:org.secpod.oval:def:2000415 A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. oval:org.secpod.oval:def:602182 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking ... oval:org.secpod.oval:def:602663 Cris Neckar discovered multiple vulnerabilities in Pillow, a Python imaging library, which may result in the execution of arbitrary code or information disclosure if a malformed image file is processed. oval:org.secpod.oval:def:2000296 An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block "/" characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. oval:org.secpod.oval:def:2001258 An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes ... oval:org.secpod.oval:def:2001394 In Netwide Assembler 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. oval:org.secpod.oval:def:2001354 Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. oval:org.secpod.oval:def:2000108 An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. oval:org.secpod.oval:def:2000088 Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. oval:org.secpod.oval:def:603185 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection. oval:org.secpod.oval:def:602895 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography. oval:org.secpod.oval:def:602666 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service. oval:org.secpod.oval:def:603077 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, incorrect authentication, the execution of arbitrary code, denial of service, information disclosure, use of insecure cryptography or bypassing Jar verification. oval:org.secpod.oval:def:602251 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.46 oval:org.secpod.oval:def:602262 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.22. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes/ https://mariad ... oval:org.secpod.oval:def:602867 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service, memory disclosure or the execution of arbitrary code. oval:org.secpod.oval:def:602353 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47 oval:org.secpod.oval:def:602351 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/ oval:org.secpod.oval:def:602365 Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash. oval:org.secpod.oval:def:602526 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.25. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/ https://mariad ... oval:org.secpod.oval:def:602477 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.49 oval:org.secpod.oval:def:602771 Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed. oval:org.secpod.oval:def:602416 Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1577 Jacob Baines discovered a double-free flaw in the jas_iccattrval_destroy function. A remote attacker could ... oval:org.secpod.oval:def:2000411 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. oval:org.secpod.oval:def:603147 Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. oval:org.secpod.oval:def:2001118 NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service via crafted j2k files. oval:org.secpod.oval:def:2000756 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:2001378 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:2000030 Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service via crafted j2k files. oval:org.secpod.oval:def:2001457 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. oval:org.secpod.oval:def:2001149 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the ... oval:org.secpod.oval:def:603415 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. oval:org.secpod.oval:def:2001040 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. oval:org.secpod.oval:def:602757 Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in liblcms2-2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applicati ... oval:org.secpod.oval:def:2001555 In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. oval:org.secpod.oval:def:2001229 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases dow ... oval:org.secpod.oval:def:602833 Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid and setgid when dropping privileges. oval:org.secpod.oval:def:602305 Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password oval:org.secpod.oval:def:2001559 When apr_time_exp* or apr_os_exp_time* functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value ... oval:org.secpod.oval:def:2000360 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:603362 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ... oval:org.secpod.oval:def:603350 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ... oval:org.secpod.oval:def:2001288 Apache Portable Runtime Utility 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm* functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a ... oval:org.secpod.oval:def:602306 The patch applied for gdk-pixbuf to fix CVE-2015-4491 in DSA 3337-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a ... oval:org.secpod.oval:def:602308 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of ser ... oval:org.secpod.oval:def:602200 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin polic ... oval:org.secpod.oval:def:602684 Several vulnerabilities were discovered in the International Components for Unicode library. CVE-2014-9911 Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via crafted text. CVE-2015-2632 ... oval:org.secpod.oval:def:602257 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service. oval:org.secpod.oval:def:602240 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denia ... oval:org.secpod.oval:def:602278 Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-7981 Qixue Xiao discovered an out-of-bounds read vulnerability in the png_convert_to_rfc1123 function. A remote attacker can potentiall ... oval:org.secpod.oval:def:602279 It was discovered that rebinding a receiver of a direct method handle may allow a protected method to be accessed. oval:org.secpod.oval:def:602269 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:602264 Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs. oval:org.secpod.oval:def:602291 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602286 It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602414 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:602413 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwr ... oval:org.secpod.oval:def:602431 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602422 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. CVE-2016-1631 Mariusz Mlynski dis ... oval:org.secpod.oval:def:602337 The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client . SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenSSH server doesn"t support roaming, but the Ope ... oval:org.secpod.oval:def:602338 Several vulnerabilities have been discovered in the libpng PNG library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8472 It was discovered that the original fix for CVE-2015-8126 was incomplete and did not detect a potential overrun by applications us ... oval:org.secpod.oval:def:602322 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602349 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. oval:org.secpod.oval:def:602347 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. oval:org.secpod.oval:def:602375 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. oval:org.secpod.oval:def:602372 Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code. oval:org.secpod.oval:def:602389 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602531 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ... oval:org.secpod.oval:def:602540 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 38.x series has ... oval:org.secpod.oval:def:602498 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602486 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602481 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure. oval:org.secpod.oval:def:602636 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602572 Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers. CVE-2015-7977 / CVE-2015-7978 Stephen Gray discovered that a NULL pointer ... oval:org.secpod.oval:def:602589 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602580 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy. oval:org.secpod.oval:def:602193 Gustavo Grieco discovered a heap overflow in the processing of BMP images which may result in the execution of arbitrary code if a malformed image is opened. oval:org.secpod.oval:def:2000543 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. oval:org.secpod.oval:def:602951 Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ... oval:org.secpod.oval:def:602999 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ... oval:org.secpod.oval:def:603000 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext , rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker ... oval:org.secpod.oval:def:2000564 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. oval:org.secpod.oval:def:2000527 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. oval:org.secpod.oval:def:2001095 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:603189 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ... oval:org.secpod.oval:def:603310 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ... oval:org.secpod.oval:def:46445 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:2000845 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:2000802 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:2000401 In PolicyKit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:2001364 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent time ... oval:org.secpod.oval:def:45698 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load and Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the ... oval:org.secpod.oval:def:602756 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running ... oval:org.secpod.oval:def:50663 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:602704 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-2119 Stefan Metzmacher discovered that client-side SMB2/3 required signing can be downgraded, allowing ... oval:org.secpod.oval:def:2001003 An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard librar ... oval:org.secpod.oval:def:602631 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, cross-site request forgery, path traversal, or bypass restrictions. oval:org.secpod.oval:def:602639 Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data ... oval:org.secpod.oval:def:602137 Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:602173 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. oval:org.secpod.oval:def:602160 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in D ... oval:org.secpod.oval:def:602185 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in ... oval:org.secpod.oval:def:602553 The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ... oval:org.secpod.oval:def:602549 The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ... oval:org.secpod.oval:def:602545 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. oval:org.secpod.oval:def:45290 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:602774 Editor spell files passed to the vim editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602680 Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. oval:org.secpod.oval:def:2000323 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group , which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned b ... oval:org.secpod.oval:def:2000534 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. oval:org.secpod.oval:def:2000157 There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000092 CiffDirectory::readDirectory at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. oval:org.secpod.oval:def:2001023 A flaw was found in the Linux kernel in the function hid_debug_events_read in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user can cause a system lock up and a denial of service. Versions from v4.18 and newer are ... oval:org.secpod.oval:def:2000274 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange ... oval:org.secpod.oval:def:61624 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:2000437 In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. oval:org.secpod.oval:def:2001136 A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. oval:org.secpod.oval:def:2000286 A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw ... oval:org.secpod.oval:def:2000840 lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that w ... oval:org.secpod.oval:def:603412 Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file. oval:org.secpod.oval:def:43398 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:602723 A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem. The original advisory text follows for referecen. Dawid Golunski discovered that PHPMailer, a popular library t ... oval:org.secpod.oval:def:602721 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch pro ... oval:org.secpod.oval:def:602320 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ... oval:org.secpod.oval:def:602398 Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which m ... oval:org.secpod.oval:def:602520 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ... oval:org.secpod.oval:def:602541 Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library. oval:org.secpod.oval:def:602209 It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets. oval:org.secpod.oval:def:602236 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs , without sufficiently validating these values. A remote att ... oval:org.secpod.oval:def:602276 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. CVE-2015-5307 Ben Serebrin from Google discovered a guest to host denial of service flaw affecting the KVM hypervisor. A malicious guest can trigger an infinite stream of "alignment check" ... oval:org.secpod.oval:def:602299 Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:602352 Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. Upstream support for the 4.1 release series has ended and since no information is available which would allow backports of isolated security fixes, security support for virtualbox in wheezy/oldstable needed ... oval:org.secpod.oval:def:602769 Several issues have been discovered in PHP, a widely-used open source general-purpose scripting language. CVE-2016-10158 Loading a TIFF or JPEG malicious file can lead to a Denial-of-Service attack when the EXIF header is being parsed. CVE-2016-10159 Loading a malicious phar archive can cause an ext ... oval:org.secpod.oval:def:602213 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-4598 thoger at redhat dot com discovered that paths containing a NUL character were improperly handled, thus allowing an attacker to manipulate unexpected files on the server. CVE-2015-4643 Max Spelsberg discovered an intege ... oval:org.secpod.oval:def:602229 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to new upstream versions , which include additional bug fixes. Please refer to the upstream changelog for more information ... oval:org.secpod.oval:def:603231 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free in wddx_deserialize CVE-2017-11144 Denial of service in openssl extension due to incorrect return value ... oval:org.secpod.oval:def:602070 It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. oval:org.secpod.oval:def:602132 Multiple vulnerabilities have been discovered in PHP: CVE-2015-4025 / CVE-2015-4026 Multiple function didn"t check for NULL bytes in path names. CVE-2015-4024 Denial of service when processing multipart/form-data requests. CVE-2015-4022 Integer overflow in the ftp_genlist function may result in deni ... oval:org.secpod.oval:def:602170 Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service or potentially execute arbitrary code. Geoff McLane also discovered that a similar iss ... oval:org.secpod.oval:def:602168 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariad ... oval:org.secpod.oval:def:603044 Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a spec ... oval:org.secpod.oval:def:602188 Several vulnerabilities were discovered in the International Components for Unicode library. CVE-2014-8146 The Unicode Bidirectional Algorithm implementation does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service or possibly execut ... oval:org.secpod.oval:def:602074 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-8159 It was found that the Linux kernel"s InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions f ... oval:org.secpod.oval:def:603112 Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. oval:org.secpod.oval:def:602960 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ... oval:org.secpod.oval:def:602506 Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library ... oval:org.secpod.oval:def:602529 Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. ... oval:org.secpod.oval:def:602093 Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602142 Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:602177 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the ... oval:org.secpod.oval:def:602176 Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed. oval:org.secpod.oval:def:602094 Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer protocol. For Debian 7 this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default . TLS compression is dis ... oval:org.secpod.oval:def:602623 Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract files from an Amiga Disk File dump : CVE-2016-1243 A stack buffer overflow in the function extractTree might allow an attacker, with control on the content of a ADF file, to execute arbitrary code with th ... oval:org.secpod.oval:def:602172 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2015-3290 Andy Lutomirski discovered that the Linux kernel does not properly handle nested NMIs. A local, unprivileged user could use this flaw for privilege escalation. ... oval:org.secpod.oval:def:603164 It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files. oval:org.secpod.oval:def:2000501 In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. oval:org.secpod.oval:def:2000184 In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote atta ... oval:org.secpod.oval:def:2001506 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:2000647 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. oval:org.secpod.oval:def:2001160 In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. oval:org.secpod.oval:def:2000338 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000376 ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. oval:org.secpod.oval:def:2000365 ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. oval:org.secpod.oval:def:2001289 In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. oval:org.secpod.oval:def:2000829 ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. oval:org.secpod.oval:def:2001305 ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. oval:org.secpod.oval:def:2000445 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:2000460 ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. oval:org.secpod.oval:def:2000873 ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. oval:org.secpod.oval:def:2001381 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001114 Potential information exfiltration with default typing, serialization gadget from MyBatis oval:org.secpod.oval:def:2000719 Missing access_ok checks in IOCTL function oval:org.secpod.oval:def:2000635 An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data regi ... oval:org.secpod.oval:def:2000324 A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service by triggering vfs_read failures. oval:org.secpod.oval:def:2000558 KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer oval:org.secpod.oval:def:2001012 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. oval:org.secpod.oval:def:2000292 In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device that is mishandled in usb_audio_probe in sound/usb/card.c. oval:org.secpod.oval:def:50966 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. oval:org.secpod.oval:def:2000100 KVM: x86: work around leak of uninitialized stack contents oval:org.secpod.oval:def:2000582 An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. oval:org.secpod.oval:def:2000173 The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Limited remote exploitation may be possible, as demonstrated by la ... oval:org.secpod.oval:def:2000668 USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data oval:org.secpod.oval:def:54760 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. oval:org.secpod.oval:def:57841 A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel. oval:org.secpod.oval:def:2000354 Heap address infoleak in use of l2cap_get_conf_opt oval:org.secpod.oval:def:603383 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer . On a system with a driver using blk-mq , a local user might be able to us ... oval:org.secpod.oval:def:43396 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:2000418 Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp oval:org.secpod.oval:def:2001338 A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ... oval:org.secpod.oval:def:2000101 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:2001129 In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion when processing a crafted regular expression. oval:org.secpod.oval:def:2000737 match stack overflow oval:org.secpod.oval:def:2001265 memory-based DoS in tiff2bw oval:org.secpod.oval:def:2002064 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. oval:org.secpod.oval:def:2000395 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:2000547 png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. oval:org.secpod.oval:def:2001333 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:2000148 ** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was o ... oval:org.secpod.oval:def:2000470 ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor"s position is that this i ... oval:org.secpod.oval:def:2000992 An out of bounds read in the function d2alaw_array in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:2000152 A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. oval:org.secpod.oval:def:2001540 In libsndfile version 1.0.28, an error in the "aiff_read_chanmap" function can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. oval:org.secpod.oval:def:2000639 ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer"s position is that the "failure to free memory" can be fixed in applications that use the HTSlib library and is not a library issue. oval:org.secpod.oval:def:2001139 ** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program. oval:org.secpod.oval:def:2001133 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init in double64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:2000266 An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:2001580 The function d2alaw_array in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245. oval:org.secpod.oval:def:2000229 ** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it. oval:org.secpod.oval:def:2001605 An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. oval:org.secpod.oval:def:2000417 ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls ... oval:org.secpod.oval:def:2000634 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. oval:org.secpod.oval:def:2001105 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode is called with a NULL bp. oval:org.secpod.oval:def:43397 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:2000804 ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator when the global OO ... oval:org.secpod.oval:def:2001349 kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel"s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. oval:org.secpod.oval:def:45697 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load and Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the ... oval:org.secpod.oval:def:2000317 ** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had co ... oval:org.secpod.oval:def:2000013 ** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub. oval:org.secpod.oval:def:2001408 ** DISPUTED ** Reflected Cross-site scripting vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool t ... oval:org.secpod.oval:def:2000989 The S/MIME specification allows a Cipher Block Chaining malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. oval:org.secpod.oval:def:2001056 TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. oval:org.secpod.oval:def:603408 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:603394 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:2000568 The acpi_ns_evaluate function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI ... oval:org.secpod.oval:def:2001420 The acpi_ns_terminate function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI t ... oval:org.secpod.oval:def:603111 Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ... oval:org.secpod.oval:def:603232 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5754 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read m ... oval:org.secpod.oval:def:602945 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0605 A buffer overflow flaw was discovered in the trace subsystem. CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl f ... oval:org.secpod.oval:def:2001074 The acpi_ps_complete_final_op function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis ... oval:org.secpod.oval:def:2001038 ** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sens ... oval:org.secpod.oval:def:2000613 The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service via a crafted xfs image. oval:org.secpod.oval:def:2001558 The acpi_ds_create_operands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a craft ... oval:org.secpod.oval:def:2000757 Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass ... oval:org.secpod.oval:def:2001291 The Serial Attached SCSI implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service by triggering certain error-handling code. oval:org.secpod.oval:def:603396 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ... oval:org.secpod.oval:def:2000426 An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. oval:org.secpod.oval:def:2000964 An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are f ... oval:org.secpod.oval:def:603061 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially escal ... oval:org.secpod.oval:def:2000551 In Netwide Assembler 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2000562 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:2000556 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security deci ... oval:org.secpod.oval:def:2000538 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:2000506 In Netwide Assembler 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function - it is used again at multiple positions later that could cause multiple damages. For example, it causes a co ... oval:org.secpod.oval:def:2000183 In Netwide Assembler 2.14rc0, there is an illegal address access in the function find_cc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. oval:org.secpod.oval:def:2001097 In Netwide Assembler 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2001064 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. oval:org.secpod.oval:def:602296 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL point ... oval:org.secpod.oval:def:2000601 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots en ... oval:org.secpod.oval:def:2001510 The `"path"` module in the Node.js 4.x release line contains a potential regular expression denial of service vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `"p ... oval:org.secpod.oval:def:2000640 In Netwide Assembler 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. oval:org.secpod.oval:def:2001137 In Netwide Assembler 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. oval:org.secpod.oval:def:2000249 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. oval:org.secpod.oval:def:2001198 In Netwide Assembler 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. oval:org.secpod.oval:def:2000711 In Netwide Assembler 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. oval:org.secpod.oval:def:2000328 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to ma ... oval:org.secpod.oval:def:2000322 In Netwide Assembler 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2000788 In Netwide Assembler 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. oval:org.secpod.oval:def:2000385 In Netwide Assembler 2.14rc0, there is an illegal address access in is_mmacro in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. oval:org.secpod.oval:def:603338 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:2000813 In Netwide Assembler 2.14rc0, there is an illegal address access in the function paste_tokens in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. oval:org.secpod.oval:def:2000424 ** DISPUTED ** In the Admin Package Manager in Open Ticket Request System 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the ... oval:org.secpod.oval:def:2000410 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of No ... oval:org.secpod.oval:def:602616 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5170 A use-after-free issue was discovered in Blink/Webkit. CVE-2016-5171 Another use-after-free issue was discovered in Blink/Webkit. CVE-2016-5172 Choongwoo Han discovered an information leak in the v8 javascript li ... oval:org.secpod.oval:def:2000048 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding , `Buffer#write` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input byt ... oval:org.secpod.oval:def:602621 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:2001332 In Netwide Assembler 2.14rc0, preproc.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000072 In Netwide Assembler 2.14rc0, there is a heap-based buffer over-read in the function detoken in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2000949 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has b ... oval:org.secpod.oval:def:2001478 ** DISPUTED ** SQL injection vulnerability in the "where" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "id" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with un ... oval:org.secpod.oval:def:602743 Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code. There were additional vulnerabilities in the tools ... oval:org.secpod.oval:def:2001447 ** DISPUTED ** SQL injection vulnerability in the "order" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "id desc" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use wi ... oval:org.secpod.oval:def:603252 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602980 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2000456 ** DISPUTED ** SQL injection vulnerability in the "find_by" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "name" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use wit ... oval:org.secpod.oval:def:2001385 ** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue. oval:org.secpod.oval:def:2001367 ** DISPUTED ** SQL injection vulnerability in the "reorder" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "name" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use wit ... oval:org.secpod.oval:def:2001106 ** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated ... oval:org.secpod.oval:def:2001358 ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploi ... oval:org.secpod.oval:def:2000978 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000103 swt/motif/browser.c in White_dune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2001183 ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use ... oval:org.secpod.oval:def:2000791 ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional ... oval:org.secpod.oval:def:2000396 ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ... oval:org.secpod.oval:def:2001217 ** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever." oval:org.secpod.oval:def:2000879 Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. oval:org.secpod.oval:def:602870 Guido Vranken discovered that incorrect memory management in libtirpc, a transport-independent RPC library used by rpcbind and other programs may result in denial of service via memory exhaustion . oval:org.secpod.oval:def:2000746 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. oval:org.secpod.oval:def:2001392 The DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. oval:org.secpod.oval:def:2000540 ** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as ... oval:org.secpod.oval:def:2000587 The cr_parser_parse_selector_core function in cr-parser.c in libcroco3-dev 0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:2000614 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnera ... oval:org.secpod.oval:def:2001109 ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." oval:org.secpod.oval:def:2001295 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco3-dev 0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:603070 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:602779 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing ... oval:org.secpod.oval:def:602315 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local sockets can result in a use-after-free. This may ... oval:org.secpod.oval:def:602255 Two vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. CVE-2015-7803 The phar extension could crash with a NULL pointer dereference when processing tar archives containing links referring to non-existing files. This could lead to a ... oval:org.secpod.oval:def:602801 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 virtu ... oval:org.secpod.oval:def:602403 The update for linux issued as DSA-3426-1 and DSA-3434-1 to address CVE-2015-8543 uncovered a bug in ctdb, a clustered database to store temporary data, leading to broken clusters. Updated packages are now available to address this problem. oval:org.secpod.oval:def:602404 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local sockets to allocate an unfair share of kernel memory, leading to ... oval:org.secpod.oval:def:602427 Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. The oldstable distribution will be updated in a separate DSA. oval:org.secpod.oval:def:602324 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. CVE-2015-7513 It was discovered that a local user permitted to use the x86 KVM subsystem could configure the PIT emulation to cause a denial of service . C ... oval:org.secpod.oval:def:602340 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service. CVE-2013-4312 Tetsuo Handa discovered that it is possible for a process to open far more files than the process" limit leading to denial-of-service conditions. CVE-2015-7566 ... oval:org.secpod.oval:def:602364 Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang o ... oval:org.secpod.oval:def:602517 Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library. oval:org.secpod.oval:def:602539 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602524 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:602557 Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library , or potentially to execute arbitrary code with the privi ... oval:org.secpod.oval:def:602546 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ... oval:org.secpod.oval:def:602479 Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an ... oval:org.secpod.oval:def:602487 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.20, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602641 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.26, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602573 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:602569 Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application ... oval:org.secpod.oval:def:602192 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel"s keyring subsystem. A local user can exploit this flaw to cause ... |
