Download
| Alert*
|
oval:org.secpod.oval:def:2001400
A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2000503 A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000176 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENC ... oval:org.secpod.oval:def:2001083 An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size in the file rec-fex.c of librec.a. oval:org.secpod.oval:def:2000211 The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001119 The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001568 The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001196 An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name in the file rec-field.c in librec.a. oval:org.secpod.oval:def:2000708 An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user ... oval:org.secpod.oval:def:2001607 The DecodeNumber function in unrarlib.c in unrar 0.0.1 suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive. oval:org.secpod.oval:def:2001237 An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2000827 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator in eval.cpp may cause a Denial of Service via a crafted sass input file. oval:org.secpod.oval:def:2000806 An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2001309 A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. oval:org.secpod.oval:def:2000443 In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef in libr/bin/format/elf/elf.c. oval:org.secpod.oval:def:2000497 In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. oval:org.secpod.oval:def:2000465 A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:603513 Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header. oval:org.secpod.oval:def:2004020 This CVE is missing description oval:org.secpod.oval:def:2004022 fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. oval:org.secpod.oval:def:2004021 This CVE is missing description oval:org.secpod.oval:def:2000083 In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. oval:org.secpod.oval:def:2000767 SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. oval:org.secpod.oval:def:2000044 Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. oval:org.secpod.oval:def:2000087 sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim"s browser must follow ... oval:org.secpod.oval:def:2000528 soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation. oval:org.secpod.oval:def:2000175 ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. oval:org.secpod.oval:def:2000155 In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. oval:org.secpod.oval:def:2000153 An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c. oval:org.secpod.oval:def:2001472 In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service by crafting an input file. oval:org.secpod.oval:def:2004965 An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc- oval:org.secpod.oval:def:2004964 An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node- oval:org.secpod.oval:def:2004966 An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. oval:org.secpod.oval:def:2001444 In uClibc 0.9.33.2, there is stack exhaustion in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. oval:org.secpod.oval:def:2000590 ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. oval:org.secpod.oval:def:2004963 An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. oval:org.secpod.oval:def:2004117 In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077 oval:org.secpod.oval:def:2000678 Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. oval:org.secpod.oval:def:2000648 There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is ... oval:org.secpod.oval:def:2001134 The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers. oval:org.secpod.oval:def:2000325 An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000300 PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value. oval:org.secpod.oval:def:2001613 In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service by crafting an input file, a related issue to CVE-2018-20456. oval:org.secpod.oval:def:2000390 There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is ... oval:org.secpod.oval:def:2004761 GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. oval:org.secpod.oval:def:2004763 GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. oval:org.secpod.oval:def:2001225 An error within the "find_green" function in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. oval:org.secpod.oval:def:2001218 An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c. oval:org.secpod.oval:def:2001212 The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001297 An error within the "LibRaw::parse_exif" function in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. oval:org.secpod.oval:def:2004819 The scan function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file. oval:org.secpod.oval:def:2000495 An issue was discovered in Tiny C Compiler 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c. oval:org.secpod.oval:def:2000077 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/L ... oval:org.secpod.oval:def:2000081 PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index. oval:org.secpod.oval:def:603018 A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service or have unspecified other impact, if a specially crafted file is processed. oval:org.secpod.oval:def:2001402 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image function in coders/jp2.c. oval:org.secpod.oval:def:2000505 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case. oval:org.secpod.oval:def:2000514 The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000171 The __hash_open function in hash.c:229 in Mozilla Network Security Services allows context-dependent attackers to cause a denial of service via a crafted cert8.db file. oval:org.secpod.oval:def:2003681 a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. oval:org.secpod.oval:def:2001021 An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. oval:org.secpod.oval:def:2001488 Netwide Assembler through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. oval:org.secpod.oval:def:2001007 The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service via crafted input to the SMTP parser, as exploited in the wild in November 2018. oval:org.secpod.oval:def:2001446 The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG data. oval:org.secpod.oval:def:2000104 An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore . oval:org.secpod.oval:def:2001439 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. oval:org.secpod.oval:def:2000114 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case. oval:org.secpod.oval:def:2000602 The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:2000201 The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. oval:org.secpod.oval:def:2000667 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. oval:org.secpod.oval:def:2000652 samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution oval:org.secpod.oval:def:2000297 GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000287 libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. oval:org.secpod.oval:def:2000281 unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via an RAR archive containing a long filename. oval:org.secpod.oval:def:2000258 WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function for a purpose other than initializing a bitvect ... oval:org.secpod.oval:def:2001569 The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging "limited access to the machine." oval:org.secpod.oval:def:2000240 libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. oval:org.secpod.oval:def:604530 Multiple vulnerabilities have been discovered in libfaad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed. oval:org.secpod.oval:def:2004247 NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file which could be exploited. This bug is patched in NetHack 3.6.0. oval:org.secpod.oval:def:2001191 cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. oval:org.secpod.oval:def:2000729 In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef and store_versioninfo_gnu_verneed in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. oval:org.secpod.oval:def:2000341 An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which can lead to buffer overflows, and result in aborts or code execution. The process_iscsid_broadcast function i ... oval:org.secpod.oval:def:2000333 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case. oval:org.secpod.oval:def:2000797 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. oval:org.secpod.oval:def:2000743 In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. oval:org.secpod.oval:def:2000752 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. oval:org.secpod.oval:def:2004762 GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. oval:org.secpod.oval:def:2004764 GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. oval:org.secpod.oval:def:2000359 The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:2001201 There is a reachable assertion abort in the function dict_rename_var in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. oval:org.secpod.oval:def:2001290 A remote code execution vulnerability in the Android system . Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. oval:org.secpod.oval:def:2001296 In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service via a crafted pdf file. oval:org.secpod.oval:def:2000843 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case. oval:org.secpod.oval:def:2000820 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2000803 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. oval:org.secpod.oval:def:2000815 Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstr ... oval:org.secpod.oval:def:2001303 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000457 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. oval:org.secpod.oval:def:2000432 In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. oval:org.secpod.oval:def:2000888 There is a reachable assertion abort in the function dict_add_mrset in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000414 In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. oval:org.secpod.oval:def:2000868 In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. oval:org.secpod.oval:def:2000865 The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. oval:org.secpod.oval:def:2000053 The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service via a crafted .asn1 file. oval:org.secpod.oval:def:2000064 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseTo ... oval:org.secpod.oval:def:2001386 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. oval:org.secpod.oval:def:2000480 The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service via a "!2" string. oval:org.secpod.oval:def:2004456 NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-201 ... oval:org.secpod.oval:def:2000069 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case. oval:org.secpod.oval:def:2000904 An issue was discovered in vcSetXCutTextProc in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC pack ... oval:org.secpod.oval:def:2001425 Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting vulnerability in web view"s OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client"s name will cause users interacting with it will execute payload. This attack appear to be exploita ... oval:org.secpod.oval:def:2001409 af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2003682 A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. oval:org.secpod.oval:def:2001492 ntopng before 3.0 allows HTTP Response Splitting. oval:org.secpod.oval:def:2000695 Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. oval:org.secpod.oval:def:2000241 Cross-site scripting vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole ... oval:org.secpod.oval:def:2004214 The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL. oval:org.secpod.oval:def:2000703 In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. oval:org.secpod.oval:def:2001634 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol . oval:org.secpod.oval:def:2001269 A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. oval:org.secpod.oval:def:2005604 An issue was discovered in Open Ticket Request System 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm. oval:org.secpod.oval:def:2000352 A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. oval:org.secpod.oval:def:2001205 Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashl ... oval:org.secpod.oval:def:2000357 A Persistent XSS vulnerability exists in Kodi through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user"s browser via a playlist. oval:org.secpod.oval:def:603361 The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a cod ... oval:org.secpod.oval:def:2000849 Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single "$" character as the Name of a Navigation item. oval:org.secpod.oval:def:2000860 PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. oval:org.secpod.oval:def:2005240 Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates ... oval:org.secpod.oval:def:2003965 class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. oval:org.secpod.oval:def:603095 A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress. oval:org.secpod.oval:def:2000889 A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. oval:org.secpod.oval:def:2001372 ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. oval:org.secpod.oval:def:2004860 DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari. oval:org.secpod.oval:def:2005321 Horde Groupware Webmail Edition through 5.2.22 allows XSS. oval:org.secpod.oval:def:2000945 scripts/inspect_webbrowser.py in Reddit Terminal Viewer 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2004044 Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim"s webmail acc ... oval:org.secpod.oval:def:2000986 The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. oval:org.secpod.oval:def:2001572 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file th ... oval:org.secpod.oval:def:603244 Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ... oval:org.secpod.oval:def:2000714 Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite oval:org.secpod.oval:def:2004766 GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name function in cobc/tree.c via crafted COBOL source code. oval:org.secpod.oval:def:2000687 A elevation of privilege vulnerability in the Android framework . Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. oval:org.secpod.oval:def:2000785 The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/file ... oval:org.secpod.oval:def:2000842 Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API"s authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. oval:org.secpod.oval:def:2000433 An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script execu ... oval:org.secpod.oval:def:2000419 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to in ... oval:org.secpod.oval:def:2001015 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and co ... oval:org.secpod.oval:def:2001008 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure fill ... oval:org.secpod.oval:def:2003636 In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2000117 A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. oval:org.secpod.oval:def:2001081 In FreeBSD before 11.1-STABLE and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privilege ... oval:org.secpod.oval:def:2000195 mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices the content of a screensaver-locked session can be revealed. In some scen ... oval:org.secpod.oval:def:2000212 An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6. ... oval:org.secpod.oval:def:2000670 HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done ... oval:org.secpod.oval:def:2001528 PySAML2 allows remote attackers to conduct XML external entity attacks via a crafted SAML XML request or response. oval:org.secpod.oval:def:2000674 Triplea version <= 1.9.0.0.10291 contains a XML External Entity vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file . oval:org.secpod.oval:def:2000650 sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. oval:org.secpod.oval:def:2001112 ACME mini_httpd before 1.30 lets remote users read arbitrary files. oval:org.secpod.oval:def:2000225 In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel co ... oval:org.secpod.oval:def:2001164 JabRef version <=4.3.1 contains a XML External Entity vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerabi ... oval:org.secpod.oval:def:603263 It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events. oval:org.secpod.oval:def:2005260 A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector"s node_cache.find_node. This function makes a SQL query using unfiltered data from a server reporting inspection ... oval:org.secpod.oval:def:2001300 NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. oval:org.secpod.oval:def:2003570 In the function sbusfb_ioctl_helper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. oval:org.secpod.oval:def:2003557 fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. oval:org.secpod.oval:def:2000027 An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kern ... oval:org.secpod.oval:def:2000041 FreeCol version <= nightly-2018-08-22 contains a XML External Entity vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. oval:org.secpod.oval:def:603488 Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup. oval:org.secpod.oval:def:2000970 Prayer through 1.3.5 sends a Referer header, containing a user"s username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. oval:org.secpod.oval:def:2000747 The backtrack compilation code in the Irregex package before 0.9.6 for Scheme allows remote attackers to cause a denial of service via a crafted regular expression with a repeating pattern. oval:org.secpod.oval:def:2003571 The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. oval:org.secpod.oval:def:2003559 The Direct Rendering Manager subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager objects, which allows context-dependent attackers to cause a denial of service via an application that processes graphics data, as demonstrated by JavaScript code that creates ... oval:org.secpod.oval:def:2001059 acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. oval:org.secpod.oval:def:2001041 An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy, which can cause a stack-based buffer overflow. oval:org.secpod.oval:def:2001518 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created ... oval:org.secpod.oval:def:2004663 ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by "constructor": {"name":"Symbol"}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. oval:org.secpod.oval:def:2000895 An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. oval:org.secpod.oval:def:2003555 None oval:org.secpod.oval:def:2001141 In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that ... oval:org.secpod.oval:def:2000348 WordPress through 5.0.3 allows Path Traversal in wp_crop_image. An attacker can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. oval:org.secpod.oval:def:2000434 sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:2000405 unrar 0.0.1 suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. oval:org.secpod.oval:def:603505 Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list. ... oval:org.secpod.oval:def:603476 Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when "enable-http-clone=1" is not turned off. oval:org.secpod.oval:def:603014 It was discovered that ruby-mixlib-archive, a Chef Software"s library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing .. in its entries. oval:org.secpod.oval:def:2000953 The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions . oval:org.secpod.oval:def:2000062 Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service or execute arbitrary code via a crafted RAR archive. oval:org.secpod.oval:def:2000130 Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. oval:org.secpod.oval:def:2000143 ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. oval:org.secpod.oval:def:2000102 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. oval:org.secpod.oval:def:2001042 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map function in coders/wmf.c. oval:org.secpod.oval:def:2000331 An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2004787 An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. oval:org.secpod.oval:def:2005601 lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17. ... oval:org.secpod.oval:def:2001380 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. oval:org.secpod.oval:def:2000951 An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. oval:org.secpod.oval:def:2004228 Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director"s cram-md5 challenge to ... oval:org.secpod.oval:def:2001167 beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to ... oval:org.secpod.oval:def:2000775 Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service and possibly other exploitation. oval:org.secpod.oval:def:2004045 checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. oval:org.secpod.oval:def:2001512 The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." oval:org.secpod.oval:def:2000572 Open Shortest Path First protocol implementations may improperly determine Link State Advertisement recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally ... oval:org.secpod.oval:def:2001018 An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value to determine the amount of memory to allocate. oval:org.secpod.oval:def:2001006 There is an assertion abort in the function parse_attributes in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. oval:org.secpod.oval:def:2001490 In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. oval:org.secpod.oval:def:603596 The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used on a whitelisted HTML element. oval:org.secpod.oval:def:603264 A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue. For reference, the relevant part of the original advisory text follows. It was discovered t ... oval:org.secpod.oval:def:603261 It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user. oval:org.secpod.oval:def:2000795 runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. oval:org.secpod.oval:def:603403 Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0920 It was discovered that missing validation of merge requests allowed users to see names to private projects, resulting in information disclosure. CVE-2018-8971 It was discovered that the ... oval:org.secpod.oval:def:2000848 The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector . oval:org.secpod.oval:def:2004869 Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service via the n_file parameter to visualizza_contratto.php with invalid arguments , as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php. oval:org.secpod.oval:def:2001313 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p9, 12.0-STABLE, and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. oval:org.secpod.oval:def:2005355 Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and d ... oval:org.secpod.oval:def:603458 Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service. oval:org.secpod.oval:def:2000975 In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc. oval:org.secpod.oval:def:2001438 libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. oval:org.secpod.oval:def:2001550 infinite loop due to malformed request payload oval:org.secpod.oval:def:2000685 An issue was discovered in network-manager-applet in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the ... oval:org.secpod.oval:def:2001143 Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000741 In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. oval:org.secpod.oval:def:2004803 OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the tar ... oval:org.secpod.oval:def:2000070 Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password oval:org.secpod.oval:def:2000957 In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl in the file fromsixel.c, as demonstrated by sixel2png. oval:org.secpod.oval:def:2005599 An issue was discovered in OWASP ModSecurity Core Rule Set 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. oval:org.secpod.oval:def:2000913 In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then exe ... oval:org.secpod.oval:def:603220 Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked signatures, plain text leaks and denial of service. Additional information can be found under https://enigmail.net/download/other/Enigmail%20Pentest%20Re ... oval:org.secpod.oval:def:603502 It was discovered that ruby-json-jwt, a Ruby implementation of JSON web tokens performed insufficient validation of GCM auth tags. oval:org.secpod.oval:def:2005257 Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. oval:org.secpod.oval:def:2000898 Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. oval:org.secpod.oval:def:2001608 Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. oval:org.secpod.oval:def:2001531 In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. oval:org.secpod.oval:def:2001503 In FreeBSD before 11.2-RELEASE, an application which calls setrlimit to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. oval:org.secpod.oval:def:2000657 In FreeBSD before 11.2-STABLE and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. oval:org.secpod.oval:def:2001174 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE, and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged aut ... oval:org.secpod.oval:def:2000808 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE, and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the ke ... oval:org.secpod.oval:def:2001345 In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow. oval:org.secpod.oval:def:2001316 In FreeBSD before 11.2-STABLE, 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. oval:org.secpod.oval:def:2001417 In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excess ... oval:org.secpod.oval:def:2001011 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to ... oval:org.secpod.oval:def:2001482 In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the i ... oval:org.secpod.oval:def:2001549 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privile ... oval:org.secpod.oval:def:2001537 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p10, 10.4-STABLE, and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated loc ... oval:org.secpod.oval:def:2001128 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged ... oval:org.secpod.oval:def:2001591 The Stream Control Transmission Protocol module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service via a crafted ICMPv6 packet. oval:org.secpod.oval:def:2001126 In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. oval:org.secpod.oval:def:2001067 One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in th ... oval:org.secpod.oval:def:2004664 HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer is also used for a realloc return value. oval:org.secpod.oval:def:2001019 Binaries compiled against targets that use the libssp library in GCC for stack smashing protection might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. oval:org.secpod.oval:def:2004137 In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 oval:org.secpod.oval:def:2003959 OpenStack Manila =8.0.0 =9.0.0 oval:org.secpod.oval:def:2000581 The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. oval:org.secpod.oval:def:2000140 An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy in the file rec-mset.c. oval:org.secpod.oval:def:2000607 OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. oval:org.secpod.oval:def:2001525 In all android releases from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic. oval:org.secpod.oval:def:2004223 An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. oval:org.secpod.oval:def:2000314 Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. oval:org.secpod.oval:def:2001226 An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. oval:org.secpod.oval:def:2001553 cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for Libgcrypt"s ElGamal implementation. oval:org.secpod.oval:def:2003643 In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145 ... oval:org.secpod.oval:def:2003630 In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1 ... oval:org.secpod.oval:def:2000694 In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. oval:org.secpod.oval:def:2000679 There is a use-after-free at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service during a line-number increment attempt. oval:org.secpod.oval:def:2000250 WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. oval:org.secpod.oval:def:2001100 In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. oval:org.secpod.oval:def:2001633 In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp that may cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000316 In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. oval:org.secpod.oval:def:2001612 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash ... oval:org.secpod.oval:def:2001609 In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ... oval:org.secpod.oval:def:2004765 GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name function in cobc/parser.y via crafted COBOL source code. oval:org.secpod.oval:def:2000362 In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. oval:org.secpod.oval:def:2000822 VIM version 8.0.1187 ignores umask when creating a swap file resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. oval:org.secpod.oval:def:2000453 A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, lea ... oval:org.secpod.oval:def:2000878 ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service via a crafted ntfs filesystem. oval:org.secpod.oval:def:2001376 There is a use after free in radare2 2.6.0 in r_anal_bb_free in libr/anal/bb.c via a crafted Java binary file. oval:org.secpod.oval:def:2000042 There is a use-after-free at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service during certain finishes tests. oval:org.secpod.oval:def:2001547 The string component in the GNU C Library through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligne ... oval:org.secpod.oval:def:2001108 Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. oval:org.secpod.oval:def:2001103 The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dict ... oval:org.secpod.oval:def:603674 Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service. oval:org.secpod.oval:def:2001163 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage function in coders/mpc.c. oval:org.secpod.oval:def:2005061 A packet containing a malformed DUID can cause the Kea DHCPv6 server process to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. oval:org.secpod.oval:def:2005060 A missing check on incoming client requests can be exploited to cause a situation where the Kea server"s lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, ... oval:org.secpod.oval:def:2005062 An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process , causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. oval:org.secpod.oval:def:603475 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service. oval:org.secpod.oval:def:602974 Debian 9.x is installed oval:org.secpod.oval:def:2000162 debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly , which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss ... oval:org.secpod.oval:def:2000214 The r_strbuf_fini function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. oval:org.secpod.oval:def:2000377 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. oval:org.secpod.oval:def:2000580 In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain ... oval:org.secpod.oval:def:2000576 In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. oval:org.secpod.oval:def:2000459 mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" P ... oval:org.secpod.oval:def:2000749 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require hum ... oval:org.secpod.oval:def:2000880 An elevation of privilege vulnerability in the Android system . Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. oval:org.secpod.oval:def:2001267 Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring. oval:org.secpod.oval:def:2001496 XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. oval:org.secpod.oval:def:2001481 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." oval:org.secpod.oval:def:2001508 Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST . oval:org.secpod.oval:def:2001396 An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code . oval:org.secpod.oval:def:2001321 Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service via a negative length value to the memset function. oval:org.secpod.oval:def:2003964 In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. oval:org.secpod.oval:def:2004618 GitLab Community Edition and Enterprise Edition through 12.5 has Incorrect Access Control . oval:org.secpod.oval:def:2004224 An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. oval:org.secpod.oval:def:2004700 The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. oval:org.secpod.oval:def:2004822 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. oval:org.secpod.oval:def:2005258 maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. oval:org.secpod.oval:def:603030 In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility. oval:org.secpod.oval:def:603633 The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:603551 Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution or an open redirect. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-006 oval:org.secpod.oval:def:603265 Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ... oval:org.secpod.oval:def:603410 The gitlab security update announced as DSA-4206-1 caused regressions when creating merge requests due to an issue in the patch to address CVE-2017-0920. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:2000697 ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate ... oval:org.secpod.oval:def:2001352 The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the "transport.ssl" methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to c ... oval:org.secpod.oval:def:2001403 Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ... oval:org.secpod.oval:def:2000167 procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel"s proc_pid_readdir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower P ... oval:org.secpod.oval:def:2000618 In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final "\0" character. oval:org.secpod.oval:def:2004180 reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as val ... oval:org.secpod.oval:def:2004221 An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. oval:org.secpod.oval:def:602994 Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling. oval:org.secpod.oval:def:2000462 In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. oval:org.secpod.oval:def:604810 Andrew Bartlett discovered that awl, DAViCal Andrew"s Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users. oval:org.secpod.oval:def:2001489 In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. oval:org.secpod.oval:def:2001053 Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service via a specially crafted OOXML file, aka an XML Entity Expansion attack. oval:org.secpod.oval:def:2001416 Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. oval:org.secpod.oval:def:2000215 The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service via vectors involving compressed items in a reply. oval:org.secpod.oval:def:2001513 In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. oval:org.secpod.oval:def:2001520 Scrapy 1.4 allows remote attackers to cause a denial of service via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dat ... oval:org.secpod.oval:def:2000662 The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CP ... oval:org.secpod.oval:def:2001152 OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client o ... oval:org.secpod.oval:def:2000251 In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service by using the large list of registered .js files to construct a series of requests to load every file many times. oval:org.secpod.oval:def:2001249 The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. oval:org.secpod.oval:def:2001280 The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service via a crafted packet. oval:org.secpod.oval:def:2000892 In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone, cloneChildren, and copy. oval:org.secpod.oval:def:2000065 The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. oval:org.secpod.oval:def:2000034 A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections. oval:org.secpod.oval:def:2000483 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. oval:org.secpod.oval:def:2000502 bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script e ... oval:org.secpod.oval:def:2001227 A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, ... oval:org.secpod.oval:def:2000160 In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. oval:org.secpod.oval:def:2004967 An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. oval:org.secpod.oval:def:2001127 A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2000777 A type confusion error within the "identify" function in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. oval:org.secpod.oval:def:2000750 In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread in source_wavread.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:2000855 A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. oval:org.secpod.oval:def:2001424 opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:2000567 There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. oval:org.secpod.oval:def:2001431 The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerabilit ... oval:org.secpod.oval:def:2000530 In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg in the file loader.c, as demonstrated by img2sixel. oval:org.secpod.oval:def:2000532 There is a heap out of bounds read in radare2 2.6.0 in _6502_op in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. oval:org.secpod.oval:def:2000991 In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service by crafting a binary file. oval:org.secpod.oval:def:2000985 The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted Mini Crash Dump file. oval:org.secpod.oval:def:2000982 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and ... oval:org.secpod.oval:def:2000178 In radare2 2.0.1, an integer exception exists in store_versioninfo_gnu_verdef in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. oval:org.secpod.oval:def:2000170 The avr_op_analyze function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000181 In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service by crafting an input file. oval:org.secpod.oval:def:2000166 The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001486 In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. oval:org.secpod.oval:def:2003635 In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2001461 In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. oval:org.secpod.oval:def:2001450 getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service via crafted x86 assembly data, as demonstrated by rasm2. oval:org.secpod.oval:def:2001454 Netwide Assembler 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:2001077 The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. oval:org.secpod.oval:def:2001078 The parse_import_ptr function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted Mach-O file. oval:org.secpod.oval:def:2000609 In radare2 2.0.1, an integer exception exists in store_versioninfo_gnu_verneed in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. oval:org.secpod.oval:def:2000616 The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000217 In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier. oval:org.secpod.oval:def:2001521 Fast C++ CSV Parser before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h. oval:org.secpod.oval:def:2000200 The get_debug_info function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted PE file. oval:org.secpod.oval:def:2000677 The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001504 Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. oval:org.secpod.oval:def:2000276 In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. oval:org.secpod.oval:def:2000253 The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000259 The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001185 In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. oval:org.secpod.oval:def:2000734 The sh_op function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:603253 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:2000321 When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock function in lib/ttf.c. oval:org.secpod.oval:def:2001631 An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. oval:org.secpod.oval:def:2000313 An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000768 In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service by crafting an input file, a related issue to CVE-2018-20455. oval:org.secpod.oval:def:2001602 In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. oval:org.secpod.oval:def:2001276 There is an illegal address access in the function output_hex in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. oval:org.secpod.oval:def:2001235 An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. oval:org.secpod.oval:def:2001231 Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service via a crafted DNS response. oval:org.secpod.oval:def:2000353 The string_scan_range function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000851 The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000403 In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459 ... oval:org.secpod.oval:def:2000887 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. oval:org.secpod.oval:def:2000869 The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000025 The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2001351 The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." oval:org.secpod.oval:def:2001343 There is a heap out of bounds read in radare2 2.6.0 in java_switch_op in libr/anal/p/anal_java.c via a crafted Java binary file. oval:org.secpod.oval:def:2000481 unrar 0.0.1 suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. oval:org.secpod.oval:def:2000097 An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. oval:org.secpod.oval:def:2000962 The r_read_le32 function in radare2 2.5.0 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:2000925 The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000924 The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000900 In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. oval:org.secpod.oval:def:2000876 Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. oval:org.secpod.oval:def:2000374 The File Manager module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. oval:org.secpod.oval:def:603380 It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception . oval:org.secpod.oval:def:2001179 In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. oval:org.secpod.oval:def:2001223 In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be trig ... oval:org.secpod.oval:def:2000999 The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. oval:org.secpod.oval:def:2001502 mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. oval:org.secpod.oval:def:2000796 The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. oval:org.secpod.oval:def:2000810 Mercurial version 4.5 and earlier contains a Incorrect Access Control vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. oval:org.secpod.oval:def:2001089 An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker. oval:org.secpod.oval:def:2001574 An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. oval:org.secpod.oval:def:2000799 An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. oval:org.secpod.oval:def:603434 Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service. oval:org.secpod.oval:def:603493 Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when connecting to a malicious mail/NNTP server. oval:org.secpod.oval:def:2003912 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory . oval:org.secpod.oval:def:2003565 stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection 4.1 through 8 generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protec ... oval:org.secpod.oval:def:2000732 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2000552 In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. oval:org.secpod.oval:def:2000469 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000633 In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000343 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. oval:org.secpod.oval:def:2001626 OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. oval:org.secpod.oval:def:2001230 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. oval:org.secpod.oval:def:2000821 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. oval:org.secpod.oval:def:2000980 In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000575 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2001544 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2000380 OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread oval:org.secpod.oval:def:2001618 Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service or execute arbitrary code via a crafted RAR archive. oval:org.secpod.oval:def:2000724 In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000852 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human i ... oval:org.secpod.oval:def:2000492 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful atta ... oval:org.secpod.oval:def:2000304 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnera ... oval:org.secpod.oval:def:2001165 A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:2004222 An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. oval:org.secpod.oval:def:2004188 com_line in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy that may lead to arbitrary code execution. oval:org.secpod.oval:def:2003746 A memory corruption vulnerability is present in bspatch as shipped in Colin Percivals bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. oval:org.secpod.oval:def:2003683 apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-lin ... oval:org.secpod.oval:def:2000513 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2001017 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage function in coders/histogram.c. oval:org.secpod.oval:def:2001534 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. oval:org.secpod.oval:def:2001511 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c. oval:org.secpod.oval:def:2000275 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. oval:org.secpod.oval:def:2001564 In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field , only the last instance can ever be freed. oval:org.secpod.oval:def:2000721 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. oval:org.secpod.oval:def:2000712 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2000742 In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. oval:org.secpod.oval:def:2001232 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. oval:org.secpod.oval:def:2001207 In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2000344 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. oval:org.secpod.oval:def:2001294 In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. oval:org.secpod.oval:def:2000490 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:2001339 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. oval:org.secpod.oval:def:2001412 Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vu ... oval:org.secpod.oval:def:2000257 systemd v233 and earlier fails to safely parse usernames starting with a numeric digit , running the service in question with root privileges rather than the user intended. oval:org.secpod.oval:def:42507 In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and ... oval:org.secpod.oval:def:2000629 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. oval:org.secpod.oval:def:2001362 rzsz: sz can leak data to receiving side oval:org.secpod.oval:def:2000228 An infinite recursion issue was discovered in eval.c in Netwide Assembler through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of "{" characters. Remote attackers could leverage this v ... oval:org.secpod.oval:def:2001630 An issue was discovered in the function expr6 in eval.c in Netwide Assembler through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of "!" or "+" or "-" characters. Remote attackers could leverage this v ... oval:org.secpod.oval:def:604835 Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in information disclosure, denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:2005338 gif2png 2.5.13 has a memory leak in the writefile function. oval:org.secpod.oval:def:2000367 Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. oval:org.secpod.oval:def:2001287 Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. oval:org.secpod.oval:def:2000533 Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet function in the send_packets.c file uses the memcpy function unsafely to copy sequences from the source buffer pktdata to the destination ->pktdata. This will result in a Denial of Service and potentially Informat ... oval:org.secpod.oval:def:2001107 An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove. The length can be larger than source value because the function fails to ens ... oval:org.secpod.oval:def:2000375 A heap-based buffer over-read exists in the function fast_edit_packet in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service and potentially Information Exposure when the application attempts to process a crafted pcap file. oval:org.secpod.oval:def:2001348 get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service via crafted packets, as demonstrated by tcpprep. oval:org.secpod.oval:def:603951 A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution. oval:org.secpod.oval:def:2001270 The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code when TLS communication is enabled. oval:org.secpod.oval:def:2000754 An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. oval:org.secpod.oval:def:2000128 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can b ... oval:org.secpod.oval:def:2001250 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this ... oval:org.secpod.oval:def:2003558 None oval:org.secpod.oval:def:2004458 The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. oval:org.secpod.oval:def:2005560 log.c in Squid Analysis Report Generator through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place sy ... oval:org.secpod.oval:def:2003804 A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. oval:org.secpod.oval:def:2005605 An issue was discovered in Open Ticket Request System 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is rela ... oval:org.secpod.oval:def:2000920 The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. oval:org.secpod.oval:def:2000839 An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. oval:org.secpod.oval:def:2000028 The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000884 In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. oval:org.secpod.oval:def:2000643 The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rb file. oval:org.secpod.oval:def:2001535 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in ... oval:org.secpod.oval:def:2004056 The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. oval:org.secpod.oval:def:2000713 Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. oval:org.secpod.oval:def:2000826 Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag . oval:org.secpod.oval:def:2004697 An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. oval:org.secpod.oval:def:603614 Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 An SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily filte ... oval:org.secpod.oval:def:2000578 Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not ena ... oval:org.secpod.oval:def:2001028 Spring Framework allow web applications to change the HTTP request method to any HTTP method using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user can use this filter to escalate to an XST attack. oval:org.secpod.oval:def:2001251 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user can craft a message to the broker ... oval:org.secpod.oval:def:2001379 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application receives input from a remote client, and then uses that input to make a multipart r ... oval:org.secpod.oval:def:2001244 An issue was discovered in Open vSwitch 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added , OvS tries to revert back all previous flows that were successfully a ... oval:org.secpod.oval:def:603673 A regression was introduced in the previous chromium security update. The browser would always crash when launched in headless mode. This update fixes this problem. A file conflict with the buster chromium packages is also fixed. oval:org.secpod.oval:def:603920 The update for ghostscript released as DSA 4442-1 uncovered an issue in cups-filters which was using the undocumented Ghostscript internal pdfdict now hidden in the ghostscript update. Updated cups-filters packages are now available to correct this issue. oval:org.secpod.oval:def:603923 It was discovered that the Lemonldap::NG web SSO system performed insuffient validation of session tokens if the tokenUseGlobalStorage option is enabled, which could grant users with access to the main session database access to an anonymous session. oval:org.secpod.oval:def:2000853 Netwide Assembler 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. oval:org.secpod.oval:def:603609 The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update. Note that as the systemd-journald service is not restarted automatically a restart of th ... oval:org.secpod.oval:def:2000870 An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000116 An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000946 A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash. oval:org.secpod.oval:def:2000809 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.1. There is a NULL pointer dereference in ifilter_bank in libfaad/filtbank.c. oval:org.secpod.oval:def:2000172 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.1. There was a stack-based buffer overflow in the function calculate_gain in libfaad/sbr_hfadj.c. oval:org.secpod.oval:def:2001036 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.1. There was a heap-based buffer overflow in the function excluded_channels in libfaad/syntax.c. oval:org.secpod.oval:def:2000688 An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2001429 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. oval:org.secpod.oval:def:55330 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:603837 Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure. oval:org.secpod.oval:def:603639 Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:2000593 In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. oval:org.secpod.oval:def:2001058 In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. oval:org.secpod.oval:def:2000209 In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. oval:org.secpod.oval:def:2000857 In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine"s web crawler if an unusual configuration were chosen. The search engine could then index and display a user"s e-mail address and the password that was generated by default. oval:org.secpod.oval:def:2001328 In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. oval:org.secpod.oval:def:2001315 In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. oval:org.secpod.oval:def:603681 It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service. oval:org.secpod.oval:def:2000923 murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service via a message flood. oval:org.secpod.oval:def:603844 Cedric Krier discovered that missing access validation in Tryton could result in information disclosure . oval:org.secpod.oval:def:603936 Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue. oval:org.secpod.oval:def:603279 This update doesn"t fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. oval:org.secpod.oval:def:603477 It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. oval:org.secpod.oval:def:603527 Several vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16947 Jeffrey Altman reported that the backup tape controller process does accept incoming RPCs but d ... oval:org.secpod.oval:def:603416 The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:603465 Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable b ... oval:org.secpod.oval:def:603482 Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the build_res_buf_from_sip_req function could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603545 Three vulnerabilities were discovered in the Open Ticket Request System which could result in privilege escalation or denial of service. oval:org.secpod.oval:def:2000990 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2001035 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2001039 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. oval:org.secpod.oval:def:2000709 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage function in coders/png.c. oval:org.secpod.oval:def:603572 The update for ceph issued as DSA-4339-1 caused a build regression for the i386 builds. Updated packages are now available to address this issue. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx auth ... oval:org.secpod.oval:def:603574 Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content. oval:org.secpod.oval:def:603592 The update for ghostscript issued as DSA-4346-1 caused a regression when used with certain options . Updated packages are now available to correct this issue. oval:org.secpod.oval:def:603292 Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.tx ... oval:org.secpod.oval:def:603270 Two vulnerabilities were discovered in the libraries of the Vorbis audio compression codec, which could result in denial of service or the execution of arbitrary code if a malformed media file is processed. oval:org.secpod.oval:def:603348 It was discovered that a race condition in beep allows local privilege escalation. oval:org.secpod.oval:def:603351 Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ... oval:org.secpod.oval:def:603366 Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened. oval:org.secpod.oval:def:603385 Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the "quasselcore" service after upgrading the Quassel packages. oval:org.secpod.oval:def:2000301 An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603072 Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users ... oval:org.secpod.oval:def:603076 Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in t ... oval:org.secpod.oval:def:603082 It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code. oval:org.secpod.oval:def:603098 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation. CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in infor ... oval:org.secpod.oval:def:603141 Niklas Abel discovered that insufficient input sanitising in the the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. oval:org.secpod.oval:def:603160 It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in. oval:org.secpod.oval:def:603173 Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work: CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. CVE-2017-8809 Reflected file download in API. CVE-2017-8810 On private wikis the login ... oval:org.secpod.oval:def:603181 Several vulnerabilities have been found in VLC, the VideoLAN project"s media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603186 Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents. oval:org.secpod.oval:def:603190 Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command. oval:org.secpod.oval:def:603203 George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance. oval:org.secpod.oval:def:602952 The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For reference, the relevant part of the original advisory text fol ... oval:org.secpod.oval:def:603299 The security update announced as DSA-4120-1 caused regressions on the powerpc kernel architecture . Updated packages are now available to correct this issue. oval:org.secpod.oval:def:603498 The security update announced as DSA 4279-1 caused regressions on the ARM architectures . Updated packages are now available to correct this issue. oval:org.secpod.oval:def:2004145 Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. oval:org.secpod.oval:def:604833 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery forcing an authenticated user to be logged out, or a Cross-Side Scripting l ... oval:org.secpod.oval:def:2001156 Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbi ... oval:org.secpod.oval:def:2001573 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service via a crafted Jpeg2000 file. oval:org.secpod.oval:def:42584 libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. oval:org.secpod.oval:def:48009 libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ... oval:org.secpod.oval:def:2004161 This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does ... oval:org.secpod.oval:def:2003958 This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-su ... oval:org.secpod.oval:def:2001024 The Net::LDAP gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. oval:org.secpod.oval:def:603457 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:2003642 In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for explo ... oval:org.secpod.oval:def:603136 Two unspecified vulnerabilities were discovered in OpenJFX, a rich client application platform for Java. oval:org.secpod.oval:def:2001310 In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because "subevent" is overflowed. oval:org.secpod.oval:def:603935 The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the deliver_message function may result in the execution of arbitrary commands. oval:org.secpod.oval:def:2001220 The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. oval:org.secpod.oval:def:55473 WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The ... oval:org.secpod.oval:def:2000611 Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vul ... oval:org.secpod.oval:def:2000073 The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2000651 python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection oval:org.secpod.oval:def:604660 It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals. This update provides a fixed configuration for new deployments, for existing setups, the NEW ... oval:org.secpod.oval:def:2005363 Exiv2::PngImage::readMetadata in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service via a crafted image file. oval:org.secpod.oval:def:2005359 There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. oval:org.secpod.oval:def:2005606 An issue was discovered in Open Ticket Request System 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OT ... oval:org.secpod.oval:def:2005608 An issue was discovered in Open Ticket Request System 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary f ... oval:org.secpod.oval:def:2003901 In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. oval:org.secpod.oval:def:603364 Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files , which could result in the execution of arbitrary code if a malformed spreadsheet is processed. oval:org.secpod.oval:def:2004454 asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code via a crafted server response, because of access to an uninitialized pointer in the array data decoder. oval:org.secpod.oval:def:2004457 The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. Apache NetBeans" versions up to and including 11.2 are affe ... oval:org.secpod.oval:def:2000094 An exploitable cross site scripting vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim"s browser. An attacker can phish an au ... oval:org.secpod.oval:def:2000819 A SQL injection bypass exists in OWASP ModSecurity Core Rule Set through v3.1.0-rc3 via {`a`b} where a is a special function name and b is the SQL statement to be executed. oval:org.secpod.oval:def:2003963 jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] . Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. oval:org.secpod.oval:def:2004157 A buffer overflow vulnerability in LibRaw version oval:org.secpod.oval:def:2000159 In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. oval:org.secpod.oval:def:2000690 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. ... oval:org.secpod.oval:def:2003941 In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. oval:org.secpod.oval:def:2003943 An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. oval:org.secpod.oval:def:2004899 This CVE is missing description oval:org.secpod.oval:def:603379 Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. oval:org.secpod.oval:def:603371 Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. oval:org.secpod.oval:def:2001061 An invalid memory address dereference was discovered in the huffcode function in Freeware Advanced Audio Coder 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case. oval:org.secpod.oval:def:603437 Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call. oval:org.secpod.oval:def:2000384 The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, run_file, backup, or restore function. The vulnerability allo ... oval:org.secpod.oval:def:603607 Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a lightweight messaging kernel, could result in the execution of arbitrary code. oval:org.secpod.oval:def:603314 Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. oval:org.secpod.oval:def:603632 Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2 ... oval:org.secpod.oval:def:2000541 There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. oval:org.secpod.oval:def:2001468 An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. oval:org.secpod.oval:def:2000302 An issue was discovered in Freeware Advanced Audio Decoder 2 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. oval:org.secpod.oval:def:2000830 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE ... oval:org.secpod.oval:def:603017 The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. oval:org.secpod.oval:def:604543 It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users. oval:org.secpod.oval:def:603847 It was discovered that SPIP, a website engine for publishing, did not properly sanitize its user input. This would allow an authenticated user to perform arbitrary command execution. oval:org.secpod.oval:def:603431 Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection. oval:org.secpod.oval:def:2000254 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. oval:org.secpod.oval:def:2000356 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. oval:org.secpod.oval:def:2000141 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. oval:org.secpod.oval:def:2000838 The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering crafted operations on array data structures. oval:org.secpod.oval:def:2000422 nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a ... oval:org.secpod.oval:def:2004181 In IJG JPEG before 9d, jpeg_mem_available in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. oval:org.secpod.oval:def:2003926 This CVE is missing description oval:org.secpod.oval:def:2004692 CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed ve ... oval:org.secpod.oval:def:604787 This update fixes several vulnerabilities in Graphicsmagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed. oval:org.secpod.oval:def:2001458 An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. oval:org.secpod.oval:def:2000753 ruby-grape ruby gem suffers from a cross-site scripting vulnerability via "format" parameter. oval:org.secpod.oval:def:603318 Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0915 / CVE-2018-3710 Arbitrary code execution in project import. CVE-2017-0916 Command injection via Webhooks. CVE-2017-0917 Cross-site scripting in CI job output. CVE-2017-0918 Insufficient ... oval:org.secpod.oval:def:2004701 moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. oval:org.secpod.oval:def:2004932 Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. oval:org.secpod.oval:def:2000956 An issue was discovered in Anti-Grain Geometry 2.4 as used in SVG++ 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to . If dx >= dx_limit, which is , this function will call itself recursively. There can be a situation where is always bigger than dx_limit during the recursion, ... oval:org.secpod.oval:def:2000529 An issue was discovered in singledocparser.cpp in yaml-cpp 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage ... oval:org.secpod.oval:def:2000959 The SingleDocParser::HandleFlowSequence function in yaml-cpp 0.6.2 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2001632 The SingleDocParser::HandleFlowMap function in yaml-cpp 0.6.2 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2000901 The Scanner::EnsureTokensInQueue function in yaml-cpp 0.6.2 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2000800 An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. oval:org.secpod.oval:def:2001340 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. oval:org.secpod.oval:def:2000213 Sandstorm Cap"n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap"n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bo ... oval:org.secpod.oval:def:2000050 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. oval:org.secpod.oval:def:602968 It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. oval:org.secpod.oval:def:68294 Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests. oval:org.secpod.oval:def:2001582 Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. oval:org.secpod.oval:def:2001222 There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:68293 A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process. oval:org.secpod.oval:def:603092 An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as "optional". A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 c ... oval:org.secpod.oval:def:2000579 The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001474 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. oval:org.secpod.oval:def:2001452 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage function in coders/mat.c. oval:org.secpod.oval:def:2001090 The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service via a crafted file, related to the WriteMSLImage function. oval:org.secpod.oval:def:2000671 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. oval:org.secpod.oval:def:2001155 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:2001587 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file that is mishandled in an AcquireSemaphoreInfo call. oval:org.secpod.oval:def:2000232 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. oval:org.secpod.oval:def:2000342 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. oval:org.secpod.oval:def:2000759 The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. oval:org.secpod.oval:def:2000452 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. oval:org.secpod.oval:def:2000413 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000896 The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001395 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. oval:org.secpod.oval:def:2000060 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service via a crafted file that is mishandled in an OpenPixelCache call. oval:org.secpod.oval:def:603088 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ... oval:org.secpod.oval:def:603159 Ryan Day discovered that the Simple Linux Utility for Resource Management , a cluster resource management and job scheduling system, does not properly handle SPANK environment variables, allowing a user permitted to submit jobs to execute code as root during the Prolog or Epilog. All systems using a ... oval:org.secpod.oval:def:2001619 In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service , as demonstrated by bson-to-json.c. oval:org.secpod.oval:def:2000199 In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. oval:org.secpod.oval:def:603091 Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed. oval:org.secpod.oval:def:603134 It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input. This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop. oval:org.secpod.oval:def:603172 "shamger" and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service. See https://varnish-cache.org/security/VSV00002.html for details. oval:org.secpod.oval:def:2000511 In lib/ofp-util.c in Open vSwitch before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct an ... oval:org.secpod.oval:def:603124 It was discovered that the Tor onion service could leak sensitive information to log files if the SafeLogging option is set to 0. The oldstable distribution is not affected. oval:org.secpod.oval:def:603171 Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes. oval:org.secpod.oval:def:2000636 A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host"s logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the ... oval:org.secpod.oval:def:2001261 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:603191 Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-16943 A use-after-free vulnerability was discovered in Exim"s routines responsible for parsing mail headers. A remote attacker can ... oval:org.secpod.oval:def:603195 Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system. oval:org.secpod.oval:def:603226 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code. oval:org.secpod.oval:def:2000285 Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string can append a chunk onto itself. oval:org.secpod.oval:def:603202 Michael Eder and Thomas Kittel discovered that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service by sending maliciously crafted packets. oval:org.secpod.oval:def:603233 Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files. oval:org.secpod.oval:def:2000222 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. oval:org.secpod.oval:def:603274 Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted. oval:org.secpod.oval:def:2000973 Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browse ... oval:org.secpod.oval:def:2000730 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2000474 Cross-site scripting vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:2000003 The function MP4Free in mp4property.cpp in libmp4v2 2.1.0 internally calls free on a invalid pointer, raising a SIGABRT signal. oval:org.secpod.oval:def:2000145 The function mp4v2:impl::MP4Track::FinishSdtp in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. oval:org.secpod.oval:def:2000079 An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. oval:org.secpod.oval:def:2001383 In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. oval:org.secpod.oval:def:603298 Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth m ... oval:org.secpod.oval:def:2000963 HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP funct ... oval:org.secpod.oval:def:2000124 The af_get_page function in lib/afflib_pages.cpp in AFFLIB through 3.7.16 allows remote attackers to cause a denial of service via a corrupt AFF image that triggers an unexpected pagesize value. oval:org.secpod.oval:def:2000264 gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. oval:org.secpod.oval:def:2000569 In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is "fixed" by jQuery after sanitization, making it dangerous. oval:org.secpod.oval:def:603167 Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code. oval:org.secpod.oval:def:2000370 In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. oval:org.secpod.oval:def:2000095 OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. oval:org.secpod.oval:def:2001172 mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. oval:org.secpod.oval:def:603466 Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management , a cluster resource management and job scheduling system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-7033 Incomplete sanitization of user-provided text strin ... oval:org.secpod.oval:def:603210 Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer. The oldstable distribution is not affected. oval:org.secpod.oval:def:2001256 CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. oval:org.secpod.oval:def:2001057 libephymain.so in GNOME Web through 3.28.2.1 allows remote attackers to cause a denial of service via certain window.open and document.write calls. oval:org.secpod.oval:def:2000766 ephy-session.c in libephymain.so in GNOME Web through 3.28.2.1 allows remote attackers to cause a denial of service via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. oval:org.secpod.oval:def:2001209 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function . Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. oval:org.secpod.oval:def:2000402 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2001247 In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. oval:org.secpod.oval:def:2000553 webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. oval:org.secpod.oval:def:2001150 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating the domain parameter of the samba URL. oval:org.secpod.oval:def:2000701 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script "mount.cifs.wrapper" uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards . oval:org.secpod.oval:def:2001216 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere by passing directory traversal sequences such as a home/../usr substring. oval:org.secpod.oval:def:2000950 An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. oval:org.secpod.oval:def:2001275 An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of other users" icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user"s $HOME/.face locat ... oval:org.secpod.oval:def:603448 Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application"s root directory via specially crafted requests, when the Sprockets server is used in production. oval:org.secpod.oval:def:603316 Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ... oval:org.secpod.oval:def:603463 Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with p ... oval:org.secpod.oval:def:2001601 NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service , as demonstrated by end2xml. oval:org.secpod.oval:def:2000451 Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service , as demonstrated by isi2xml. oval:org.secpod.oval:def:2000202 In check_user_token in util.c in the Yubico PAM module 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure and/or DoS . oval:org.secpod.oval:def:2000409 webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. oval:org.secpod.oval:def:603474 Enrico Zini discovered a vulnerability in Syntastic, an addon module for the Vim editor that runs a file through external checkers and displays any resulting errors. Config files were looked up in the current working directory which could result in arbitrary shell code execution if a malformed sourc ... oval:org.secpod.oval:def:2001413 The wavwritehdr function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted snd file, during conversion to a wav file. oval:org.secpod.oval:def:2001465 The read_samples function in hcom.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted hcom file. oval:org.secpod.oval:def:2000230 In lsx_aiffstartread in aiff.c in Sound eXchange 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. oval:org.secpod.oval:def:2000306 The startread function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:2000463 There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2001382 There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:2000018 There is a reachable assertion abort in the function sox_append_comment in formats.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. oval:org.secpod.oval:def:603485 Chris Coulson discovered a use-after-free flaw in the GNOME Display Manager, triggerable by an unprivileged user via a specially crafted sequence of D-Bus method calls, leading to denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:2001086 An issue was discovered in libtskimg.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory caus ... oval:org.secpod.oval:def:2000454 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmappe ... oval:org.secpod.oval:def:2000067 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me ... oval:org.secpod.oval:def:2001361 An issue was discovered in libtskbase.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unm ... oval:org.secpod.oval:def:2001286 NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service , as demonstrated by copac2xml. oval:org.secpod.oval:def:2000995 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. oval:org.secpod.oval:def:2000378 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. oval:org.secpod.oval:def:603528 Joran Herve discovered that the Okular document viewer was susceptible to directory traversal via malformed .okular files , which could result in the creation of arbitrary files. oval:org.secpod.oval:def:2001524 _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. oval:org.secpod.oval:def:2000545 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16. oval:org.secpod.oval:def:2000542 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:2000557 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1. oval:org.secpod.oval:def:2000284 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8. oval:org.secpod.oval:def:2000358 An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. oval:org.secpod.oval:def:2000066 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32. oval:org.secpod.oval:def:2001334 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4. oval:org.secpod.oval:def:603525 Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which result in incorrectly configured rate limits, information disclosure in Special:Redirect/logid and bypass of an account lock. oval:org.secpod.oval:def:2000720 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string"s length, allowing attackers to cause a denial of service by crafting an input file with certain translation dictionaries. oval:org.secpod.oval:def:2003560 The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:603387 Several vulnerabilities were discovered in MAD, an MPEG audio decoder library, which could result in denial of service if a malformed audio file is processed. oval:org.secpod.oval:def:2000182 A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. oval:org.secpod.oval:def:2001464 The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service via a forged NTP packet, which triggers a communication loop. oval:org.secpod.oval:def:2001236 Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". oval:org.secpod.oval:def:2001208 PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D;" because empty geometries are mishandled. oval:org.secpod.oval:def:2004150 rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. oval:org.secpod.oval:def:2000472 An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. oval:org.secpod.oval:def:2000977 An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2001432 A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. oval:org.secpod.oval:def:2000515 An error within the "leaf_hdr_load_raw" function in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. oval:org.secpod.oval:def:2000733 A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. oval:org.secpod.oval:def:2000846 A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. oval:org.secpod.oval:def:2000408 A boundary error within the "quicktake_100_load_raw" function in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. oval:org.secpod.oval:def:2000899 A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. oval:org.secpod.oval:def:2004805 This CVE is missing description oval:org.secpod.oval:def:603405 Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages. oval:org.secpod.oval:def:603454 A timing attack was discovered in the function for CSRF token validation of the "Ruby rack protection" framework. oval:org.secpod.oval:def:2000216 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. oval:org.secpod.oval:def:2000814 A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t ... oval:org.secpod.oval:def:2001576 A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. oval:org.secpod.oval:def:2000440 The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure via a crafted audio file. oval:org.secpod.oval:def:2003747 libcroco3-dev through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. oval:org.secpod.oval:def:2001189 It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. oval:org.secpod.oval:def:2005624 It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. oval:org.secpod.oval:def:2003981 This CVE is missing description oval:org.secpod.oval:def:2004226 In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. oval:org.secpod.oval:def:2004225 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. oval:org.secpod.oval:def:604838 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and Cross-Site Request Forgery attacks, create files on the server, disclose private information, create open redirects, poison cache, and bypass authori ... oval:org.secpod.oval:def:2003706 Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. oval:org.secpod.oval:def:2003569 The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. oval:org.secpod.oval:def:2003561 Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. oval:org.secpod.oval:def:2000699 The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objec ... oval:org.secpod.oval:def:2000663 The SingleDocParser::HandleNode function in yaml-cpp 0.5.3 allows remote attackers to cause a denial of service via a crafted YAML file. oval:org.secpod.oval:def:2000893 The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. oval:org.secpod.oval:def:2001398 The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the HESIOD_CONFIG or HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. oval:org.secpod.oval:def:2001530 An issue has been discovered in mpruett Audio File Library 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. oval:org.secpod.oval:def:603557 It was discovered that incorrect connection setup in the server for Teeworlds, an online multi-player platform 2D shooter, could result in denial of service via forged connection packets . oval:org.secpod.oval:def:2000592 lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. oval:org.secpod.oval:def:603563 Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code. oval:org.secpod.oval:def:2000549 The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000906 The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:603601 It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. oval:org.secpod.oval:def:2000154 The Gluster file system through version 4.1.4 is vulnerable to abuse of the "features/index" translator. A remote attacker with access to mount volumes could exploit this via the "GF_XATTROP_ENTRY_IN_KEY" xattrop to create arbitrary, empty files on the target server. oval:org.secpod.oval:def:2000198 A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs-comm ... oval:org.secpod.oval:def:2001190 An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a va ... oval:org.secpod.oval:def:2000371 BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service via BGP mask expressions in birdc. oval:org.secpod.oval:def:2001485 keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. oval:org.secpod.oval:def:2000588 keepalived 2.0.8 didn"t check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalive ... oval:org.secpod.oval:def:2001076 keepalived 2.0.8 didn"t check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name , with read access for the attacker and write access for the keepalived process, then this pot ... oval:org.secpod.oval:def:2000940 Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-DH cipher suites. oval:org.secpod.oval:def:2001318 In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:2000206 GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thu ... oval:org.secpod.oval:def:2000210 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. oval:org.secpod.oval:def:603642 Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code. oval:org.secpod.oval:def:603631 Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information. oval:org.secpod.oval:def:2000238 An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject->GetDictionary.AddKey can be problematic due to the function GetObject being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer derefer ... oval:org.secpod.oval:def:2001498 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. oval:org.secpod.oval:def:2000441 An issue was discovered in mgetty before 1.2.1. In fax_notify_mail in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. oval:org.secpod.oval:def:603512 Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user. oval:org.secpod.oval:def:2001459 An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. oval:org.secpod.oval:def:2000447 An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. oval:org.secpod.oval:def:2000863 A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. oval:org.secpod.oval:def:2000976 SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2000938 A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:2000937 A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. oval:org.secpod.oval:def:603245 It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. oval:org.secpod.oval:def:2001610 Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. oval:org.secpod.oval:def:2001369 Smarty_Security::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. oval:org.secpod.oval:def:2001475 CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. oval:org.secpod.oval:def:603459 A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code. oval:org.secpod.oval:def:603569 Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was suspectible to replay attacks and calculated signatures incorrectly, ceph mon did not validate capabilities for pool operations and a format string vulnerability in librado ... oval:org.secpod.oval:def:603358 Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient. oval:org.secpod.oval:def:2000642 stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token oval:org.secpod.oval:def:603429 Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive. oval:org.secpod.oval:def:2000509 An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. oval:org.secpod.oval:def:2003916 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. oval:org.secpod.oval:def:2004189 gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. oval:org.secpod.oval:def:2001442 Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states "We understand that the OpenSSH developers do not want to treat such a username enumeration as a vul ... oval:org.secpod.oval:def:603590 Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, an implementation of the AppleTalk Protocol Suite, allowing an unauthenticated user to execute arbitrary code with root privileges. oval:org.secpod.oval:def:2000236 In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditio ... oval:org.secpod.oval:def:2000351 Crypto++ through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertio ... oval:org.secpod.oval:def:2004857 mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1. oval:org.secpod.oval:def:2001030 perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option"s setting. oval:org.secpod.oval:def:2004040 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attack ... oval:org.secpod.oval:def:2004042 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated ... oval:org.secpod.oval:def:2004041 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ... oval:org.secpod.oval:def:2004043 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulner ... oval:org.secpod.oval:def:2004788 In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma"s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the at ... oval:org.secpod.oval:def:2004139 In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- ... oval:org.secpod.oval:def:2001495 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, th ... oval:org.secpod.oval:def:2001142 A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service. oval:org.secpod.oval:def:2000716 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. oval:org.secpod.oval:def:2001277 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently hig ... oval:org.secpod.oval:def:2000448 A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. oval:org.secpod.oval:def:603635 It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of apply_extra scripts which could potentially result in privilege escalation. oval:org.secpod.oval:def:2001581 contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service via a member MODDN operation. oval:org.secpod.oval:def:2004730 DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. oval:org.secpod.oval:def:2004731 J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. oval:org.secpod.oval:def:2004905 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All release ... oval:org.secpod.oval:def:2000355 In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. oval:org.secpod.oval:def:2000563 improper implementation of GPOs due to too restrictive permissions oval:org.secpod.oval:def:603927 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:2000404 A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data`: {% highlight c %} if { fprintf; } if { memcpy; out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is cl ... oval:org.secpod.oval:def:2000400 An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object`: {% highlight c %} if { size_t outlen; int offs = _ykpiv_get_length; if { return YKPIV_SIZE_ERROR; } memmove; *len = outlen; ret ... oval:org.secpod.oval:def:2000223 Multiple integer overflow and buffer overflow issues were discovered in spice-client"s handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. oval:org.secpod.oval:def:2004665 libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer is also used for a realloc return value. oval:org.secpod.oval:def:2003823 libfreerdp/codec/interleaved.c in FreeRDP versions oval:org.secpod.oval:def:2003819 In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c . oval:org.secpod.oval:def:2000958 ** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $" and "python $" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code. oval:org.secpod.oval:def:2001173 In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-servic ... oval:org.secpod.oval:def:2001516 In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. oval:org.secpod.oval:def:2000744 ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real, library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization by ... oval:org.secpod.oval:def:2000016 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by craf ... oval:org.secpod.oval:def:2000947 WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. oval:org.secpod.oval:def:2004011 In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. oval:org.secpod.oval:def:2001037 In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:2003982 yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. oval:org.secpod.oval:def:2004142 In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- ... oval:org.secpod.oval:def:2004028 This CVE is missing description oval:org.secpod.oval:def:2004993 "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. oval:org.secpod.oval:def:2004995 This CVE is missing description oval:org.secpod.oval:def:2004982 An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. oval:org.secpod.oval:def:2000932 This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck. A crafted request can ... oval:org.secpod.oval:def:2003632 A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real in journald-server.c does not free the memory allocated by set_iovec_field_free to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-jour ... oval:org.secpod.oval:def:2000861 sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. oval:org.secpod.oval:def:2003568 The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. oval:org.secpod.oval:def:2003599 A memory leak in the ql_alloc_large_buffers function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service by triggering pci_dma_mapping_error failures, aka CID-1acb8f2a7a9f. oval:org.secpod.oval:def:2001323 To provide fine-grained controls over the ability to use Dynamic DNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update reques ... oval:org.secpod.oval:def:2004451 In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: ... oval:org.secpod.oval:def:604464 Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address CVE-2018 ... oval:org.secpod.oval:def:2000516 samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms where glibc is not used, possibly leading to a buffer overflow. oval:org.secpod.oval:def:2000911 QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. oval:org.secpod.oval:def:603952 Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup. oval:org.secpod.oval:def:2001471 An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. oval:org.secpod.oval:def:2001598 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. oval:org.secpod.oval:def:603478 Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled. oval:org.secpod.oval:def:2000326 A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying filesystem may have changed since the time lstat was called in usb_mtp_object_alloc, a classic ... oval:org.secpod.oval:def:2001418 Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. oval:org.secpod.oval:def:2001579 The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service , or possibly have unspecified other impact. oval:org.secpod.oval:def:2000192 In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service . oval:org.secpod.oval:def:603221 Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys. oval:org.secpod.oval:def:603471 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:2000625 LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. oval:org.secpod.oval:def:2000653 An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service via a crafted .webp file. oval:org.secpod.oval:def:2000337 An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service via a crafted .ps file. oval:org.secpod.oval:def:603273 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:603560 Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer which could result in denial of service or the execution of arbitrary code if malformed documents are opened. oval:org.secpod.oval:def:2001556 mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline or a crafted email address, related to the escape and autolink functions. oval:org.secpod.oval:def:2001529 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in ... oval:org.secpod.oval:def:2003563 The glob function in glob.c in the GNU C Library before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service . oval:org.secpod.oval:def:2000498 pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression. oval:org.secpod.oval:def:2001072 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service or information disclosure. oval:org.secpod.oval:def:603129 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed. oval:org.secpod.oval:def:603187 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. oval:org.secpod.oval:def:603081 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafte ... oval:org.secpod.oval:def:2001153 NULL Pointer Access in function imagetopnm of convert.c:2226 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. oval:org.secpod.oval:def:2000393 NULL Pointer Access in function imagetopnm of convert.c:1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. oval:org.secpod.oval:def:2000811 There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization. Impact is Denial of Service. oval:org.secpod.oval:def:2000935 There is a NULL Pointer Access in function imagetopnm of convert.c:1943 of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization. Impact is Denial of Service. oval:org.secpod.oval:def:2000918 Heap Buffer Over-read in function imagetotga of convert.c:942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. oval:org.secpod.oval:def:603037 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue. C ... oval:org.secpod.oval:def:603117 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. CVE-2017-5113 A buffer overflow issue was discovered in the ... oval:org.secpod.oval:def:603157 Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ... oval:org.secpod.oval:def:603161 Several vulnerabilities have been discovered in the chromium browser. CVE-2017-15398 Ned Williamson discovered a stack overflow issue. CVE-2017-15399 Zhao Qixun discovered a use-after-free issue in the v8 javascript library. oval:org.secpod.oval:def:603213 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15407 Ned Williamson discovered an out-of-bounds write issue. CVE-2017-15408 Ke Liu discovered a heap overflow issue in the pdfium library. CVE-2017-15409 An out-of-bounds write issue was discovered in the skia librar ... oval:org.secpod.oval:def:603378 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6056 lokihardt discovered an error in the v8 javascript library. CVE-2018-6057 Gal Beniamini discovered errors related to shared memory permissions. CVE-2018-6060 Omair discovered a use-after-free issue in blink/webki ... oval:org.secpod.oval:def:603441 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6118 Ned Williamson discovered a use-after-free issue. CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. CVE-2018-6121 It was discovered that malicious extensions could escalate privi ... oval:org.secpod.oval:def:603257 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420 Drew Springall discovered a URL spoofing issue. CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2018-6031 A use-after-free issue was discovered in the pdfium library. ... oval:org.secpod.oval:def:603570 An out-of-bounds bounds memory access issue was discovered in chromium"s v8 javascript library by cloudfuzzer. This update also fixes two problems introduced by the previous security upload. Support for arm64 has been restored and gconf-service is no longer a package dependency. oval:org.secpod.oval:def:68299 Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. oval:org.secpod.oval:def:2004220 fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap size calculation. oval:org.secpod.oval:def:2003702 A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leading ... oval:org.secpod.oval:def:2004039 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto ... oval:org.secpod.oval:def:2003839 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. oval:org.secpod.oval:def:2003820 A buffer overflow was found in perl-DBI oval:org.secpod.oval:def:2003680 To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of t ... oval:org.secpod.oval:def:2003857 A use after free was found in igc_reloc_struct_ptr of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. oval:org.secpod.oval:def:2003947 Reported in SOLR-14515 and fixed in SOLR-14561 , released in Solr version 8.6.0. The Replication handler allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. oval:org.secpod.oval:def:2004050 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. oval:org.secpod.oval:def:2003745 In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of ... oval:org.secpod.oval:def:2003970 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. oval:org.secpod.oval:def:2003906 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool . oval:org.secpod.oval:def:2003905 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracl ... oval:org.secpod.oval:def:2003907 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool . oval:org.secpod.oval:def:2004174 In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android I ... oval:org.secpod.oval:def:2003994 In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. oval:org.secpod.oval:def:2003995 In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account . oval:org.secpod.oval:def:604854 Multiple vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers. oval:org.secpod.oval:def:2003703 yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. oval:org.secpod.oval:def:2003992 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:2003991 Vulnerability in the MySQL Client product of Oracle MySQL . Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Succe ... oval:org.secpod.oval:def:2003911 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean . oval:org.secpod.oval:def:2003919 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded . oval:org.secpod.oval:def:2003922 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime . oval:org.secpod.oval:def:2003921 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider . oval:org.secpod.oval:def:2003914 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* . oval:org.secpod.oval:def:2003909 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. oval:org.secpod.oval:def:2003913 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider . oval:org.secpod.oval:def:2003939 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results . The attacker must be able to insert crafted data into certain database tables, which when retrieve ... oval:org.secpod.oval:def:2003938 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username . A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account . oval:org.secpod.oval:def:2003940 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a cra ... oval:org.secpod.oval:def:2004057 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView"s JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. oval:org.secpod.oval:def:2003918 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef . oval:org.secpod.oval:def:2003917 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory . oval:org.secpod.oval:def:2004051 Go before 1.12.16 and 1.13.x before 1.13.7 allows attacks on clients via a malformed X.509 certificate. oval:org.secpod.oval:def:2003915 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig . oval:org.secpod.oval:def:2003908 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig . oval:org.secpod.oval:def:2003920 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig . oval:org.secpod.oval:def:2003699 OpenSMTPD before 6.6.4 allows local users to read arbitrary files because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. oval:org.secpod.oval:def:2004235 Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. oval:org.secpod.oval:def:2003910 FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. oval:org.secpod.oval:def:604710 Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade. oval:org.secpod.oval:def:2003996 Cacti 1.2.8 allows Remote Code Execution via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. oval:org.secpod.oval:def:2003997 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php . oval:org.secpod.oval:def:604853 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed ... oval:org.secpod.oval:def:2004532 Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. oval:org.secpod.oval:def:68084 It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. oval:org.secpod.oval:def:2004943 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. oval:org.secpod.oval:def:2003595 LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 , affecting applications that call LZ4_compress_fast with a large input. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." oval:org.secpod.oval:def:2004917 Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. oval:org.secpod.oval:def:604536 It was discovered that OpenDMARC, a milter implementation of DMARC, is prone to a signature-bypass vulnerability with multiple From: addresses. oval:org.secpod.oval:def:2004549 set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. oval:org.secpod.oval:def:2004942 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an attack ... oval:org.secpod.oval:def:2004754 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. oval:org.secpod.oval:def:2004858 mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1. oval:org.secpod.oval:def:2005331 OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress . The attack vector is: Many scenarios of DICOM file processing . The fixed version is: 3.6.4, after commit 40917614e. oval:org.secpod.oval:def:2004535 The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse in lines: 952, 1062. The attack vec ... oval:org.secpod.oval:def:604797 Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent ... oval:org.secpod.oval:def:2003582 In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or ... oval:org.secpod.oval:def:2004936 WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig . The attack vector is: Maliciously crafted .wav file. The fixed version is: After ... oval:org.secpod.oval:def:2003579 An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info- oval:org.secpod.oval:def:603938 A flaw was discovered in the CalDAV feature in httpd of the Cyrus IMAP server, leading to denial of service or potentially the execution of arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. oval:org.secpod.oval:def:603940 Harrison Neil discovered that the getACL command in Zookeeper, a service for maintaining configuration information, did not validate permissions, which could result in information disclosure. oval:org.secpod.oval:def:603924 It was discovered that incomplete validation in a Phar processing library embedded in Drupal, a fully-featured content management framework, could result in information disclosure. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-007. oval:org.secpod.oval:def:2000928 Insecure handling of arguments in helpers oval:org.secpod.oval:def:604620 An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of service, or potentially the execution of arbitrary code. oval:org.secpod.oval:def:2003566 The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file. oval:org.secpod.oval:def:2004927 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will b ... oval:org.secpod.oval:def:2004929 It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially differe ... oval:org.secpod.oval:def:2005018 WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video , an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. oval:org.secpod.oval:def:603828 It was discovered that missing input sanitising in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-004. oval:org.secpod.oval:def:603842 Adam Dobrawy, Frederico Silva and Gregory Brzeski from HyperOne.com discovered that pdns, an authoritative DNS server, did not properly validate user-supplied data when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend. This would allow a remote user to cause eithe ... oval:org.secpod.oval:def:603849 Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. oval:org.secpod.oval:def:603840 Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used. oval:org.secpod.oval:def:2000449 improper polymorphic deserialization of types from Oracle JDBC driver oval:org.secpod.oval:def:2000461 improper polymorphic deserialization of types from Jodd-db library oval:org.secpod.oval:def:2004941 An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:2003556 In the GNU C Library before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service or trigger an incorrect result by attempting a regular-expression match. oval:org.secpod.oval:def:2001453 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other im ... oval:org.secpod.oval:def:2000368 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000494 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service or possibly have unspecified other ... oval:org.secpod.oval:def:2000929 Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user"s session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user"s session token if unencrypted HTTP requests are made to the same domain. oval:org.secpod.oval:def:2001079 slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been publ ... oval:org.secpod.oval:def:603610 Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution. For additional information, please refer to the upstream advisories at https://www.drupal.org/sa-core-2019-001 and https://www.drupal.org/sa-core-2019-002 oval:org.secpod.oval:def:2000566 An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. oval:org.secpod.oval:def:2001273 An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. oval:org.secpod.oval:def:2000833 embed/ephy-web-view.c in GNOME Web through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type . This is similar to the CVE-2018-8383 issue in Microsoft Edge. oval:org.secpod.oval:def:2001099 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2001252 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2001096 In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. oval:org.secpod.oval:def:2000193 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2000630 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2000096 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. oval:org.secpod.oval:def:2001234 commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. oval:org.secpod.oval:def:2000458 Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. oval:org.secpod.oval:def:2000871 svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. oval:org.secpod.oval:def:603586 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. CVE-2018-18335 A buffer overflow issue was dis ... oval:org.secpod.oval:def:603522 Two vulnerabilities have been discovered in the chromium web browser. Kevin Cheung discovered an error in the WebAssembly implementation and evil1m0 discovered a URL spoofing issue. oval:org.secpod.oval:def:2000525 Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the ... oval:org.secpod.oval:def:2000774 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. oval:org.secpod.oval:def:2000933 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. oval:org.secpod.oval:def:2000908 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. oval:org.secpod.oval:def:2001120 There is memory leak at liblas::Open in libLAS 1.8.1. oval:org.secpod.oval:def:2001199 There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF in libLAS 1.8.1 that will cause a denial of service. oval:org.secpod.oval:def:2000489 There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF in libLAS 1.8.1 that will cause a denial of service. oval:org.secpod.oval:def:2000645 There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF in libLAS 1.8.1 that will cause a denial of service. oval:org.secpod.oval:def:2000726 FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client"s memory.. This attack appear t ... oval:org.secpod.oval:def:2001517 An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti ... oval:org.secpod.oval:def:2000115 An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method of a class that"s the `data_class` of a form, and when a file upload is submit ... oval:org.secpod.oval:def:2001080 In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine. oval:org.secpod.oval:def:2001175 In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD. oval:org.secpod.oval:def:2001071 In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack . oval:org.secpod.oval:def:2001215 An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. oval:org.secpod.oval:def:2001595 An issue has been found in Mini-XML 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. oval:org.secpod.oval:def:2001168 An issue has been found in Mini-XML 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the "<order type="real">" substring, as demonstrated by testmxml. oval:org.secpod.oval:def:603608 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-19961 / CVE-2018-19962 Paul Durrant discovered that incorrect TLB handling could result in denial of service, privilege escalation or information leaks. CVE-2018-19965 Matthew Daley discovered that incorrect handling of th ... oval:org.secpod.oval:def:2001629 In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service via a crafted svg file, as demonstrated by mupdf-gl. oval:org.secpod.oval:def:2000944 In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service via a crafted svg file, as demonstrated by mupdf-gl. oval:org.secpod.oval:def:2000681 In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. oval:org.secpod.oval:def:2001281 The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. oval:org.secpod.oval:def:2000019 In The Sleuth Kit through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:2001255 Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHand ... oval:org.secpod.oval:def:2000988 Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller r ... oval:org.secpod.oval:def:2001195 A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args at tcpbridge.c, causing a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000770 A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4 in incremental_checksum.h, causing a denial of service. oval:org.secpod.oval:def:2001170 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:2000179 A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. oval:org.secpod.oval:def:2000132 cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c and cairo-image-compositor.c . oval:org.secpod.oval:def:2001146 Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. oval:org.secpod.oval:def:603523 Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message. oval:org.secpod.oval:def:2000487 Gitolite before 3.6.9 does not properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. oval:org.secpod.oval:def:2001010 TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. oval:org.secpod.oval:def:2000165 A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by provi ... oval:org.secpod.oval:def:603501 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, cache poisoning or information disclosure. oval:org.secpod.oval:def:2000585 GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id, after a long time, the program will be killed. This attack appears to be exploitable via parsi ... oval:org.secpod.oval:def:2001393 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting attack in the default servlet/services. oval:org.secpod.oval:def:2001257 Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. oval:org.secpod.oval:def:2000233 openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. oval:org.secpod.oval:def:603470 Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the "user_allow_other" restriction when SELinux is active . A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the "allow_other" mou ... oval:org.secpod.oval:def:2001259 MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted MP4 file. oval:org.secpod.oval:def:603374 A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004 oval:org.secpod.oval:def:2000263 MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. oval:org.secpod.oval:def:2000605 MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted MP4 file, because access to the data structur ... oval:org.secpod.oval:def:2001469 In MP4v2 2.0.0, there is an integer overflow when resizing MP4Array for the ftyp atom in mp4array.h. oval:org.secpod.oval:def:2000684 In MP4v2 2.0.0, there is an integer underflow when parsing MP4Atom in mp4atom.cpp. oval:org.secpod.oval:def:2000903 A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. oval:org.secpod.oval:def:2000624 In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox"s AFMParser. oval:org.secpod.oval:def:2001589 A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:2000189 Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. oval:org.secpod.oval:def:2000158 A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. oval:org.secpod.oval:def:2001075 The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. oval:org.secpod.oval:def:603436 It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle could perform less Miller-Rabin primality tests than expected. oval:org.secpod.oval:def:2001311 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000161 In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000832 In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. oval:org.secpod.oval:def:2001428 Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2001583 In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user"s control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is su ... oval:org.secpod.oval:def:2001283 Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:603393 Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed. The oldstable distribution is not affected. oval:org.secpod.oval:def:2000669 An error in the "read_metadata_vorbiscomment_" function in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. oval:org.secpod.oval:def:2000858 LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. oval:org.secpod.oval:def:2000531 In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. oval:org.secpod.oval:def:2001224 In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. oval:org.secpod.oval:def:2000939 In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. oval:org.secpod.oval:def:603390 An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure. oval:org.secpod.oval:def:603376 Andrea Basile discovered that the "archive" plugin in roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize a user-controlled parameter, allowing a remote attacker to inject arbitrary IMAP commands and perform malicious actions. oval:org.secpod.oval:def:2001054 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user can craft a message to the broker th ... oval:org.secpod.oval:def:603340 Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code. The oldstable distribution is not affected. oval:org.secpod.oval:def:2000486 Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in ... oval:org.secpod.oval:def:2000828 A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress" extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress" zip pac ... oval:org.secpod.oval:def:2000226 MIT libkrb5-dev 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service or bypass a DN container check by supplying tagged data that is internal to the database module. oval:org.secpod.oval:def:2001263 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string ... oval:org.secpod.oval:def:2001563 In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service . oval:org.secpod.oval:def:2000423 The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. oval:org.secpod.oval:def:603295 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. oval:org.secpod.oval:def:603388 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525. oval:org.secpod.oval:def:603297 Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service. oval:org.secpod.oval:def:2000847 In the startread function in xa.c in Sound eXchange through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. oval:org.secpod.oval:def:2000874 When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details are exposed as plain text. oval:org.secpod.oval:def:2001327 In Apache JMeter 2.X and 3.X, when using Distributed Test only , jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. oval:org.secpod.oval:def:603620 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in go get, which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:603332 Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute ... oval:org.secpod.oval:def:2000589 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks wr ... oval:org.secpod.oval:def:2001187 An issue was discovered in MIT Kerberos 5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center , which allows remote authenticated users to cause a denial of service via a mo ... oval:org.secpod.oval:def:2000438 An issue was discovered in MIT Kerberos 5 through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other ... oval:org.secpod.oval:def:603322 Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:2000032 Cross-site scripting vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. oval:org.secpod.oval:def:2000916 A NULL pointer dereference Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:2001578 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:603175 Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. oval:org.secpod.oval:def:44751 rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. oval:org.secpod.oval:def:603080 Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key. See https://eprint.iacr.org/2017/806 for details. oval:org.secpod.oval:def:2001623 There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:603039 Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ... oval:org.secpod.oval:def:603207 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code. oval:org.secpod.oval:def:2000836 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service because of mishandling of an unexpected malloc call. oval:org.secpod.oval:def:602953 Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. oval:org.secpod.oval:def:2000430 In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. oval:org.secpod.oval:def:2000294 Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. oval:org.secpod.oval:def:2001617 Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU allows local guest OS users to cause a denial of service via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. oval:org.secpod.oval:def:2000381 Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000968 Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2003562 chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:2000298 Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:2001329 Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution oval:org.secpod.oval:def:2000196 The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. oval:org.secpod.oval:def:2000603 The iconv program in the GNU C Library 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. oval:org.secpod.oval:def:2004244 This CVE is missing description oval:org.secpod.oval:def:2001499 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000683 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000026 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000468 An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" componen ... oval:org.secpod.oval:def:2000909 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2004998 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cros ... oval:org.secpod.oval:def:2004997 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004999 A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously craft ... oval:org.secpod.oval:def:2004989 This CVE is missing description oval:org.secpod.oval:def:2004988 This CVE is missing description oval:org.secpod.oval:def:2004990 A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. oval:org.secpod.oval:def:2004992 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004991 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004996 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004976 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004975 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2004978 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004977 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2004979 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004981 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process m ... oval:org.secpod.oval:def:2004980 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code ex ... oval:org.secpod.oval:def:2004983 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004984 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004969 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004968 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code ex ... oval:org.secpod.oval:def:2004970 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004972 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004971 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004974 A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing malicious ... oval:org.secpod.oval:def:2004973 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005050 A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. oval:org.secpod.oval:def:2005052 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005051 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005054 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005053 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005056 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005055 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005058 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005057 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005059 A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. oval:org.secpod.oval:def:2005041 A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. oval:org.secpod.oval:def:2005043 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:2005042 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2005045 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2005044 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2005047 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. oval:org.secpod.oval:def:2005046 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005049 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005048 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005030 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005032 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005031 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005034 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005033 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005036 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005035 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005038 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code ex ... oval:org.secpod.oval:def:2005037 A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. oval:org.secpod.oval:def:2005039 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code ex ... oval:org.secpod.oval:def:2005019 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. oval:org.secpod.oval:def:2005020 A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. oval:org.secpod.oval:def:2005023 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2005025 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005024 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:2005027 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2005026 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary co ... oval:org.secpod.oval:def:2005029 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005028 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to ... oval:org.secpod.oval:def:2005009 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005008 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005010 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005012 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005011 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005014 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005013 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005016 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005015 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005017 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005001 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005000 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005003 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005002 This CVE is missing description oval:org.secpod.oval:def:2005005 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2005004 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005007 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2005006 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitra ... oval:org.secpod.oval:def:2004987 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code ... oval:org.secpod.oval:def:2004986 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004994 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2004985 A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. oval:org.secpod.oval:def:2005040 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2005021 This CVE is missing description oval:org.secpod.oval:def:2005022 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:603208 It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB. oval:org.secpod.oval:def:2003904 minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. oval:org.secpod.oval:def:2001462 Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP error page generation for certificate errors. oval:org.secpod.oval:def:2001477 Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service via a crafted TCP-based service. oval:org.secpod.oval:def:2004236 GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. oval:org.secpod.oval:def:2003888 In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. oval:org.secpod.oval:def:2004960 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. oval:org.secpod.oval:def:603401 Hans Jerry Illikainen discovered a type conversion vulnerability in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played. This update upgrades VLC in stretch to the new 3.x release series . In addition two packages needed ... oval:org.secpod.oval:def:603254 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of dervice or the execution of arbitrary code. oval:org.secpod.oval:def:603417 It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:603543 Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:603604 An integer underflow was discovered in the CAF demuxer of the VLC media player. oval:org.secpod.oval:def:2005303 In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. oval:org.secpod.oval:def:603939 Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed. oval:org.secpod.oval:def:2005305 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. oval:org.secpod.oval:def:2004111 Vulnerability in the Java SE product of Oracle Java SE . The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result ... oval:org.secpod.oval:def:2004209 In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. oval:org.secpod.oval:def:2001002 GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ... oval:org.secpod.oval:def:2004212 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. oval:org.secpod.oval:def:2004213 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. oval:org.secpod.oval:def:2004207 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. oval:org.secpod.oval:def:2004208 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. oval:org.secpod.oval:def:2004204 In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. oval:org.secpod.oval:def:2004211 In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. oval:org.secpod.oval:def:2004112 Vulnerability in the Java SE product of Oracle Java SE . The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a ... oval:org.secpod.oval:def:2004205 This CVE is missing description oval:org.secpod.oval:def:2004206 This CVE is missing description oval:org.secpod.oval:def:2000789 The function Object::isName in Object.h in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001624 CCITTFaxStream::readRow in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service via a crafted pdf file, as demonstrated by pdftoppm. oval:org.secpod.oval:def:2001414 The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. oval:org.secpod.oval:def:603561 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation. CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox. CVE-2018-17463 Ned Williamson and Niklas Baums ... oval:org.secpod.oval:def:2003597 There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. oval:org.secpod.oval:def:2003596 There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. oval:org.secpod.oval:def:2005277 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind ... oval:org.secpod.oval:def:2001406 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory o ... oval:org.secpod.oval:def:2001025 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:603621 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in go get, which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:2001050 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_infile PHP configu ... oval:org.secpod.oval:def:2000622 A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request wi ... oval:org.secpod.oval:def:2001596 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:2000794 An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vu ... oval:org.secpod.oval:def:2000748 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. oval:org.secpod.oval:def:2000436 A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user"s session. oval:org.secpod.oval:def:2000054 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. oval:org.secpod.oval:def:2000960 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "" . This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:2000504 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in Private DNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later ... oval:org.secpod.oval:def:2000987 An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of ... oval:org.secpod.oval:def:2000151 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy function in DriverManager/__info.c. oval:org.secpod.oval:def:2000150 Netwide Assembler before 2.13.02 has a use-after-free in detoken at asm/preproc.c. oval:org.secpod.oval:def:2000164 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2001448 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1 ... oval:org.secpod.oval:def:2000599 An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation ... oval:org.secpod.oval:def:2001094 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade an ... oval:org.secpod.oval:def:2001098 The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. oval:org.secpod.oval:def:603573 It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream. oval:org.secpod.oval:def:2001045 An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_for ... oval:org.secpod.oval:def:2000600 ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. oval:org.secpod.oval:def:2000203 Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. oval:org.secpod.oval:def:2000626 Netwide Assembler 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. oval:org.secpod.oval:def:2000299 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. oval:org.secpod.oval:def:2000277 Netwide Assembler 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. oval:org.secpod.oval:def:2000272 Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance"s port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to ... oval:org.secpod.oval:def:2001135 Netwide Assembler 2.14rc15 has a buffer over-read in x86/regflags.c. oval:org.secpod.oval:def:2001116 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:2000255 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. oval:org.secpod.oval:def:2000235 Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. oval:org.secpod.oval:def:2000339 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000310 The DGifDecompressLine function in dgif_lib.c in GIFLIB , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000793 In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. oval:org.secpod.oval:def:2000786 Netwide Assembler 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. oval:org.secpod.oval:def:2001611 Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. oval:org.secpod.oval:def:2001606 Incorrect returning of an error code in the index.c:read_entry function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:2000758 An issue was discovered in shadow 4.5. newgidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator ... oval:org.secpod.oval:def:2001264 An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:2001248 When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17"s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, ... oval:org.secpod.oval:def:2001241 Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. oval:org.secpod.oval:def:2001299 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. oval:org.secpod.oval:def:603389 Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ... oval:org.secpod.oval:def:603397 Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files. oval:org.secpod.oval:def:2001304 In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000862 There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer. oval:org.secpod.oval:def:2000051 In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. oval:org.secpod.oval:def:2000047 Integer overflow in the index.c:read_entry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:2000059 The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a craft ... oval:org.secpod.oval:def:2001363 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. oval:org.secpod.oval:def:2000038 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:2000008 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:2001312 Netwide Assembler 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. oval:org.secpod.oval:def:2000479 asm/labels.c in Netwide Assembler is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603413 It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ... oval:org.secpod.oval:def:603414 It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation. D ... oval:org.secpod.oval:def:2000971 nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. oval:org.secpod.oval:def:2000943 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000955 Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. oval:org.secpod.oval:def:2000914 NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption of nasm when handling a crafted file due to function assemble_file at asm/nasm.c:482. vulnerability in function assemble_file at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack app ... oval:org.secpod.oval:def:2000560 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 oval:org.secpod.oval:def:2001032 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. oval:org.secpod.oval:def:2000187 Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 oval:org.secpod.oval:def:2001009 Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker to execute arbitrary code as the user running Ohcount. oval:org.secpod.oval:def:2001483 XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. oval:org.secpod.oval:def:2000144 The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service via a crafted HTML file. oval:org.secpod.oval:def:2000142 The function d2ulaw_array in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246. oval:org.secpod.oval:def:2000137 There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2001445 The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:2000122 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:2000121 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service via a file that begins with many "\0" characters. oval:org.secpod.oval:def:2001435 A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive in ... oval:org.secpod.oval:def:2000598 In The Sleuth Kit 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read in tsk/img/img_io.c in libtskimg.a. oval:org.secpod.oval:def:2001087 Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. oval:org.secpod.oval:def:2000197 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. oval:org.secpod.oval:def:603125 Security researcher discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user wou ... oval:org.secpod.oval:def:603122 Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak oval:org.secpod.oval:def:2000604 The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:603130 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks. oval:org.secpod.oval:def:603169 It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overf ... oval:org.secpod.oval:def:603182 A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack. The authentication token for an user is saved in clear text to the log file, which could enable an attacker with access to the logs to bypass the authentication pr ... oval:org.secpod.oval:def:603176 Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform. oval:org.secpod.oval:def:2001154 In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control ... oval:org.secpod.oval:def:2000245 An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. oval:org.secpod.oval:def:2000231 The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:2000244 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:2001560 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash . oval:org.secpod.oval:def:2000234 The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603227 Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened. oval:org.secpod.oval:def:2001194 The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:603218 Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ... oval:org.secpod.oval:def:603215 It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. oval:org.secpod.oval:def:603216 Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. oval:org.secpod.oval:def:2001158 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. oval:org.secpod.oval:def:2000725 The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service by triggering many media connections. oval:org.secpod.oval:def:2000330 The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:2000771 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by re ... oval:org.secpod.oval:def:2001600 The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. oval:org.secpod.oval:def:603835 An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed throu ... oval:org.secpod.oval:def:2000399 A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. oval:org.secpod.oval:def:2000372 The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:2000361 The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:2000859 In The Sleuth Kit 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. oval:org.secpod.oval:def:2000824 backintime before 1.1.24 did improper escaping/quoting of file paths used as arguments to the "notify-send" command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file ... oval:org.secpod.oval:def:2001307 spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. oval:org.secpod.oval:def:2000429 In The Sleuth Kit 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. oval:org.secpod.oval:def:2000439 The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:2000890 There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000035 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02 ... oval:org.secpod.oval:def:2000040 Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. oval:org.secpod.oval:def:2000007 Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. oval:org.secpod.oval:def:2000005 plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 through 1.15.2 mishandles Distinguished Name fields, which allows remote attackers to execute arbitrary code or cause a denial of service in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_o ... oval:org.secpod.oval:def:2001355 The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:2001336 The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:2001337 In PyYAML before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used. oval:org.secpod.oval:def:2001330 The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:2000484 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option. oval:org.secpod.oval:def:2000091 main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "k ... oval:org.secpod.oval:def:2000078 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:2000967 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets. oval:org.secpod.oval:def:2000981 There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:603492 Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code. oval:org.secpod.oval:def:2000907 NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. oval:org.secpod.oval:def:603089 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands oval:org.secpod.oval:def:2000584 The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted archive. oval:org.secpod.oval:def:2001415 The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2001404 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. oval:org.secpod.oval:def:2000522 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash when parsing an invalid file. oval:org.secpod.oval:def:2000521 The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:2000998 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2000510 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service via a crafted binary file, related to use of a variable-size stack array. oval:org.secpod.oval:def:2001467 Incorrect interaction of the parse_packet and parse_part_sign_sha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:2000131 Cross-site scripting vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." oval:org.secpod.oval:def:2000118 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001092 The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2001532 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:2001566 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service via a large AXFR response, and possibly allows IXFR servers to cause a denial of service via a large IXFR response and allows remote authenticated users to cause ... oval:org.secpod.oval:def:2000227 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001561 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603239 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions. oval:org.secpod.oval:def:603281 Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-001 oval:org.secpod.oval:def:2000329 PoDoFo 0.9.5 allows denial of service via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure . oval:org.secpod.oval:def:2000340 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. oval:org.secpod.oval:def:2000773 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:602957 Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. oval:org.secpod.oval:def:602949 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to ... oval:org.secpod.oval:def:2001242 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001228 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001211 The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. oval:org.secpod.oval:def:2000886 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000049 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2000058 In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000011 The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. oval:org.secpod.oval:def:2000010 The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. oval:org.secpod.oval:def:2000024 In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. oval:org.secpod.oval:def:2000917 The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted tnef file. oval:org.secpod.oval:def:2000915 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001430 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. oval:org.secpod.oval:def:2000561 In Long Range Zip 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000500 Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O lookup time. oval:org.secpod.oval:def:2000136 In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream in sass_context.cpp. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2001068 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:603165 A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. An authenticated attacker can take advantage of this flaw to read roundcube"s configuration files. oval:org.secpod.oval:def:2000207 The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000676 An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc. With an unexpected size, the impact may have been a segfault or ... oval:org.secpod.oval:def:2000658 In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000631 etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. oval:org.secpod.oval:def:2001147 libical allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:2000252 The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. oval:org.secpod.oval:def:2001590 There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2001110 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:2001102 In Long Range Zip 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:603678 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application c ... oval:org.secpod.oval:def:2001193 In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. oval:org.secpod.oval:def:2000707 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:2000705 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. oval:org.secpod.oval:def:2000373 There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. oval:org.secpod.oval:def:2000369 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot"s AES-CBC encryption feature using environment encryption read environment variables from disk as the encrypted disk image is processed. An attacker with physical access ... oval:org.secpod.oval:def:2001210 Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. oval:org.secpod.oval:def:2000817 A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. oval:org.secpod.oval:def:2000421 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000867 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. oval:org.secpod.oval:def:2001390 http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-162 ... oval:org.secpod.oval:def:2001374 The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:2000017 In Long Range Zip 0.631, there is an infinite loop and application hang in the get_fileinfo function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2000499 There is a stack consumption vulnerability in the lex function in parser.hpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:2000485 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001026 ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. oval:org.secpod.oval:def:2001001 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service , which could be relevant if unrarlib is used as library code for a long-running application. oval:org.secpod.oval:def:2001084 An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be ... oval:org.secpod.oval:def:2001044 The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:2000619 rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. oval:org.secpod.oval:def:2000205 A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thu ... oval:org.secpod.oval:def:2000220 QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:2000656 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:2000628 The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2001157 In the GNU C Library through 2.29, the memcmp function for the x32 architecture can incorrectly return zero because the RDX most significant bit is mishandled. oval:org.secpod.oval:def:2001123 cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. oval:org.secpod.oval:def:2000265 In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS. oval:org.secpod.oval:def:603238 It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution. oval:org.secpod.oval:def:2000308 There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. oval:org.secpod.oval:def:2000397 marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. oval:org.secpod.oval:def:2000366 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:2001221 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn"t stop when it should after no match is found; inste ... oval:org.secpod.oval:def:2000837 negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. oval:org.secpod.oval:def:2001308 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a IIS header that lets users override the path in the request URL via the X-Origina ... oval:org.secpod.oval:def:2000442 SimpleXML is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. oval:org.secpod.oval:def:603917 Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution. oval:org.secpod.oval:def:2001399 The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 . oval:org.secpod.oval:def:2001373 The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2000045 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. oval:org.secpod.oval:def:2000493 In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. oval:org.secpod.oval:def:2000491 There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor"s CVE-2017-11555 fix . oval:org.secpod.oval:def:68295 A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. oval:org.secpod.oval:def:68298 A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. oval:org.secpod.oval:def:603514 Several heap buffer overflows were found in discount, an implementation of the Markdown markup language, that could be triggered witth specially crafted Markdown data and would cause discount to read past the end of internal buffers. oval:org.secpod.oval:def:2000098 Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. oval:org.secpod.oval:def:603460 A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played. oval:org.secpod.oval:def:2001427 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. oval:org.secpod.oval:def:2001020 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2001449 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:603540 Several vulnerabilities were discovered in tinc, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16738 Michael Yonli discovered a flaw in the implementation of the authentication protocol that could allow a remote attack ... oval:org.secpod.oval:def:2001047 libvips before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. oval:org.secpod.oval:def:2001551 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. oval:org.secpod.oval:def:2000219 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. oval:org.secpod.oval:def:2000290 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. oval:org.secpod.oval:def:2001186 In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001178 The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2000723 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:2000735 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. oval:org.secpod.oval:def:2000704 Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from an ... oval:org.secpod.oval:def:603275 Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ... oval:org.secpod.oval:def:2000792 There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000312 There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. Th ... oval:org.secpod.oval:def:2000751 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. oval:org.secpod.oval:def:2000391 In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion capability of various XML parsers. UIMA as part of its configura ... oval:org.secpod.oval:def:2000383 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:2001203 The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of C ... oval:org.secpod.oval:def:2000346 In SWFTools, a memcpy buffer overflow was found in swfc. oval:org.secpod.oval:def:603330 Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ... oval:org.secpod.oval:def:2000881 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000023 In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000014 improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt oval:org.secpod.oval:def:2001324 The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2001317 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000919 In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001426 The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. oval:org.secpod.oval:def:2000508 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000169 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, a ... oval:org.secpod.oval:def:2001491 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. oval:org.secpod.oval:def:2000113 A stack-based buffer overflow in the find_green function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. oval:org.secpod.oval:def:603548 Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:603558 The update of Graphicsmagick in DSA-4321-1 introduced a change in the handling of case-sensitivity in an internal API function which could affect some code built against the GraphicsMagick libraries. This update restores the previous behaviour. oval:org.secpod.oval:def:2001082 GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:603585 It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:2001060 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000191 There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. oval:org.secpod.oval:def:2001046 The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:603142 It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. oval:org.secpod.oval:def:603138 Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code. CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687 WangLin discovered that a crafted .xps file can crash MuPDF and potentially execute arbitrary code in sev ... oval:org.secpod.oval:def:2000691 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001552 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:2001515 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. oval:org.secpod.oval:def:2000649 In Long Range Zip 0.631, there is a use-after-free in the ucompthread function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2000660 In Long Range Zip 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. oval:org.secpod.oval:def:2000620 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" c ... oval:org.secpod.oval:def:2000291 SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. oval:org.secpod.oval:def:2001599 i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is n ... oval:org.secpod.oval:def:2000280 batteriesConfig.mlp in OCaml Batteries Included 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000278 The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:2001593 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:2000700 In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. oval:org.secpod.oval:def:2000334 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. oval:org.secpod.oval:def:2000305 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonst ... oval:org.secpod.oval:def:2000303 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot"s use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt th ... oval:org.secpod.oval:def:2001622 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c ... oval:org.secpod.oval:def:2000781 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000760 liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash or possibly have unspecified other impact. oval:org.secpod.oval:def:2000386 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. oval:org.secpod.oval:def:2001200 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. oval:org.secpod.oval:def:2000834 The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service via an empty field that should have contained a hostname or IP address. oval:org.secpod.oval:def:2000894 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. oval:org.secpod.oval:def:2001391 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:2000488 A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. oval:org.secpod.oval:def:2000467 DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. oval:org.secpod.oval:def:2000922 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack. oval:org.secpod.oval:def:2000931 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. oval:org.secpod.oval:def:2000571 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ... oval:org.secpod.oval:def:2000583 glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start ... oval:org.secpod.oval:def:2000577 The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2000550 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PNG file. oval:org.secpod.oval:def:2000544 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." oval:org.secpod.oval:def:2000559 realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service via a crafted iso file. oval:org.secpod.oval:def:2000523 The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000984 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create ... oval:org.secpod.oval:def:2000983 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a." oval:org.secpod.oval:def:2000149 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000146 Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:2001014 In SWFTools, an address access exception was found in swfdump swf_GetBits. oval:org.secpod.oval:def:2000110 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono function in lib/wav.c. oval:org.secpod.oval:def:2000594 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. oval:org.secpod.oval:def:2001441 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. oval:org.secpod.oval:def:2001085 The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001052 It was found that the "mknod" call derived from mknod can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. oval:org.secpod.oval:def:2001546 In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity attacks, as demonstrated by /ServerView. oval:org.secpod.oval:def:2001533 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. oval:org.secpod.oval:def:2001536 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. oval:org.secpod.oval:def:2001539 An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. oval:org.secpod.oval:def:2001526 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service via a crafted WAV file. oval:org.secpod.oval:def:2000675 An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerab ... oval:org.secpod.oval:def:2000646 In Long Range Zip 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:2000659 SSRF issue oval:org.secpod.oval:def:2000293 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2001132 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596." oval:org.secpod.oval:def:2001113 In SWFTools, a memcpy buffer overflow was found in gif2swf. oval:org.secpod.oval:def:2001101 rbenv is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution oval:org.secpod.oval:def:2001567 In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. oval:org.secpod.oval:def:2001575 SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. oval:org.secpod.oval:def:2002030 In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. oval:org.secpod.oval:def:2000738 print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted iso file. oval:org.secpod.oval:def:2000736 In SWFTools, a stack overflow was found in pdf2swf. oval:org.secpod.oval:def:2000731 When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load function in lib/png.c. oval:org.secpod.oval:def:2000706 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. oval:org.secpod.oval:def:2000702 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. oval:org.secpod.oval:def:2000718 It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. oval:org.secpod.oval:def:2000332 A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. oval:org.secpod.oval:def:2001620 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate function in lib/modules/swftools.c. oval:org.secpod.oval:def:2001625 When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup function in lib/q.c. oval:org.secpod.oval:def:2001628 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. oval:org.secpod.oval:def:2000769 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer si ... oval:org.secpod.oval:def:2000765 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter function in lib/modules/swffilter.c. oval:org.secpod.oval:def:2001614 SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS . oval:org.secpod.oval:def:2001603 SQL injection in multiple remote calls oval:org.secpod.oval:def:2001268 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by s ... oval:org.secpod.oval:def:602979 It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration. oval:org.secpod.oval:def:2001274 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. oval:org.secpod.oval:def:2000394 When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite function in lib/rxfswf.c. oval:org.secpod.oval:def:2001253 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF oval:org.secpod.oval:def:2001239 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1(POI bugs 61338 and 61294 oval:org.secpod.oval:def:2001213 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. oval:org.secpod.oval:def:603357 Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys. oval:org.secpod.oval:def:603386 Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. oval:org.secpod.oval:def:2000831 The Htpasswd authentication source in the authcrypt module and SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. oval:org.secpod.oval:def:2000875 The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000055 A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. oval:org.secpod.oval:def:2001387 In SWFTools, a memory leak was found in wav2swf. oval:org.secpod.oval:def:2001368 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer ... oval:org.secpod.oval:def:2000043 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. oval:org.secpod.oval:def:2001359 A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. oval:org.secpod.oval:def:2000037 It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. oval:org.secpod.oval:def:2001350 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. oval:org.secpod.oval:def:2000015 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on ... oval:org.secpod.oval:def:2000475 mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:2001322 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." oval:org.secpod.oval:def:2000093 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:603456 Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files may result in the execution of arbitrary code. oval:org.secpod.oval:def:2000966 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access ... oval:org.secpod.oval:def:603494 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. oval:org.secpod.oval:def:2001423 soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. oval:org.secpod.oval:def:2000537 TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/ ... oval:org.secpod.oval:def:2000517 OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. oval:org.secpod.oval:def:2001480 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:603549 Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:2001093 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. oval:org.secpod.oval:def:2001070 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. oval:org.secpod.oval:def:2001055 There is a NULL Pointer Dereference in the function ll_insert of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2000610 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:2000218 In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:2001541 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001151 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service . The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list ... oval:org.secpod.oval:def:2001138 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:2001585 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000256 Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to m_offsets.size. oval:org.secpod.oval:def:2000243 The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. oval:org.secpod.oval:def:2001181 MathJax version prior to version 2.7.4 contains a Cross Site Scripting vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed us ... oval:org.secpod.oval:def:2000739 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. oval:org.secpod.oval:def:2000717 The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service , as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000327 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are bui ... oval:org.secpod.oval:def:2000798 The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000782 An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. oval:org.secpod.oval:def:2001616 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. oval:org.secpod.oval:def:2000755 In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. oval:org.secpod.oval:def:2001284 The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000835 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. oval:org.secpod.oval:def:603392 Albert Dengg discovered that incorrect parsing of <stream:error> messages in the Prosody Jabber/XMPP server may result in denial of service. The oldstable distribution is not affected. oval:org.secpod.oval:def:2000816 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulner ... oval:org.secpod.oval:def:2000450 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000435 ppc64: sPAPR emulator leaks the host hardware identity oval:org.secpod.oval:def:2000891 The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact, as demonstrated by SoundStretch. oval:org.secpod.oval:def:2000407 Vulnerability in the MySQL Workbench component of Oracle MySQL . Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnera ... oval:org.secpod.oval:def:2000416 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF file. oval:org.secpod.oval:def:2000057 xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service oval:org.secpod.oval:def:603943 Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution or denial of service via invalid encoding . oval:org.secpod.oval:def:2000029 Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. oval:org.secpod.oval:def:2001375 Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:2000036 URI_FUNC in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. oval:org.secpod.oval:def:2000473 The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000961 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. oval:org.secpod.oval:def:2000905 In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specifi ... oval:org.secpod.oval:def:2000512 PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. oval:org.secpod.oval:def:2001027 A race condition in Guacamole"s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a ... oval:org.secpod.oval:def:2000174 In LibSass prior to 3.5.5, Sass::Eval::operator inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of "%" as a modulo operator in parser.cpp. oval:org.secpod.oval:def:2001022 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp may cause a Denial of Service via a crafted sass input file. oval:org.secpod.oval:def:2000107 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import, a similar issue to CVE-2018-11693. oval:org.secpod.oval:def:2000119 An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:603106 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. oval:org.secpod.oval:def:2001065 An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. oval:org.secpod.oval:def:603143 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. oval:org.secpod.oval:def:2001545 In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:2000273 In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. oval:org.secpod.oval:def:603206 It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys. oval:org.secpod.oval:def:2000722 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. oval:org.secpod.oval:def:603278 Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ... oval:org.secpod.oval:def:2000398 An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. oval:org.secpod.oval:def:2001246 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. oval:org.secpod.oval:def:2000387 In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. oval:org.secpod.oval:def:2000349 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:603399 OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response. oval:org.secpod.oval:def:44752 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. oval:org.secpod.oval:def:44754 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44755 In the cron package through 3.0pl1-128 on Debian, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:2001347 An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2004821 A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. oval:org.secpod.oval:def:603445 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite lo ... oval:org.secpod.oval:def:2000942 In the GNU C Library through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HT ... oval:org.secpod.oval:def:2000565 Heap-based buffer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. oval:org.secpod.oval:def:2000524 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:50202 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:2000180 slirp: heap buffer overflow in tcp_emu oval:org.secpod.oval:def:2000125 An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. oval:org.secpod.oval:def:603546 Frediano Ziglio reported a missing check in the script to generate demarshalling code in the SPICE protocol client and server library. The generated demarshalling code is prone to multiple buffer overflows. An authenticated attacker can take advantage of this flaw to cause a denial of service , or p ... oval:org.secpod.oval:def:603530 Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and du ... oval:org.secpod.oval:def:603567 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated ins ... oval:org.secpod.oval:def:603584 It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass. oval:org.secpod.oval:def:603581 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv l ... oval:org.secpod.oval:def:2001051 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. oval:org.secpod.oval:def:604462 User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi , which also affected the Neovim fork, an extensible editor focused on modern code and features: Editors typically provide a way to embed editor configuration commands which are executed once a file ... oval:org.secpod.oval:def:2000693 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. oval:org.secpod.oval:def:2000692 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. oval:org.secpod.oval:def:2000689 It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user , a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other ser ... oval:org.secpod.oval:def:2001514 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan. oval:org.secpod.oval:def:2001140 There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. oval:org.secpod.oval:def:2000267 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. oval:org.secpod.oval:def:2000279 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming. oval:org.secpod.oval:def:2001584 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:2001571 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ... oval:org.secpod.oval:def:2000224 hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to a use-after-free outcome. oval:org.secpod.oval:def:2001169 Integer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to cause a denial of service via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. oval:org.secpod.oval:def:2001176 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:604565 It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows. CVE-2019-10092 Matei quot;Malquot; Badanoiu reported a limited cr ... oval:org.secpod.oval:def:2000336 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. oval:org.secpod.oval:def:2000780 In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. oval:org.secpod.oval:def:2001272 An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. oval:org.secpod.oval:def:2000382 Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service via a crafted image file, a different vulnerability than CVE-2018-10999. oval:org.secpod.oval:def:2004720 An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. oval:org.secpod.oval:def:603336 A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002 oval:org.secpod.oval:def:2000825 makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. oval:org.secpod.oval:def:2000805 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2001301 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. oval:org.secpod.oval:def:2001306 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. oval:org.secpod.oval:def:2003969 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulner ... oval:org.secpod.oval:def:2003971 A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability i ... oval:org.secpod.oval:def:2000455 libvterm through 0+bzr726, as used in Vim and other products, ... oval:org.secpod.oval:def:2003945 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects ... oval:org.secpod.oval:def:2000885 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. oval:org.secpod.oval:def:2000420 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:603929 A vulnerability was found in the WPA protocol implementation found in wpa_supplication and hostapd . The EAP-pwd implementation in hostapd and wpa_supplicant doesn"t properly validate fragmentation reassembly state when receiving an unexpected fragment. This could lead to a process crash due to a ... oval:org.secpod.oval:def:603949 The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue. oval:org.secpod.oval:def:603947 User Arminius discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi . The Common vulnerabilities and exposures project identifies the following problem: Editors typically provide a way to embed editor configuration commands which are executed once a file is opened, w ... oval:org.secpod.oval:def:2001370 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executio ... oval:org.secpod.oval:def:2000039 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:2000006 An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. oval:org.secpod.oval:def:2000004 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000020 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, ... oval:org.secpod.oval:def:2001326 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2004825 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. oval:org.secpod.oval:def:2001319 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:2004025 rom_copy in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. oval:org.secpod.oval:def:2004010 QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data"s address set to the e1000e"s MMIO address. oval:org.secpod.oval:def:2004013 This CVE is missing description oval:org.secpod.oval:def:2004012 hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. oval:org.secpod.oval:def:2004017 QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. oval:org.secpod.oval:def:603432 Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ... oval:org.secpod.oval:def:603484 Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. CVE-2018-10925 It was discovered that some CREATE TABLE statements could disclose server memory. For additional info ... oval:org.secpod.oval:def:2000089 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:2000085 A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service and Information Disclosure . oval:org.secpod.oval:def:603499 Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server. oval:org.secpod.oval:def:2000979 Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb in user.c. oval:org.secpod.oval:def:2000927 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. oval:org.secpod.oval:def:2004046 A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sen ... oval:org.secpod.oval:def:2000111 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. oval:org.secpod.oval:def:2000595 Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU allows local guest OS users to cause a denial of service via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. oval:org.secpod.oval:def:2001507 The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. oval:org.secpod.oval:def:2000270 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. oval:org.secpod.oval:def:2000727 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site ... oval:org.secpod.oval:def:2000318 Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service and possibly execute arbitrary code via huge allocation. oval:org.secpod.oval:def:2000764 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service as demonstrated in a large number of . oval:org.secpod.oval:def:2001254 JavaScriptCore in WebKit allows attackers to cause a denial of service via a crafted Javascript file. oval:org.secpod.oval:def:2000446 Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU allows local guest OS users to cause a denial of service via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. oval:org.secpod.oval:def:2001341 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. oval:org.secpod.oval:def:2001401 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To tri ... oval:org.secpod.oval:def:2001410 LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. oval:org.secpod.oval:def:2000185 In Open vSwitch v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. oval:org.secpod.oval:def:2001497 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. oval:org.secpod.oval:def:2001463 In Open vSwitch 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. oval:org.secpod.oval:def:2000135 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash . This occurs because "\0" characters are incorrec ... oval:org.secpod.oval:def:2000596 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. oval:org.secpod.oval:def:2001451 Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. oval:org.secpod.oval:def:2000586 OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. oval:org.secpod.oval:def:2001437 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. oval:org.secpod.oval:def:2001091 poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash when parsing an invalid PDF file. oval:org.secpod.oval:def:603108 Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened. oval:org.secpod.oval:def:603571 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/ https://mariad ... oval:org.secpod.oval:def:2001048 In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. oval:org.secpod.oval:def:603127 Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, re ... oval:org.secpod.oval:def:603128 Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure. oval:org.secpod.oval:def:603123 Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP ser ... oval:org.secpod.oval:def:603120 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has n ... oval:org.secpod.oval:def:603118 An integer overflow vulnerability was discovered in decode_digit in libidn2-0, the GNU library for Internationalized Domain Names , allowing a remote attacker to cause a denial of service against an application using the library . oval:org.secpod.oval:def:603119 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ... oval:org.secpod.oval:def:603116 Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbit ... oval:org.secpod.oval:def:603114 Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ... oval:org.secpod.oval:def:603115 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed. oval:org.secpod.oval:def:603148 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603140 Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server. oval:org.secpod.oval:def:603139 Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read. oval:org.secpod.oval:def:603132 Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:603131 Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ... oval:org.secpod.oval:def:603166 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ... oval:org.secpod.oval:def:603155 Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-10965 Brian "geeknik" Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with inv ... oval:org.secpod.oval:def:603180 A use-after-free vulnerability was discovered in XML::LibXML, a Perl interface to the libxml2 library, allowing an attacker to execute arbitrary code by controlling the arguments to a replaceChild call. oval:org.secpod.oval:def:603183 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ... oval:org.secpod.oval:def:603179 Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail"s formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss. oval:org.secpod.oval:def:603174 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy. oval:org.secpod.oval:def:2001548 A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. oval:org.secpod.oval:def:2000698 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. oval:org.secpod.oval:def:2001148 An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. oval:org.secpod.oval:def:2000283 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. oval:org.secpod.oval:def:2000248 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. oval:org.secpod.oval:def:603209 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603204 Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:603225 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses. oval:org.secpod.oval:def:603248 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:603249 It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of ... oval:org.secpod.oval:def:603242 The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. oval:org.secpod.oval:def:2001159 TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. oval:org.secpod.oval:def:603234 Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named. oval:org.secpod.oval:def:603267 Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message. oval:org.secpod.oval:def:603255 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:603272 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ... oval:org.secpod.oval:def:2000784 In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. oval:org.secpod.oval:def:2001621 In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. oval:org.secpod.oval:def:602954 The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/ ... oval:org.secpod.oval:def:2000740 A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. oval:org.secpod.oval:def:602966 Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ... oval:org.secpod.oval:def:602967 Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ... oval:org.secpod.oval:def:602962 Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-75 ... oval:org.secpod.oval:def:602995 An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. oval:org.secpod.oval:def:602996 Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol client and server library which may result in memory disclosure, denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603342 Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service. oval:org.secpod.oval:def:2001279 gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service via vectors related to printing an error message. oval:org.secpod.oval:def:2000818 An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. oval:org.secpod.oval:def:603094 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603099 Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. oval:org.secpod.oval:def:603097 An information disclosure vulnerability was discovered in the Service Discovery Protocol in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys. oval:org.secpod.oval:def:603096 Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data . oval:org.secpod.oval:def:2000061 A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. oval:org.secpod.oval:def:2001377 In lib/conntrack.c in the firewall implementation in Open vSwitch 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. oval:org.secpod.oval:def:2001353 In Open vSwitch 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. oval:org.secpod.oval:def:68291 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with n ... oval:org.secpod.oval:def:68292 Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak. oval:org.secpod.oval:def:2000090 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in libraw-dev 0.18.2. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:603028 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases. oval:org.secpod.oval:def:603016 It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives . Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely. oval:org.secpod.oval:def:603013 Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type "Digest" between successive key=value assignments, leading to information disclosure or denial of service. oval:org.secpod.oval:def:603012 This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EP ... oval:org.secpod.oval:def:603048 It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command. oval:org.secpod.oval:def:603049 Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ... oval:org.secpod.oval:def:603047 Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All thos ... oval:org.secpod.oval:def:603045 Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ... oval:org.secpod.oval:def:603043 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ... oval:org.secpod.oval:def:603033 Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side. oval:org.secpod.oval:def:603064 Han Han of Red Hat discovered that augeas, a configuration editing tool, improperly handled some escaped strings. A remote attacker could leverage this flaw by sending maliciously crafted strings, thus causing an augeas-enabled application to crash or potentially execute arbitrary code. oval:org.secpod.oval:def:603065 Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS with craft KDC or TIFF file. oval:org.secpod.oval:def:603050 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:603057 It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code. oval:org.secpod.oval:def:603052 Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. oval:org.secpod.oval:def:603086 A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process cr ... oval:org.secpod.oval:def:603085 A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. oval:org.secpod.oval:def:603075 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.26. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/ https://mariad ... oval:org.secpod.oval:def:2001422 An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. oval:org.secpod.oval:def:2000573 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." oval:org.secpod.oval:def:2000570 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in __zzip_fetch_disk_trailer . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2001411 It was found that sssd"s sysdb_search_user_by_upn_res function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this f ... oval:org.secpod.oval:def:2001407 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows ... oval:org.secpod.oval:def:2000555 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. oval:org.secpod.oval:def:2000507 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. oval:org.secpod.oval:def:2000518 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000994 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. oval:org.secpod.oval:def:2000177 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. oval:org.secpod.oval:def:2000168 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000156 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2001494 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001013 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000129 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. oval:org.secpod.oval:def:2000127 An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. oval:org.secpod.oval:def:2001473 An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2001476 In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001460 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000138 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. oval:org.secpod.oval:def:2000109 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. oval:org.secpod.oval:def:2000106 An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. oval:org.secpod.oval:def:2000105 ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. oval:org.secpod.oval:def:2001434 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData function. oval:org.secpod.oval:def:2001443 ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. oval:org.secpod.oval:def:2001073 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. oval:org.secpod.oval:def:2001062 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. oval:org.secpod.oval:def:2000194 An error within the "LibRaw::unpack" function in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. oval:org.secpod.oval:def:2000190 lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for PyCrypto"s ElGamal implementation. oval:org.secpod.oval:def:2000608 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." oval:org.secpod.oval:def:2000606 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000617 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. oval:org.secpod.oval:def:603156 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:603170 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed. oval:org.secpod.oval:def:2001543 NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. oval:org.secpod.oval:def:2000204 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000686 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service , related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. oval:org.secpod.oval:def:2001542 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned ... oval:org.secpod.oval:def:2001523 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000682 ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. oval:org.secpod.oval:def:2001500 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. oval:org.secpod.oval:def:2000641 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000661 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. oval:org.secpod.oval:def:2000638 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service via a crafted PDF file, as demonstrated by pdftops. oval:org.secpod.oval:def:2000295 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. oval:org.secpod.oval:def:2001144 An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw" function in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. oval:org.secpod.oval:def:2001145 ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. oval:org.secpod.oval:def:2001125 An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. oval:org.secpod.oval:def:2000271 An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. oval:org.secpod.oval:def:2001131 An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. oval:org.secpod.oval:def:2000269 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service. oval:org.secpod.oval:def:2000268 In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001115 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. oval:org.secpod.oval:def:2001117 ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. oval:org.secpod.oval:def:2000282 An error within the "kodak_radc_load_raw" function related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. oval:org.secpod.oval:def:2001121 In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. oval:org.secpod.oval:def:2001122 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2001104 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2001588 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. oval:org.secpod.oval:def:2001592 In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2001597 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:2001577 ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. oval:org.secpod.oval:def:2000262 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. oval:org.secpod.oval:def:2001586 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. oval:org.secpod.oval:def:603205 It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file. oval:org.secpod.oval:def:603229 Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. oval:org.secpod.oval:def:603224 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:603219 Gabriel Corona reported that sensible-browser from sensible-utils, a collection of small utilities used to sensibly select and spawn an appropriate browser, editor or pager, does not validate strings before launching the program specified by the BROWSER environment variable, potentially allowing a r ... oval:org.secpod.oval:def:603214 Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. oval:org.secpod.oval:def:2001177 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite lo ... oval:org.secpod.oval:def:603235 Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running. oval:org.secpod.oval:def:2001161 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. oval:org.secpod.oval:def:2001162 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. oval:org.secpod.oval:def:603268 Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document. oval:org.secpod.oval:def:2000728 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:603266 Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. oval:org.secpod.oval:def:603251 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ... oval:org.secpod.oval:def:603250 Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. This update also fixes a regression in the handling of Type 3 fonts. oval:org.secpod.oval:def:603296 Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ... oval:org.secpod.oval:def:2000335 libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. oval:org.secpod.oval:def:2000787 An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. oval:org.secpod.oval:def:2001627 An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service via a crafted .asf file. oval:org.secpod.oval:def:2000778 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .avi file. oval:org.secpod.oval:def:2001604 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000761 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000389 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000388 An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, an ... oval:org.secpod.oval:def:2001240 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. oval:org.secpod.oval:def:2001202 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:603404 The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ... oval:org.secpod.oval:def:603409 Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ... oval:org.secpod.oval:def:603308 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ... oval:org.secpod.oval:def:603302 Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ... oval:org.secpod.oval:def:603309 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ... oval:org.secpod.oval:def:603329 It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603317 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. oval:org.secpod.oval:def:603315 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions. oval:org.secpod.oval:def:603312 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:603313 Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. oval:org.secpod.oval:def:603341 James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that m ... oval:org.secpod.oval:def:603337 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt oval:org.secpod.oval:def:603335 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:603333 It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code. oval:org.secpod.oval:def:2001292 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2001293 An error related to the "LibRaw::panasonic_load_raw" function in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. oval:org.secpod.oval:def:2001282 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000844 An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject function in libqpdf/QPDFWriter.cc. oval:org.secpod.oval:def:2000856 ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. oval:org.secpod.oval:def:603377 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation. oval:org.secpod.oval:def:2000807 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2000464 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000427 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. oval:org.secpod.oval:def:2000406 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000883 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:2000866 In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. oval:org.secpod.oval:def:2000882 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. oval:org.secpod.oval:def:2000877 The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could ... oval:org.secpod.oval:def:2000046 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001356 In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data. oval:org.secpod.oval:def:2001360 An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. oval:org.secpod.oval:def:2001366 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demon ... oval:org.secpod.oval:def:2000012 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loo ... oval:org.secpod.oval:def:2001346 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. oval:org.secpod.oval:def:603500 Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. oval:org.secpod.oval:def:2000022 An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. oval:org.secpod.oval:def:2000021 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:2001342 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001344 In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2001325 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers ... oval:org.secpod.oval:def:603526 It was discovered that Archive::Zip, a perl module for manipulation of ZIP archives, is prone to a directory traversal vulnerability. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite arbitrary files during archive extraction. oval:org.secpod.oval:def:2000471 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. oval:org.secpod.oval:def:2001331 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:2000466 An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. oval:org.secpod.oval:def:603516 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we"re now ... oval:org.secpod.oval:def:2001320 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. oval:org.secpod.oval:def:2000476 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. oval:org.secpod.oval:def:603428 Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive. oval:org.secpod.oval:def:603424 Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ... oval:org.secpod.oval:def:603422 Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious c ... oval:org.secpod.oval:def:603420 Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ... oval:org.secpod.oval:def:603421 Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:603418 Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached triggered by specially crafted ... oval:org.secpod.oval:def:603440 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure. oval:org.secpod.oval:def:2000099 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ... oval:org.secpod.oval:def:603450 Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids: CVE-2017-15400 Rory McNamara discovered that an attacker is able to execute arbitrary commands by setting a malicious IPP server with a crafted PPD file. C ... oval:org.secpod.oval:def:2000074 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line in pch.c can possibly lead to DoS via a crafted input file. oval:org.secpod.oval:def:2000071 NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. oval:org.secpod.oval:def:2000082 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. oval:org.secpod.oval:def:2000969 An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service via crafted XMP data in a .qt file. oval:org.secpod.oval:def:2000965 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. oval:org.secpod.oval:def:2000948 The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqp ... oval:org.secpod.oval:def:2000941 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. oval:org.secpod.oval:def:2000926 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000936 In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:2000930 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ... oval:org.secpod.oval:def:2000912 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp. oval:org.secpod.oval:def:2000910 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore fun ... oval:org.secpod.oval:def:2000526 In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. oval:org.secpod.oval:def:2000520 An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. oval:org.secpod.oval:def:2000536 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. oval:org.secpod.oval:def:2000535 Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. oval:org.secpod.oval:def:2000519 An infinite loop when reaching EOL unexpectedly in compose/parser.c in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. oval:org.secpod.oval:def:2000997 Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. oval:org.secpod.oval:def:2001033 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:603605 The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocas and an out-of-bounds read flaw leading to an information leak , could allow an attacker to cause a denial of service or the execution of arbitrary code. Fur ... oval:org.secpod.oval:def:603602 It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework. oval:org.secpod.oval:def:2001466 An error within the "rollei_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. oval:org.secpod.oval:def:2000126 An integer overflow error within the "parse_qt" function in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. oval:org.secpod.oval:def:603617 Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. oval:org.secpod.oval:def:2000112 Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. oval:org.secpod.oval:def:2001440 An error within the "nikon_coolscan_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. oval:org.secpod.oval:def:603547 Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor"s link dialogue. This only affects installations which have set up fckeditor . oval:org.secpod.oval:def:603542 Magnus Klaaborg Stubman discovered a NULL pointer dereference bug in net-snmp, a suite of Simple Network Management Protocol applications, allowing a remote, authenticated attacker to crash the snmpd process . oval:org.secpod.oval:def:603538 Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process. oval:org.secpod.oval:def:603537 Google"s OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 . An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and su ... oval:org.secpod.oval:def:603565 Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 or server memory disclosure in the ngx_http_mp4_module module . oval:org.secpod.oval:def:603562 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If ... oval:org.secpod.oval:def:603554 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603550 Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS mes ... oval:org.secpod.oval:def:2001088 Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. oval:org.secpod.oval:def:603576 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME ... oval:org.secpod.oval:def:603575 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for stretch to the upstream version 9.26 which includes a ... oval:org.secpod.oval:def:2001049 Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. oval:org.secpod.oval:def:603113 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote at ... oval:org.secpod.oval:def:2001043 In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${...} on an empty array result. oval:org.secpod.oval:def:2000612 Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. oval:org.secpod.oval:def:2000696 WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. oval:org.secpod.oval:def:2000672 An error within the "nikon_coolscan_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. oval:org.secpod.oval:def:2000680 The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. oval:org.secpod.oval:def:2001509 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. oval:org.secpod.oval:def:2000644 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structu ... oval:org.secpod.oval:def:2000623 pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. oval:org.secpod.oval:def:2001130 An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. oval:org.secpod.oval:def:2000247 An error within the "parse_minolta" function in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. oval:org.secpod.oval:def:2001554 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and includ ... oval:org.secpod.oval:def:604504 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs. In addition this update fixes a regression which could cause NBD connections to hang. oval:org.secpod.oval:def:603240 Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation. oval:org.secpod.oval:def:603236 It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened. oval:org.secpod.oval:def:603262 Two vulnerabilities were discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. oval:org.secpod.oval:def:603290 Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution. oval:org.secpod.oval:def:2000311 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. oval:org.secpod.oval:def:2000772 The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. oval:org.secpod.oval:def:2000745 Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. oval:org.secpod.oval:def:602975 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ... oval:org.secpod.oval:def:2001271 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. oval:org.secpod.oval:def:2001260 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... oval:org.secpod.oval:def:2001266 Cache side-channel variant of the Bleichenbacher attack oval:org.secpod.oval:def:2000392 Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on th ... oval:org.secpod.oval:def:2000347 Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upo ... oval:org.secpod.oval:def:2000364 In GNOME GLib 2.56.1, g_markup_parse_context_end_parse in gmarkup.c has a NULL pointer dereference. oval:org.secpod.oval:def:2000363 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are beli ... oval:org.secpod.oval:def:603354 A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context. oval:org.secpod.oval:def:603395 Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ... oval:org.secpod.oval:def:2000801 An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. oval:org.secpod.oval:def:2001302 An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. oval:org.secpod.oval:def:50175 In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. oval:org.secpod.oval:def:50176 In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. oval:org.secpod.oval:def:50177 In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. oval:org.secpod.oval:def:2000431 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse in gmarkup.c, related to utf8_str. oval:org.secpod.oval:def:2000864 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. oval:org.secpod.oval:def:603916 Dean Rasheed discovered that row security policies in the PostgreSQL database system could be bypassed. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1939/ oval:org.secpod.oval:def:2001389 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. oval:org.secpod.oval:def:2000068 An error within the "samsung_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. oval:org.secpod.oval:def:2000063 In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. oval:org.secpod.oval:def:2001388 Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. oval:org.secpod.oval:def:2000496 ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. oval:org.secpod.oval:def:603506 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Firefox. Support for the 52.x series has ended, so starting ... oval:org.secpod.oval:def:603504 Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems. See https://curl.haxx.se/docs/CVE-2018-14618.html for more information. oval:org.secpod.oval:def:603524 Nick Roessler from the University of Pennsylvania has found a buffer overflow in texlive-bin, the executables for TexLive, the popular distribution of TeX document production system. This buffer overflow can be used for arbitrary code execution by crafting a special type1 font and provide it to use ... oval:org.secpod.oval:def:603529 Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code and local information disclosure. oval:org.secpod.oval:def:2000477 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fil ... oval:org.secpod.oval:def:603444 It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read. oval:org.secpod.oval:def:603433 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. oval:org.secpod.oval:def:2000076 Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file. oval:org.secpod.oval:def:603486 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-10858 Svyatoslav Phirsov discovered that insufficient input validation in libsmbclient allowed a malici ... oval:org.secpod.oval:def:603473 Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code. oval:org.secpod.oval:def:2000954 A buffer underwrite vulnerability in get_line in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. oval:org.secpod.oval:def:2000921 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-31 ... oval:org.secpod.oval:def:2000902 Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. oval:org.secpod.oval:def:2000574 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. oval:org.secpod.oval:def:2000546 There is an illegal WRITE memory access at common-image.c in libcaca-dev 0.99.beta19 for 1bpp data. oval:org.secpod.oval:def:2000554 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ... oval:org.secpod.oval:def:50201 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50203 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50204 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:2000186 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. oval:org.secpod.oval:def:603600 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:2000163 libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes that can result in a crash . This attack appears to be exploitable via the victim opening a special ... oval:org.secpod.oval:def:2001484 NULL pointer dereference in several CMS functions resulting in a denial of service oval:org.secpod.oval:def:603627 Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:603622 Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell comman ... oval:org.secpod.oval:def:603623 Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document. oval:org.secpod.oval:def:603628 halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in ... oval:org.secpod.oval:def:603629 Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could ... oval:org.secpod.oval:def:2001456 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. oval:org.secpod.oval:def:603616 Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service , or possibly, execution of arbitrary code. oval:org.secpod.oval:def:603611 Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn"t properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mi ... oval:org.secpod.oval:def:603612 Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . oval:org.secpod.oval:def:603619 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell c ... oval:org.secpod.oval:def:603618 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. oval:org.secpod.oval:def:2000139 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys oval:org.secpod.oval:def:603644 The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those. oval:org.secpod.oval:def:603643 Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus. oval:org.secpod.oval:def:603637 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:603638 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. oval:org.secpod.oval:def:2000120 Zone transfer controls for writable DLZ zones were not effective oval:org.secpod.oval:def:603630 Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows ... oval:org.secpod.oval:def:603566 Multiple security issues have been found in Thunderbird: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603552 Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure. oval:org.secpod.oval:def:603588 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy. oval:org.secpod.oval:def:2001066 There is an illegal READ memory access at caca/dither.c in libcaca-dev 0.99.beta19 for 24bpp data. oval:org.secpod.oval:def:603597 Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service. oval:org.secpod.oval:def:2000615 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:2000673 An issue was discovered in Open vSwitch 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comman ... oval:org.secpod.oval:def:2000666 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. oval:org.secpod.oval:def:2000655 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. oval:org.secpod.oval:def:2000654 In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018 ... oval:org.secpod.oval:def:2000288 There is an illegal WRITE memory access at common-image.c in libcaca-dev 0.99.beta19 for 4bpp data. oval:org.secpod.oval:def:2001594 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user"s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. oval:org.secpod.oval:def:2000261 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in pdfdetach. oval:org.secpod.oval:def:2000239 An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. oval:org.secpod.oval:def:603679 It was found that a security update of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol. oval:org.secpod.oval:def:603677 Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. oval:org.secpod.oval:def:603676 Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare function of ldb, a LDAP-like embedded database, resulting in denial of service. oval:org.secpod.oval:def:2001182 There is an illegal READ memory access at caca/dither.c in libcaca-dev 0.99.beta19 for the default bpp case. oval:org.secpod.oval:def:2001184 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:603258 "landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ... oval:org.secpod.oval:def:2000309 There is an illegal WRITE memory access at caca/file.c in libcaca-dev 0.99.beta19. oval:org.secpod.oval:def:2001615 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:603824 Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure. oval:org.secpod.oval:def:603823 Ross Geerlings discovered that the XMLTooling library didn"t correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling. oval:org.secpod.oval:def:603829 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:2001262 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XM ... oval:org.secpod.oval:def:603846 Jann Horn discovered that the PAM module in systemd insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to client ... oval:org.secpod.oval:def:2004755 In Poppler 0.73.0, a heap-based buffer over-read allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. oval:org.secpod.oval:def:603845 Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares. oval:org.secpod.oval:def:603843 Kusano Kazuhiko discovered a buffer overflow vulnerability in the handling of Internationalized Resource Identifiers in wget, a network utility to retrieve files from the web, which could result in the execution of arbitrary code or denial of service when recursively downloading from an untrusted s ... oval:org.secpod.oval:def:603848 Mathy Vanhoef and Eyal Ronen found multiple vulnerabilities in the WPA implementation found in wpa_supplication and hostapd . These vulnerability are also collectively known as Dragonblood. CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run u ... oval:org.secpod.oval:def:603836 A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of ... oval:org.secpod.oval:def:603833 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:603831 A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation. oval:org.secpod.oval:def:603838 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:2001233 There is floating point exception at caca/dither.c in libcaca-dev 0.99.beta19. oval:org.secpod.oval:def:603851 Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. oval:org.secpod.oval:def:603850 Several vulnerabilities have been discovered in the Rubygems included in the interpreter for the Ruby language, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2000345 avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service and may cause information leakage by obtaining potentially sensitive information from the responding dev ... oval:org.secpod.oval:def:2001285 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards contains a CWE-835: Loop with Unreachable Exit Condition vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE/parse_rockridge that can result in DoS by infinite loop. This attack appears to be exp ... oval:org.secpod.oval:def:2000841 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. oval:org.secpod.oval:def:603372 Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened. oval:org.secpod.oval:def:2000823 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. oval:org.secpod.oval:def:2000897 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. oval:org.secpod.oval:def:2000033 An issue was discovered in Open vSwitch 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. oval:org.secpod.oval:def:2000482 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. oval:org.secpod.oval:def:2004492 Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. oval:org.secpod.oval:def:2001405 The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:2000539 In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. oval:org.secpod.oval:def:2000996 Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. oval:org.secpod.oval:def:2000188 libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service or possibly have unspecified other impact because it tries to decompress twice. oval:org.secpod.oval:def:2001493 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. oval:org.secpod.oval:def:2001479 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. oval:org.secpod.oval:def:2000134 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:2001455 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:2001433 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. oval:org.secpod.oval:def:603544 This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising have been found in the coders for BMP, DIB, PICT, DCM, CUT and PSD. oval:org.secpod.oval:def:603553 It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors. oval:org.secpod.oval:def:2001069 A type confusion error within the "unpacked_load_raw" function within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. oval:org.secpod.oval:def:2000221 An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of ... oval:org.secpod.oval:def:2001527 An error within the "parse_rollei" function within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. oval:org.secpod.oval:def:2000664 A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. oval:org.secpod.oval:def:2000627 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. oval:org.secpod.oval:def:2000632 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service via a crafted PNG file. oval:org.secpod.oval:def:2001111 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:2001565 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. oval:org.secpod.oval:def:2000237 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. oval:org.secpod.oval:def:2001562 In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:2001171 LibRaw::raw2image in libraw_cxx.cpp has a heap-based buffer overflow. oval:org.secpod.oval:def:2001166 LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. oval:org.secpod.oval:def:2000790 LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. oval:org.secpod.oval:def:2000319 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. oval:org.secpod.oval:def:603827 Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup. oval:org.secpod.oval:def:2001238 In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service because ebl_core_note does not reject malformed core file notes. oval:org.secpod.oval:def:603834 It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service. oval:org.secpod.oval:def:2001219 GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. oval:org.secpod.oval:def:2000379 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:603367 The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash. oval:org.secpod.oval:def:2000854 A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. oval:org.secpod.oval:def:2000425 dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603921 Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba"s Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details can be found in the upstream advisory at https://www.samba.org/samba/security/CVE- ... oval:org.secpod.oval:def:603918 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . oval:org.secpod.oval:def:603915 Multiple vulnerabilities were found in the BIND DNS server: CVE-2018-5743 Connection limits were incorrectly enforced. CVE-2018-5745 The managed-keys feature was susceptible to denial of service by triggering an assert. CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for dynamically ... oval:org.secpod.oval:def:2000056 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. oval:org.secpod.oval:def:603946 Samuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. oval:org.secpod.oval:def:603944 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. oval:org.secpod.oval:def:603942 Joe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage of this flaw to bypass authen ... oval:org.secpod.oval:def:2001397 An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes. oval:org.secpod.oval:def:603934 Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that Heimdal was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details on ... oval:org.secpod.oval:def:603937 Hanno Back discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message headers. oval:org.secpod.oval:def:2001384 ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. oval:org.secpod.oval:def:603953 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. oval:org.secpod.oval:def:2001335 An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds r ... oval:org.secpod.oval:def:2001314 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. oval:org.secpod.oval:def:2005357 http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service by returning a crafted response that lacks a space character. oval:org.secpod.oval:def:2005316 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. oval:org.secpod.oval:def:2005313 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. oval:org.secpod.oval:def:2005315 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. oval:org.secpod.oval:def:2005314 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. oval:org.secpod.oval:def:2005302 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. oval:org.secpod.oval:def:2005304 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. oval:org.secpod.oval:def:2000084 An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. oval:org.secpod.oval:def:2000080 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure via a crafted vcf file. oval:org.secpod.oval:def:2000974 An error within the "parse_sinar_ia" function within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. oval:org.secpod.oval:def:2000972 There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000952 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ... oval:org.secpod.oval:def:2004935 tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. oval:org.secpod.oval:def:2004930 Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32 and zipfile.cpp:Zipfile::Zipfile. oval:org.secpod.oval:def:2001004 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c . oval:org.secpod.oval:def:603603 Stephen Roettger discovered a race condition in tmpreaper, a program that cleans up files in directories based on their age, which could result in local privilege escalation. oval:org.secpod.oval:def:2001470 SDL through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. oval:org.secpod.oval:def:59474 A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. oval:org.secpod.oval:def:59475 A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. oval:org.secpod.oval:def:59476 The "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:2000591 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. oval:org.secpod.oval:def:603640 Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn"t honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-20 ... oval:org.secpod.oval:def:604463 Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default configurations where ${sort } expansion is used for items that can be controlled by an ... oval:org.secpod.oval:def:604496 Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file arbitrary commands could get executed. This update removes this feature. oval:org.secpod.oval:def:604493 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-11782 Ace Olszowka reported that the Subversion"s svnserve server process may exit when a well-formed read-only request produc ... oval:org.secpod.oval:def:2000208 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating ... oval:org.secpod.oval:def:2004616 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. oval:org.secpod.oval:def:604511 Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input . A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution ... oval:org.secpod.oval:def:604525 It was discovered that the code fixes for LibreOffice to address CVE-2019-9852 were not complete. Additional information can be found at https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/ oval:org.secpod.oval:def:604524 It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. oval:org.secpod.oval:def:2001197 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. oval:org.secpod.oval:def:604548 It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single ./../ in a file path. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite files if a user is dragging a ... oval:org.secpod.oval:def:604545 Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code. oval:org.secpod.oval:def:604577 A buffer overflow was found in file, a file type classification tool, which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF file is processed. oval:org.secpod.oval:def:604583 A use-after-free was found in libarchive, a multi-format archive and compression library, which could result in denial of service and potentially the execution of arbitrary code is a malformed archive is processed. oval:org.secpod.oval:def:2000763 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. oval:org.secpod.oval:def:2000783 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. oval:org.secpod.oval:def:2000776 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service via the background color index in a GIF file. oval:org.secpod.oval:def:2001214 The DGifDecompressLine function in dgif_lib.c in GIFLIB , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2000850 SDL through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. oval:org.secpod.oval:def:2005259 libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers in libmspack. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d ... oval:org.secpod.oval:def:2000412 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c . oval:org.secpod.oval:def:2000872 University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open in PHP and other products, launches an rsh command without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input and if rsh has been rep ... oval:org.secpod.oval:def:2001371 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. oval:org.secpod.oval:def:2001365 An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a special ... oval:org.secpod.oval:def:604827 Several vulnerabilities have been found in the libtiff5-dev library, which may result in denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:2000086 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. oval:org.secpod.oval:def:2001034 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. oval:org.secpod.oval:def:2004172 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. oval:org.secpod.oval:def:2004179 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file"s parent is a symlink to a directory outside of the intended extraction location. oval:org.secpod.oval:def:2001505 tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. oval:org.secpod.oval:def:2003799 A vulnerability in the Data-Loss-Prevention module in Clam AntiVirus Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabl ... oval:org.secpod.oval:def:2001124 In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. oval:org.secpod.oval:def:604613 Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting. oval:org.secpod.oval:def:2001192 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. oval:org.secpod.oval:def:2001180 An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. oval:org.secpod.oval:def:2004678 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka "Git for Visual Studio Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. oval:org.secpod.oval:def:2004680 A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka "Git for Visual Studio Tampering Vulnerability". oval:org.secpod.oval:def:2004675 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka "Git for Visual Studio Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. oval:org.secpod.oval:def:603291 Two vulnerabilities have been found in Solr, a search server based on Lucene, which could result in the execution of arbitrary code or path traversal. oval:org.secpod.oval:def:2005614 This CVE is missing description oval:org.secpod.oval:def:2005613 Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel Core, Intel Celeron Processor 4000 and 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. oval:org.secpod.oval:def:2005615 This CVE is missing description oval:org.secpod.oval:def:2005609 This CVE is missing description oval:org.secpod.oval:def:2005610 This CVE is missing description oval:org.secpod.oval:def:2005612 This CVE is missing description oval:org.secpod.oval:def:2003890 There is an OS command injection vulnerability in Ruby Rake oval:org.secpod.oval:def:603300 It was discovered that incorrect validation of frame widths in the libvpx multimedia library may result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603327 Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:603311 Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. oval:org.secpod.oval:def:2003944 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. oval:org.secpod.oval:def:44750 tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. oval:org.secpod.oval:def:604804 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:604808 Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in u ... oval:org.secpod.oval:def:604807 Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host. oval:org.secpod.oval:def:604820 A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service . oval:org.secpod.oval:def:2003990 Vulnerability in the MySQL Client product of Oracle MySQL . Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Succ ... oval:org.secpod.oval:def:2003993 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:603517 Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks. oval:org.secpod.oval:def:604795 Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:604786 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:603453 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field. oval:org.secpod.oval:def:2003594 An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. oval:org.secpod.oval:def:2000548 ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. oval:org.secpod.oval:def:2001016 An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. oval:org.secpod.oval:def:2001487 The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This ... oval:org.secpod.oval:def:2004500 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are n ... oval:org.secpod.oval:def:2004104 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server"s TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verificat ... oval:org.secpod.oval:def:2004170 In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android ... oval:org.secpod.oval:def:2004171 An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. oval:org.secpod.oval:def:2004173 In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android I ... oval:org.secpod.oval:def:2004176 This CVE is missing description oval:org.secpod.oval:def:2004175 In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1464289 ... oval:org.secpod.oval:def:2004169 An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. oval:org.secpod.oval:def:2004168 An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. oval:org.secpod.oval:def:2003713 The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communic ... oval:org.secpod.oval:def:2000260 Floating Point Exception in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. oval:org.secpod.oval:def:604551 Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey and it was discovered that a feature of the random number generator intended to protect against shared RNG state between parent and child processes in the ... oval:org.secpod.oval:def:604550 Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. oval:org.secpod.oval:def:2003821 An untrusted pointer dereference flaw was found in Perl-DBI oval:org.secpod.oval:def:2003822 libfreerdp/cache/bitmap.c in FreeRDP versions oval:org.secpod.oval:def:2003825 libfreerdp/codec/planar.c in FreeRDP version oval:org.secpod.oval:def:2003824 libfreerdp/core/update.c in FreeRDP versions oval:org.secpod.oval:def:2003827 libfreerdp/gdi/region.c in FreeRDP versions oval:org.secpod.oval:def:2003826 libfreerdp/gdi/gdi.c in FreeRDP oval:org.secpod.oval:def:2003810 A PGP signature bypass flaw was found in fwupd , which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service is either not implemented or enabled in versions of fwupd shipped wi ... oval:org.secpod.oval:def:2003801 A vulnerability in the ARJ archive parsing module in Clam AntiVirus Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnera ... oval:org.secpod.oval:def:2003800 A vulnerability in the EGG archive parsing module in Clam AntiVirus Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit thi ... oval:org.secpod.oval:def:2003803 A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An a ... oval:org.secpod.oval:def:2003802 A vulnerability in the PDF archive parsing module in Clam AntiVirus Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit thi ... oval:org.secpod.oval:def:2003809 storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation oval:org.secpod.oval:def:2004750 TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System . This attack appear to be exploitable via network connectivity. oval:org.secpod.oval:def:2003875 Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. oval:org.secpod.oval:def:604659 Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. oval:org.secpod.oval:def:2003968 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. oval:org.secpod.oval:def:604834 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:604852 It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. oval:org.secpod.oval:def:604843 Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:604849 Shuaibing Lu discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could result in denial of service when processing specially crafted deb files. oval:org.secpod.oval:def:2001029 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directo ... oval:org.secpod.oval:def:2000133 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:2003644 In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ... oval:org.secpod.oval:def:2003638 In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:603107 It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure , allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbe ... oval:org.secpod.oval:def:603598 Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or memory disclosure if a malformed OLE file is processed. oval:org.secpod.oval:def:2003759 An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to tes ... oval:org.secpod.oval:def:2004252 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116. oval:org.secpod.oval:def:2001188 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:2000307 The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service via a crafted object. oval:org.secpod.oval:def:2003816 A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. oval:org.secpod.oval:def:2004756 The JPXStream::init function in Poppler 0.78.0 and earlier doesn"t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. oval:org.secpod.oval:def:2005611 This CVE is missing description oval:org.secpod.oval:def:603832 Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877 It was possible to bypass the redirect URL checking on logout, so the module could be used as an open redirect facility. CVE-2019-3878 When mod_auth_mellon is used in an Apache con ... oval:org.secpod.oval:def:603855 It was discovered that a buffer overflow in the RTSP parser of the GStreamer media framework may result in the execution of arbitrary code if a malformed RSTP stream is opened. oval:org.secpod.oval:def:2003881 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. oval:org.secpod.oval:def:2003883 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. oval:org.secpod.oval:def:2003882 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. oval:org.secpod.oval:def:2003962 This CVE is missing description oval:org.secpod.oval:def:2003961 This CVE is missing description oval:org.secpod.oval:def:2003946 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. oval:org.secpod.oval:def:2003935 An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace charact ... oval:org.secpod.oval:def:603914 Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets. oval:org.secpod.oval:def:68297 Jeriko One discovered that newsbeuter, a text-mode RSS feed reader, did not properly escape the title and description of a news article when bookmarking it. This allowed a remote attacker to run an arbitrary shell command on the client machine. oval:org.secpod.oval:def:603511 Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened. oval:org.secpod.oval:def:603419 Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents. oval:org.secpod.oval:def:603443 Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program. oval:org.secpod.oval:def:2004453 HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done ... oval:org.secpod.oval:def:2004030 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. oval:org.secpod.oval:def:2001000 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:603137 Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:603177 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. oval:org.secpod.oval:def:2001519 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:2000715 Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. oval:org.secpod.oval:def:2000415 A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. oval:org.secpod.oval:def:2003973 IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively ... oval:org.secpod.oval:def:604851 It was discovered that the SocketServer class included in apache-log4j1.2, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger application by sending a specially crafted log ... oval:org.secpod.oval:def:2005362 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset. oval:org.secpod.oval:def:2001421 SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api. oval:org.secpod.oval:def:2000123 Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. oval:org.secpod.oval:def:604837 Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code execution on salt-api hosts. oval:org.secpod.oval:def:604840 The update for salt-master for the oldstable distribution released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt-master packages are now available to correct this issue. For reference, the original advisory text follows. Several vulnerabilities ... oval:org.secpod.oval:def:2000296 An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block "/" characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. oval:org.secpod.oval:def:2001258 An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes ... oval:org.secpod.oval:def:2001394 In Netwide Assembler 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. oval:org.secpod.oval:def:2001354 Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. oval:org.secpod.oval:def:2000108 An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. oval:org.secpod.oval:def:2001206 Leptonica 1.74.4 constructs unintended pathnames when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. oval:org.secpod.oval:def:2000088 Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. oval:org.secpod.oval:def:603149 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection. oval:org.secpod.oval:def:603027 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification. oval:org.secpod.oval:def:2000621 An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing ... oval:org.secpod.oval:def:2004218 An issue was discovered in dbus oval:org.secpod.oval:def:2000411 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. oval:org.secpod.oval:def:603147 Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. oval:org.secpod.oval:def:2001118 NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service via crafted j2k files. oval:org.secpod.oval:def:2000756 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:603821 Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. CVE-2017-17480 Write stack buffer overflow in the jp3d and jpwl codecs can result in a denial of service or remote code ... oval:org.secpod.oval:def:2001378 In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:2000030 Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service via crafted j2k files. oval:org.secpod.oval:def:603026 Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation. CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation. CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation. CVE-20 ... oval:org.secpod.oval:def:2001457 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. oval:org.secpod.oval:def:2001149 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the ... oval:org.secpod.oval:def:2004674 An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h , there is an integer overflow on the result of integer addition fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer d ... oval:org.secpod.oval:def:603306 Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user is tricked into using the umount complet ... oval:org.secpod.oval:def:2003977 If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice"s d ... oval:org.secpod.oval:def:2003979 LibreOffice has a "stealth mode" in which only documents from locations deemed "trusted" are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice"s ability to include remote resources within a document. A flaw existed wh ... oval:org.secpod.oval:def:2003978 ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for ... oval:org.secpod.oval:def:603415 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. oval:org.secpod.oval:def:2001040 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. oval:org.secpod.oval:def:2001555 In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. oval:org.secpod.oval:def:2001229 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases dow ... oval:org.secpod.oval:def:2003967 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol , aka "Netlogon Elevation of Privilege Vulnerability". oval:org.secpod.oval:def:604823 Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets. oval:org.secpod.oval:def:603591 Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading mod_jk to the new upstream version 1.2.46, which includes additional changes. https://tomcat.apache.org/c ... oval:org.secpod.oval:def:603168 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in heap ... oval:org.secpod.oval:def:2001559 When apr_time_exp* or apr_os_exp_time* functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value ... oval:org.secpod.oval:def:2001278 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. oval:org.secpod.oval:def:603841 Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ... oval:org.secpod.oval:def:2000360 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:603362 Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ... oval:org.secpod.oval:def:603350 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ... oval:org.secpod.oval:def:2001288 Apache Portable Runtime Utility 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm* functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a ... oval:org.secpod.oval:def:603090 Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0 ... oval:org.secpod.oval:def:50601 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter an ... oval:org.secpod.oval:def:603472 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ... oval:org.secpod.oval:def:2000543 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. oval:org.secpod.oval:def:602951 Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ... oval:org.secpod.oval:def:602999 Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ... oval:org.secpod.oval:def:603000 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext , rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker ... oval:org.secpod.oval:def:2000564 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. oval:org.secpod.oval:def:2000527 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. oval:org.secpod.oval:def:2001095 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:603564 Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests. oval:org.secpod.oval:def:603556 Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation. oval:org.secpod.oval:def:603555 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code. oval:org.secpod.oval:def:603121 Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. CVE-2017-12809 Denial of service in the CDROM device drive emulation. CVE-2017-13672 Denial of service in VGA display emulation. CVE-2017-13711 Denial of ... oval:org.secpod.oval:def:603595 Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:603133 Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned of ... oval:org.secpod.oval:def:603189 Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ... oval:org.secpod.oval:def:603188 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code. oval:org.secpod.oval:def:2003710 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. oval:org.secpod.oval:def:2003709 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the vic ... oval:org.secpod.oval:def:603271 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-17563 Jan Beulich discovered that an incorrect reference count overflow check in x86 shadow mode may result in denial of service or privilege escalation. CVE-2017-17564 Jan Beulich discovered that improper x86 shadow mode ... oval:org.secpod.oval:def:603830 A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions. oval:org.secpod.oval:def:603301 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service. CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host deni ... oval:org.secpod.oval:def:603310 Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ... oval:org.secpod.oval:def:46445 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:2000845 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:2000802 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:2000812 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. oval:org.secpod.oval:def:2000401 In PolicyKit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:603932 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service or sandbox bypass. oval:org.secpod.oval:def:603933 Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure. In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update ship ... oval:org.secpod.oval:def:603950 Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally ... oval:org.secpod.oval:def:2001364 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent time ... oval:org.secpod.oval:def:603503 Quang Nguyen discovered an integer overflow in the Little CMS 2 colour management library, which could in denial of service and potentially the execution of arbitrary code if a malformed IT8 calibration file is processed. oval:org.secpod.oval:def:603508 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. CVE-2018-16067 Zhe Jin discovered an out-of ... oval:org.secpod.oval:def:603439 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-12891 It was discovered that insufficient validation of PV MMU operations may result in denial of service. CVE-2018-12892 It was discovered that libxl fails to honour the "readonly" flag on HVM-emulated SCSI disks. CVE-201 ... oval:org.secpod.oval:def:2005301 In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. oval:org.secpod.oval:def:603483 It was discovered that the PatternSyntaxException class in the Concurrency component of OpenJDK, an implementation of the Oracle Java platform could result in denial of service via excessive memory consumption. oval:org.secpod.oval:def:2003581 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN privileges for certain databases but wants to maintain isolation , slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL b ... oval:org.secpod.oval:def:2003583 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. Aft ... oval:org.secpod.oval:def:603036 Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524 Denial of service in qemu-nbd server CVE-2017-10806 Buffer overflow in USB redirector CVE-2017-11334 Out-of-band memory access in DMA operations oval:org.secpod.oval:def:45698 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load and Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the ... oval:org.secpod.oval:def:2005234 read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. oval:org.secpod.oval:def:2005235 make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. oval:org.secpod.oval:def:2004684 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. N ... oval:org.secpod.oval:def:2004685 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. oval:org.secpod.oval:def:2004687 WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. oval:org.secpod.oval:def:2003838 This CVE is missing description oval:org.secpod.oval:def:2004466 Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user"s home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place ... oval:org.secpod.oval:def:2004190 Improper serialization of internal state in the authorization subsystem in MongoDB Server"s authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prio ... oval:org.secpod.oval:def:2004191 A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem"s support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.0-rc7; v4. ... oval:org.secpod.oval:def:2005279 Incorrect scoping of kill operations in MongoDB Server"s packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4 ... oval:org.secpod.oval:def:2005280 After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user"s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior t ... oval:org.secpod.oval:def:604801 Two security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:604806 Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:50663 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:2001003 An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard librar ... oval:org.secpod.oval:def:604866 Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not. oval:org.secpod.oval:def:604658 Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects. oval:org.secpod.oval:def:2005276 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user nam ... oval:org.secpod.oval:def:2005278 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this ... oval:org.secpod.oval:def:2000323 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group , which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned b ... oval:org.secpod.oval:def:2000534 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. oval:org.secpod.oval:def:2003600 An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse fails in aa_audit_rule_init in security/apparmor/audit.c. oval:org.secpod.oval:def:2004140 In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ... oval:org.secpod.oval:def:2000157 There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2005356 In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2005358 A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service via a crafted PNG image file. oval:org.secpod.oval:def:603442 Several vulnerabilites have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed. oval:org.secpod.oval:def:2000092 CiffDirectory::readDirectory at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. oval:org.secpod.oval:def:2005360 A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service via a crafted CRW image file. oval:org.secpod.oval:def:2005361 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset subtraction. oval:org.secpod.oval:def:2004132 This CVE is missing description oval:org.secpod.oval:def:2004136 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 oval:org.secpod.oval:def:2003593 An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write properly, which causes an i_size_read infinite loop and denial of service on SMP systems. oval:org.secpod.oval:def:2003584 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. oval:org.secpod.oval:def:2003585 In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifi ... oval:org.secpod.oval:def:603641 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. CVE-2019-5755 Jay Bosamiya discovered an implementation error in the ... oval:org.secpod.oval:def:603822 Clement Lecigne discovered a use-after-free issue in chromium"s file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem. This update also fixes a regression introduced in a previous update. The browser would always crash when la ... oval:org.secpod.oval:def:603839 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5787 Zhe Jin discovered a use-after-free issue. CVE-2019-5788 Mark Brand discovered a use-after-free issue in the in the FileAPI implementation. CVE-2019-5789 Mark Brand discovered a use-after-free issue in the in the ... oval:org.secpod.oval:def:2001023 A flaw was found in the Linux kernel in the function hid_debug_events_read in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user can cause a system lock up and a denial of service. Versions from v4.18 and newer are ... oval:org.secpod.oval:def:2000274 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange ... oval:org.secpod.oval:def:61624 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:2000437 In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. oval:org.secpod.oval:def:2004058 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. oval:org.secpod.oval:def:2001436 A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or ... oval:org.secpod.oval:def:603539 joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules. oval:org.secpod.oval:def:2001136 A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. oval:org.secpod.oval:def:2000286 A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw ... oval:org.secpod.oval:def:2000840 lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that w ... oval:org.secpod.oval:def:603412 Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file. oval:org.secpod.oval:def:603228 Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is add ... oval:org.secpod.oval:def:43398 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:603230 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize CVE-2017-11628 Buffer o ... oval:org.secpod.oval:def:603044 Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a spec ... oval:org.secpod.oval:def:603112 Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure. oval:org.secpod.oval:def:602960 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ... oval:org.secpod.oval:def:604657 It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211 Heap buffer overflow caused by invalid memcpy in PluginTIFF. This flaw might be leveraged by remote attackers to trigger denial of service or any other unspecified impact via crafted TI ... oval:org.secpod.oval:def:2004032 This CVE is missing description oval:org.secpod.oval:def:2004626 Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate oval:org.secpod.oval:def:2004627 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons oval:org.secpod.oval:def:2004481 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed oval:org.secpod.oval:def:604821 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. oval:org.secpod.oval:def:2003831 This CVE is missing description oval:org.secpod.oval:def:2003829 This CVE is missing description oval:org.secpod.oval:def:2004431 This CVE is missing description oval:org.secpod.oval:def:603164 It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files. oval:org.secpod.oval:def:2000501 In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. oval:org.secpod.oval:def:2000184 In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote atta ... oval:org.secpod.oval:def:2001506 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:2000647 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. oval:org.secpod.oval:def:2005090 ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. oval:org.secpod.oval:def:2005092 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. oval:org.secpod.oval:def:2005091 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. oval:org.secpod.oval:def:2005093 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. oval:org.secpod.oval:def:2005089 ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. oval:org.secpod.oval:def:2001160 In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. oval:org.secpod.oval:def:2000338 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2000376 ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. oval:org.secpod.oval:def:603854 This update fixes two vulnerabilities in Imagemagick: Memory handling problems and missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed TIFF or Postscript files are processed. oval:org.secpod.oval:def:2000365 ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. oval:org.secpod.oval:def:2001289 In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. oval:org.secpod.oval:def:2000829 ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. oval:org.secpod.oval:def:2001305 ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. oval:org.secpod.oval:def:2000445 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:2000460 ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. oval:org.secpod.oval:def:2000873 ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. oval:org.secpod.oval:def:2001381 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:603452 This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2001114 Potential information exfiltration with default typing, serialization gadget from MyBatis oval:org.secpod.oval:def:603931 Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code. oval:org.secpod.oval:def:2004019 sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write operations. A guest OS user can crash the QEMU process. oval:org.secpod.oval:def:2004015 QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. oval:org.secpod.oval:def:2004016 This CVE is missing description oval:org.secpod.oval:def:2004113 In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ... oval:org.secpod.oval:def:2003665 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. oval:org.secpod.oval:def:2004135 In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernel ... oval:org.secpod.oval:def:2004120 This CVE is missing description oval:org.secpod.oval:def:603222 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, po ... oval:org.secpod.oval:def:2000478 In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. oval:org.secpod.oval:def:2003817 A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. oval:org.secpod.oval:def:2004156 libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. oval:org.secpod.oval:def:603624 Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:2004452 An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. oval:org.secpod.oval:def:2003602 btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference oval:org.secpod.oval:def:2003666 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. oval:org.secpod.oval:def:2003673 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. oval:org.secpod.oval:def:2003656 The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security imp ... oval:org.secpod.oval:def:2003658 An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. oval:org.secpod.oval:def:2003657 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. oval:org.secpod.oval:def:2003659 An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. oval:org.secpod.oval:def:2003660 ** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already ... oval:org.secpod.oval:def:2003664 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. oval:org.secpod.oval:def:2003645 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a process allocates a ptp device file and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exp ... oval:org.secpod.oval:def:2003647 A flaw was found in the Linux kernel"s implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. oval:org.secpod.oval:def:2003646 A NULL pointer dereference flaw was found in the Linux kernel"s SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option protocol"s category bitmap into the SELinux extensible bitmap via the" ebitmap_netlbl_import" routine. While processing the CI ... oval:org.secpod.oval:def:2003648 A flaw was found in the Linux kernel"s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. oval:org.secpod.oval:def:2003650 An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. oval:org.secpod.oval:def:2003651 An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. oval:org.secpod.oval:def:2003654 usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. oval:org.secpod.oval:def:2003653 A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service by corrupting a mountpoint reference counter. oval:org.secpod.oval:def:2003633 An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-s ... oval:org.secpod.oval:def:2003625 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. oval:org.secpod.oval:def:2003624 In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. oval:org.secpod.oval:def:2003627 In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. oval:org.secpod.oval:def:2003626 In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. oval:org.secpod.oval:def:2003628 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. oval:org.secpod.oval:def:2003611 In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call. oval:org.secpod.oval:def:2003614 relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service by triggering a NULL alloc_percpu result. oval:org.secpod.oval:def:2003613 In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. oval:org.secpod.oval:def:2004129 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 oval:org.secpod.oval:def:2004130 In the Linux kernel before 5.4.16, a race condition in tty- oval:org.secpod.oval:def:2004131 A stack information leak flaw was found in s390/s390x in the Linux kernels memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. oval:org.secpod.oval:def:2004127 A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm"s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read thr ... oval:org.secpod.oval:def:2000719 Missing access_ok checks in IOCTL function oval:org.secpod.oval:def:2003812 In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. oval:org.secpod.oval:def:2003814 A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB . The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation is available. This flaw allows a local attacker to perform a Spectre V2 style ... oval:org.secpod.oval:def:2003813 A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced wh ... oval:org.secpod.oval:def:2003815 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being "force disabled" when it is not and opens the system to Spectre v2 attacks. The highest threat f ... oval:org.secpod.oval:def:2003818 ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case ... oval:org.secpod.oval:def:604867 Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting. oval:org.secpod.oval:def:603852 A cross-site scripting vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-006 . oval:org.secpod.oval:def:603941 Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures. oval:org.secpod.oval:def:604824 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector . oval:org.secpod.oval:def:2003667 A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent proc ... oval:org.secpod.oval:def:2003652 In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c mishandles invalid descriptors, aka CID-a246b4d54770. oval:org.secpod.oval:def:2003639 In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2003629 In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. oval:org.secpod.oval:def:2004116 This CVE is missing description oval:org.secpod.oval:def:2003811 This CVE is missing description oval:org.secpod.oval:def:2003942 ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don"t see anything specifically exploitable." oval:org.secpod.oval:def:2003564 An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. oval:org.secpod.oval:def:2003591 An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev fails in hci_uart_set_proto in drivers/bluetooth/hci_ldisc.c. oval:org.secpod.oval:def:2003588 In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. oval:org.secpod.oval:def:2003980 ** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since theres no apparent route to either privilege escalation or to denial of ... oval:org.secpod.oval:def:2003672 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. oval:org.secpod.oval:def:2003674 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. oval:org.secpod.oval:def:2003675 An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. oval:org.secpod.oval:def:2003649 An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. oval:org.secpod.oval:def:2003641 In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2003623 In the Linux kernel 5.4.0-rc2, there is a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c . oval:org.secpod.oval:def:2000635 An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data regi ... oval:org.secpod.oval:def:2004429 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. oval:org.secpod.oval:def:2004430 A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. oval:org.secpod.oval:def:2004052 This CVE is missing description oval:org.secpod.oval:def:2003603 ** DISPUTED ** A memory leak in the __ipmi_bmc_register function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering ida_simple_get failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this beca ... oval:org.secpod.oval:def:2003605 A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering mwifiex_map_pci_memory failures, aka CID-db8fd2cde932. oval:org.secpod.oval:def:2003604 ** DISPUTED ** A memory leak in the unittest_data_add function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service by triggering of_fdt_unflatten_tree failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unitt ... oval:org.secpod.oval:def:2003607 A memory leak in the crypto_report function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering crypto_report_alg failures, aka CID-ffdde5932042. oval:org.secpod.oval:def:2003606 Two memory leaks in the mwifiex_pcie_init_evt_ring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service by triggering mwifiex_map_pci_memory failures, aka CID-d10dcb615c8e. oval:org.secpod.oval:def:2003609 A memory leak in the bfad_im_get_stats function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service by triggering bfa_port_get_stats failures, aka CID-0e62395da2bd. oval:org.secpod.oval:def:2003608 Two memory leaks in the rtl_usb_probe function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service , aka CID-3f9361695113. oval:org.secpod.oval:def:2003610 In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. oval:org.secpod.oval:def:2003668 A flaw was found in the Linux kernel"s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn"t correctly routing tunneled data over the encrypted link; rather sending the data unencrypte ... oval:org.secpod.oval:def:2003637 In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2003640 In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. oval:org.secpod.oval:def:2003622 The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. oval:org.secpod.oval:def:2003612 An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel"s KVM hypervisor handled the "KVM_GET_EMULATED_CPUID" ioctl request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the "/dev/kvm" device co ... oval:org.secpod.oval:def:2003616 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. oval:org.secpod.oval:def:2003615 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. oval:org.secpod.oval:def:2003618 In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. oval:org.secpod.oval:def:2003617 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. oval:org.secpod.oval:def:2003619 In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. oval:org.secpod.oval:def:2003621 In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. oval:org.secpod.oval:def:2003620 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. oval:org.secpod.oval:def:604541 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM"s coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local atta ... oval:org.secpod.oval:def:2005171 A memory leak in the ca8210_probe function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service by triggering ca8210_get_platform_data failures, aka CID-6402939ec86e. oval:org.secpod.oval:def:2005161 A memory leak in the adis_update_scan_mode function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service , aka CID-ab612b1daf41. oval:org.secpod.oval:def:2000324 A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service by triggering vfs_read failures. oval:org.secpod.oval:def:2003590 An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects in net/core/net-sysfs.c, which will cause denial of service. oval:org.secpod.oval:def:2005198 An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. oval:org.secpod.oval:def:2003601 fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices- oval:org.secpod.oval:def:2003586 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. oval:org.secpod.oval:def:2003575 ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor"s position is "ASLR bypass itself is not a vulnerability." oval:org.secpod.oval:def:2003574 GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. oval:org.secpod.oval:def:2003573 GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. oval:org.secpod.oval:def:2003572 GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. oval:org.secpod.oval:def:2003580 In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes oval:org.secpod.oval:def:2000558 KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer oval:org.secpod.oval:def:2001012 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. oval:org.secpod.oval:def:2000292 In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device that is mishandled in usb_audio_probe in sound/usb/card.c. oval:org.secpod.oval:def:50966 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. oval:org.secpod.oval:def:603945 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi driver, which a local user could use to cause denial of ser ... oval:org.secpod.oval:def:2003598 The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users to obtain read and write permissions on kernel physical pages, which can possibly result in a ... oval:org.secpod.oval:def:2003578 ** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kern ... oval:org.secpod.oval:def:2000100 KVM: x86: work around leak of uninitialized stack contents oval:org.secpod.oval:def:2000582 An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. oval:org.secpod.oval:def:2000173 The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Limited remote exploitation may be possible, as demonstrated by la ... oval:org.secpod.oval:def:2000668 USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data oval:org.secpod.oval:def:54760 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. oval:org.secpod.oval:def:57841 A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel. oval:org.secpod.oval:def:2000354 Heap address infoleak in use of l2cap_get_conf_opt oval:org.secpod.oval:def:603384 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:43396 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:2000418 Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp oval:org.secpod.oval:def:603922 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures . This flaw could allow an attacker controlling an unprivileged process to read sensitive information, inclu ... oval:org.secpod.oval:def:603925 This update ships updated CPU microcode for most types of Intel CPUs. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities. To fully resolve these vulnerabilities it is also necessary to update the Linux kernel packages as released in DSA 4444. oval:org.secpod.oval:def:2003577 ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service . NOTE: The vendor disputes this issues as not being a vulnerabili ... oval:org.secpod.oval:def:2001338 A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ... oval:org.secpod.oval:def:2003592 An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. oval:org.secpod.oval:def:2003587 An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. oval:org.secpod.oval:def:2003576 ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service . NOTE: This has been disputed as not an issue. oval:org.secpod.oval:def:2000101 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:2003692 In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. oval:org.secpod.oval:def:2003693 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. oval:org.secpod.oval:def:2003695 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being ... oval:org.secpod.oval:def:2000597 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. oval:org.secpod.oval:def:603587 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a Transfer-Encoding: chu ... oval:org.secpod.oval:def:2001129 In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion when processing a crafted regular expression. oval:org.secpod.oval:def:604537 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service. oval:org.secpod.oval:def:603675 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record function. oval:org.secpod.oval:def:2000737 match stack overflow oval:org.secpod.oval:def:603820 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF extension had multiple cases of invalid memory access and rename was implemented insecurely. oval:org.secpod.oval:def:2001265 memory-based DoS in tiff2bw oval:org.secpod.oval:def:2003634 ** DISPUTED ** In the GNU C Library through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by "*" in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only wi ... oval:org.secpod.oval:def:2002064 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. oval:org.secpod.oval:def:2000395 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:2000547 png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. oval:org.secpod.oval:def:604461 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised. oval:org.secpod.oval:def:2000246 png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. oval:org.secpod.oval:def:603853 A use-after-free vulnerability was discovered in the png_image_free function in the libpng PNG library, which could lead to denial of service or potentially the execution of arbitrary code if a malformed image is processed. oval:org.secpod.oval:def:603928 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:603930 Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:2000000 In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop may cause a Denial of Service via crafted sass input files with stray "&" or "/" characters. oval:org.secpod.oval:def:2001333 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:2000148 ** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was o ... oval:org.secpod.oval:def:603568 Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for ... oval:org.secpod.oval:def:603507 Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed . oval:org.secpod.oval:def:603515 Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed . oval:org.secpod.oval:def:2000470 ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor"s position is that this i ... oval:org.secpod.oval:def:2000992 An out of bounds read in the function d2alaw_array in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:2000152 A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. oval:org.secpod.oval:def:2001540 In libsndfile version 1.0.28, an error in the "aiff_read_chanmap" function can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. oval:org.secpod.oval:def:2000639 ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer"s position is that the "failure to free memory" can be fixed in applications that use the HTSlib library and is not a library issue. oval:org.secpod.oval:def:2001139 ** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program. oval:org.secpod.oval:def:2001133 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init in double64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:2000266 An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:2001580 The function d2alaw_array in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245. oval:org.secpod.oval:def:2000229 ** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it. oval:org.secpod.oval:def:2001605 An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. oval:org.secpod.oval:def:2000417 ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls ... oval:org.secpod.oval:def:603536 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial ... oval:org.secpod.oval:def:2000634 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. oval:org.secpod.oval:def:2001105 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode is called with a NULL bp. oval:org.secpod.oval:def:603280 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ... oval:org.secpod.oval:def:603407 This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly . For servers with AMD CPUs no microcode update is needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html f ... oval:org.secpod.oval:def:603398 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ... oval:org.secpod.oval:def:43397 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ... oval:org.secpod.oval:def:2000804 ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator when the global OO ... oval:org.secpod.oval:def:2003567 In the function wmi_set_ie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the "ie_len" argument can cause a buffer overflow in all Android releases from CAF using the Linux Kernel. oval:org.secpod.oval:def:2001349 kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel"s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. oval:org.secpod.oval:def:603518 This update ships updated CPU microcode for additional models of Intel CPUs which were not yet covered by the Intel microcode update released as DSA-4273-1 oval:org.secpod.oval:def:603411 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ... oval:org.secpod.oval:def:603435 This update provides mitigations for the lazy FPU vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to https://xenbits.xen.org/xsa/advisory-267.html oval:org.secpod.oval:def:603489 This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support and fixes for "Spectre v3a". oval:org.secpod.oval:def:603479 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets ... oval:org.secpod.oval:def:603490 This update provides mitigations for the L1 Terminal Fault vulnerability affecting a range of Intel CPUs. For additional information please refer to https://xenbits.xen.org/xsa/advisory-273.html. The microcode updates mentioned there are not yet available in a form distributable by Debian. In additi ... oval:org.secpod.oval:def:603497 Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary address ... oval:org.secpod.oval:def:45697 An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load and Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the ... oval:org.secpod.oval:def:2000665 ** DISPUTED ** The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. oval:org.secpod.oval:def:2000779 ** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. oval:org.secpod.oval:def:2001204 ** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. oval:org.secpod.oval:def:2001063 ** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. oval:org.secpod.oval:def:2001522 ** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. oval:org.secpod.oval:def:2000710 ** DISPUTED ** The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on ... oval:org.secpod.oval:def:2000320 ** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. oval:org.secpod.oval:def:2001243 ** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 o ... oval:org.secpod.oval:def:2000317 ** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had co ... oval:org.secpod.oval:def:2000013 ** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub. oval:org.secpod.oval:def:2001408 ** DISPUTED ** Reflected Cross-site scripting vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool t ... oval:org.secpod.oval:def:2000989 The S/MIME specification allows a Cipher Block Chaining malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. oval:org.secpod.oval:def:2001056 TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. oval:org.secpod.oval:def:603408 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:603394 Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603451 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:2000568 The acpi_ns_evaluate function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI ... oval:org.secpod.oval:def:2001420 The acpi_ns_terminate function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI t ... oval:org.secpod.oval:def:603111 Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ... oval:org.secpod.oval:def:603541 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-15471 Felix Wilhelm of Google Project Zero discovered a flaw in the hash handling of the xen-netback Linux kernel module. A malicious or buggy f ... oval:org.secpod.oval:def:2001074 The acpi_ps_complete_final_op function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis ... oval:org.secpod.oval:def:2001038 ** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sens ... oval:org.secpod.oval:def:2000613 The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service via a crafted xfs image. oval:org.secpod.oval:def:2001558 The acpi_ds_create_operands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a craft ... oval:org.secpod.oval:def:2000757 Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass ... oval:org.secpod.oval:def:603343 It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed. oval:org.secpod.oval:def:2001291 The Serial Attached SCSI implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service by triggering certain error-handling code. oval:org.secpod.oval:def:603396 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ... oval:org.secpod.oval:def:2000444 The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service . oval:org.secpod.oval:def:2000426 An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. oval:org.secpod.oval:def:603487 CVE-2018-5391 Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leadi ... oval:org.secpod.oval:def:2000964 An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are f ... oval:org.secpod.oval:def:603038 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioc ... oval:org.secpod.oval:def:2000551 In Netwide Assembler 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2000562 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:2000556 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security deci ... oval:org.secpod.oval:def:2000538 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:2000506 In Netwide Assembler 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function - it is used again at multiple positions later that could cause multiple damages. For example, it causes a co ... oval:org.secpod.oval:def:2000183 In Netwide Assembler 2.14rc0, there is an illegal address access in the function find_cc in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. oval:org.secpod.oval:def:603532 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape. oval:org.secpod.oval:def:603531 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability. oval:org.secpod.oval:def:2001097 In Netwide Assembler 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:603589 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:603582 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:2001064 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. oval:org.secpod.oval:def:2000601 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots en ... oval:org.secpod.oval:def:603154 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ... oval:org.secpod.oval:def:603153 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ... oval:org.secpod.oval:def:2001510 The `"path"` module in the Node.js 4.x release line contains a potential regular expression denial of service vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `"p ... oval:org.secpod.oval:def:2000640 In Netwide Assembler 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. oval:org.secpod.oval:def:2001137 In Netwide Assembler 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. oval:org.secpod.oval:def:2000249 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. oval:org.secpod.oval:def:604505 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:604538 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:604529 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. oval:org.secpod.oval:def:604520 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service. oval:org.secpod.oval:def:2001198 In Netwide Assembler 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. oval:org.secpod.oval:def:603217 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ... oval:org.secpod.oval:def:2000711 In Netwide Assembler 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. oval:org.secpod.oval:def:2000328 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to ma ... oval:org.secpod.oval:def:2000322 In Netwide Assembler 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2000788 In Netwide Assembler 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. oval:org.secpod.oval:def:2000385 In Netwide Assembler 2.14rc0, there is an illegal address access in is_mmacro in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. oval:org.secpod.oval:def:603338 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:2000813 In Netwide Assembler 2.14rc0, there is an illegal address access in the function paste_tokens in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. oval:org.secpod.oval:def:2005269 A vulnerability exists where it possible to force Network Security Services to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability af ... oval:org.secpod.oval:def:2000424 ** DISPUTED ** In the Admin Package Manager in Open Ticket Request System 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the ... oval:org.secpod.oval:def:2000410 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of No ... oval:org.secpod.oval:def:2000048 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding , `Buffer#write` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input byt ... oval:org.secpod.oval:def:2000009 nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have ... oval:org.secpod.oval:def:2001332 In Netwide Assembler 2.14rc0, preproc.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2004826 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary Java ... oval:org.secpod.oval:def:603469 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117 AhsanEjaz discovered an information leak. Rob Wu discovered a way to escalate privileges using extensions. CVE-2018-6150 Rob Wu discovered an information disclosure issue . CVE-2018-6151 Rob Wu discovered an issu ... oval:org.secpod.oval:def:2000072 In Netwide Assembler 2.14rc0, there is a heap-based buffer over-read in the function detoken in asm/preproc.c that will cause a remote denial of service attack. oval:org.secpod.oval:def:2000949 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has b ... oval:org.secpod.oval:def:2001478 ** DISPUTED ** SQL injection vulnerability in the "where" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "id" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with un ... oval:org.secpod.oval:def:2001447 ** DISPUTED ** SQL injection vulnerability in the "order" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "id desc" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use wi ... oval:org.secpod.oval:def:603583 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:603252 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:602980 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2000456 ** DISPUTED ** SQL injection vulnerability in the "find_by" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "name" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use wit ... oval:org.secpod.oval:def:2001385 ** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue. oval:org.secpod.oval:def:2001367 ** DISPUTED ** SQL injection vulnerability in the "reorder" method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the "name" parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use wit ... oval:org.secpod.oval:def:2001106 ** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated ... oval:org.secpod.oval:def:2001358 ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploi ... oval:org.secpod.oval:def:2000978 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2000103 swt/motif/browser.c in White_dune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:2001183 ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use ... oval:org.secpod.oval:def:2000791 ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional ... oval:org.secpod.oval:def:2000396 ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ... oval:org.secpod.oval:def:2001217 ** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever." oval:org.secpod.oval:def:2000879 Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. oval:org.secpod.oval:def:2001538 The malloc implementation in the GNU C Library , from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corrup ... oval:org.secpod.oval:def:2000746 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. oval:org.secpod.oval:def:2001392 The DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. oval:org.secpod.oval:def:2000540 ** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as ... oval:org.secpod.oval:def:2000587 The cr_parser_parse_selector_core function in cr-parser.c in libcroco3-dev 0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:2000614 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnera ... oval:org.secpod.oval:def:2001109 ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." oval:org.secpod.oval:def:2001295 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco3-dev 0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:603070 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... |
