[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

103942

 
 

909

 
 

83962

 
 

133

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:603148
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:602994
Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling.

oval:org.secpod.oval:def:602980
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:603094
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:603018
A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service or have unspecified other impact, if a specially crafted file is processed.

oval:org.secpod.oval:def:603028
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases.

oval:org.secpod.oval:def:603147
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:603134
It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input. This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop.

oval:org.secpod.oval:def:603000
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext , rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker ...

oval:org.secpod.oval:def:603115
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed.

oval:org.secpod.oval:def:603030
In DSA 3918 Thunderbird was upgraded to the latest ESR series. This update upgrades Enigmail, the OpenPGP extention for Thunderbird, to version 1.9.8.1 to restore full compatibility.

oval:org.secpod.oval:def:603085
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:603122
Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak

oval:org.secpod.oval:def:603086
A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process cr ...

oval:org.secpod.oval:def:603127
Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, re ...

oval:org.secpod.oval:def:603099
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

oval:org.secpod.oval:def:603017
The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response.

oval:org.secpod.oval:def:602979
It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration.

oval:org.secpod.oval:def:602957
Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.

oval:org.secpod.oval:def:603130
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They would allow remote attackers to exploit path-traversal issues, perform SQL injections and various cross-site scripting attacks.

oval:org.secpod.oval:def:603107
It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure , allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is also played in podbe ...

oval:org.secpod.oval:def:603106
It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch.

oval:org.secpod.oval:def:603119
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ...

oval:org.secpod.oval:def:602949
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to ...

oval:org.secpod.oval:def:603065
Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS with craft KDC or TIFF file.

oval:org.secpod.oval:def:603114
Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ...

oval:org.secpod.oval:def:603096
Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data .

oval:org.secpod.oval:def:603118
An integer overflow vulnerability was discovered in decode_digit in libidn2-0, the GNU library for Internationalized Domain Names , allowing a remote attacker to cause a denial of service against an application using the library .

oval:org.secpod.oval:def:603014
It was discovered that ruby-mixlib-archive, a Chef Software"s library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing .. in its entries.

oval:org.secpod.oval:def:603033
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side.

oval:org.secpod.oval:def:603080
Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key. See https://eprint.iacr.org/2017/806 for details.

oval:org.secpod.oval:def:602951
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ...

oval:org.secpod.oval:def:603043
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ...

oval:org.secpod.oval:def:603120
joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has n ...

oval:org.secpod.oval:def:603113
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote at ...

oval:org.secpod.oval:def:602962
Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. CVE-2017-75 ...

oval:org.secpod.oval:def:603142
It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command.

oval:org.secpod.oval:def:603049
Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ...

oval:org.secpod.oval:def:602953
Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.

oval:org.secpod.oval:def:602975
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ...

oval:org.secpod.oval:def:602999
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus" Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center component and could be used by an atta ...

oval:org.secpod.oval:def:603091
Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed.

oval:org.secpod.oval:def:603108
Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK Pixbuf library, which may result in the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:602968
It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation.

oval:org.secpod.oval:def:603048
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command.

oval:org.secpod.oval:def:603095
A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress.

oval:org.secpod.oval:def:42584
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

oval:org.secpod.oval:def:42507
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and ...

oval:org.secpod.oval:def:602974
Debian 9.x is installed

oval:org.secpod.oval:def:603141
Niklas Abel discovered that insufficient input sanitising in the the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution.

oval:org.secpod.oval:def:603143
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.

oval:org.secpod.oval:def:603128
Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure.

oval:org.secpod.oval:def:603125
Security researcher discovered a vulnerability in the handling of FreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME desktop environment. An attacker can craft a .desktop file intended to run malicious commands but displayed as a innocuous document file in Nautilus. An user wou ...

oval:org.secpod.oval:def:603092
An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as "optional". A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 c ...

oval:org.secpod.oval:def:603076
Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in t ...

oval:org.secpod.oval:def:603133
Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned of ...

oval:org.secpod.oval:def:603161
Several vulnerabilities have been discovered in the chromium browser. CVE-2017-15398 Ned Williamson discovered a stack overflow issue. CVE-2017-15399 Zhao Qixun discovered a use-after-free issue in the v8 javascript library.

oval:org.secpod.oval:def:603129
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.

oval:org.secpod.oval:def:603174
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

oval:org.secpod.oval:def:603181
Several vulnerabilities have been found in VLC, the VideoLAN project"s media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603156
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:603012
This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EP ...

oval:org.secpod.oval:def:603182
A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack. The authentication token for an user is saved in clear text to the log file, which could enable an attacker with access to the logs to bypass the authentication pr ...

oval:org.secpod.oval:def:603187
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

oval:org.secpod.oval:def:603039
Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ...

oval:org.secpod.oval:def:603172
"shamger" and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service. See https://varnish-cache.org/security/VSV00002.html for details.

oval:org.secpod.oval:def:603173
Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work: CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. CVE-2017-8809 Reflected file download in API. CVE-2017-8810 On private wikis the login ...

oval:org.secpod.oval:def:603064
Han Han of Red Hat discovered that augeas, a configuration editing tool, improperly handled some escaped strings. A remote attacker could leverage this flaw by sending maliciously crafted strings, thus causing an augeas-enabled application to crash or potentially execute arbitrary code.

oval:org.secpod.oval:def:603164
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:603209
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:603208
It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

oval:org.secpod.oval:def:603210
Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer. The oldstable distribution is not affected.

oval:org.secpod.oval:def:603213
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15407 Ned Williamson discovered an out-of-bounds write issue. CVE-2017-15408 Ke Liu discovered a heap overflow issue in the pdfium library. CVE-2017-15409 An out-of-bounds write issue was discovered in the skia librar ...

oval:org.secpod.oval:def:603220
Multiple vulnerabilities were discovered in Enigmail, an OpenPGP extension for Thunderbird, which could result in a loss of confidentiality, faked signatures, plain text leaks and denial of service. Additional information can be found under https://enigmail.net/download/other/Enigmail%20Pentest%20Re ...

oval:org.secpod.oval:def:603225
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses.

oval:org.secpod.oval:def:603097
An information disclosure vulnerability was discovered in the Service Discovery Protocol in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys.

oval:org.secpod.oval:def:603140
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.

oval:org.secpod.oval:def:603045
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546 In some authentication methods empty passwords were accepted. CVE-2017-7547 User mappings could leak data to unprivileged users. CVE-2017-7548 The lo_put function ignored ACLs. For more in-depth descriptions of ...

oval:org.secpod.oval:def:603016
It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives . Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.

oval:org.secpod.oval:def:603052
Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules.

oval:org.secpod.oval:def:603088
Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ...

oval:org.secpod.oval:def:602952
The security update announced as DSA-3886-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For reference, the relevant part of the original advisory text fol ...

oval:org.secpod.oval:def:603136
Two unspecified vulnerabilities were discovered in OpenJFX, a rich client application platform for Java.

oval:org.secpod.oval:def:603027
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification.

oval:org.secpod.oval:def:603026
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation. CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation. CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation. CVE-20 ...

oval:org.secpod.oval:def:603047
Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All thos ...

oval:org.secpod.oval:def:603221
Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys.

oval:org.secpod.oval:def:603037
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue. C ...

oval:org.secpod.oval:def:602996
Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol client and server library which may result in memory disclosure, denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:602995
An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.

oval:org.secpod.oval:def:603038
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioc ...

oval:org.secpod.oval:def:603121
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. CVE-2017-12809 Denial of service in the CDROM device drive emulation. CVE-2017-13672 Denial of service in VGA display emulation. CVE-2017-13711 Denial of ...

oval:org.secpod.oval:def:603036
Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524 Denial of service in qemu-nbd server CVE-2017-10806 Buffer overflow in USB redirector CVE-2017-11334 Out-of-band memory access in DMA operations CVE-2017-11443 Out-of-band memory access in SLIRP/DHCP

oval:org.secpod.oval:def:603013
Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type "Digest" between successive key=value assignments, leading to information disclosure or denial of service.

oval:org.secpod.oval:def:603050
Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ...

oval:org.secpod.oval:def:603166
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ...

oval:org.secpod.oval:def:603190
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:603098
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation. CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in infor ...

oval:org.secpod.oval:def:602960
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of Ad ...

oval:org.secpod.oval:def:603117
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. CVE-2017-5113 A buffer overflow issue was discovered in the ...

oval:org.secpod.oval:def:602966
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ...

oval:org.secpod.oval:def:602967
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request"s HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement o ...

oval:org.secpod.oval:def:603044
Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a spec ...

oval:org.secpod.oval:def:603112
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

oval:org.secpod.oval:def:603238
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

oval:org.secpod.oval:def:603240
Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation.

oval:org.secpod.oval:def:603235
Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

oval:org.secpod.oval:def:603234
Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named.

oval:org.secpod.oval:def:603111
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:603230
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize CVE-2017-11628 Buffer o ...

oval:org.secpod.oval:def:603233
Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

oval:org.secpod.oval:def:603249
It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of ...

oval:org.secpod.oval:def:603248
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:603250
Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed. This update also fixes a regression in the handling of Type 3 fonts.

oval:org.secpod.oval:def:603253
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

oval:org.secpod.oval:def:603252
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:603254
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:603255
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:603257
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420 Drew Springall discovered a URL spoofing issue. CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2018-6031 A use-after-free issue was discovered in the pdfium library. ...

oval:org.secpod.oval:def:603236
It was discovered that multiple integer overflows in the GIF image loader in the GDK Pixbuf library may result in denial of service and potentially the execution of arbitrary code if a malformed image file is opened.

oval:org.secpod.oval:def:603149
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection.

oval:org.secpod.oval:def:603180
A use-after-free vulnerability was discovered in XML::LibXML, a Perl interface to the libxml2 library, allowing an attacker to execute arbitrary code by controlling the arguments to a replaceChild call.

oval:org.secpod.oval:def:603131
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ...

oval:org.secpod.oval:def:603170
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed.

oval:org.secpod.oval:def:603229
Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.

oval:org.secpod.oval:def:603155
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-10965 Brian "geeknik" Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with inv ...

oval:org.secpod.oval:def:603183
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:603138
Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code. CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687 WangLin discovered that a crafted .xps file can crash MuPDF and potentially execute arbitrary code in sev ...

oval:org.secpod.oval:def:603169
It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overf ...

oval:org.secpod.oval:def:603188
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

oval:org.secpod.oval:def:603186
Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603171
Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes.

oval:org.secpod.oval:def:603167
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

oval:org.secpod.oval:def:603239
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions.

oval:org.secpod.oval:def:603214
Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

oval:org.secpod.oval:def:603205
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:603165
A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers. An authenticated attacker can take advantage of this flaw to read roundcube"s configuration files.

oval:org.secpod.oval:def:603179
Jakub Wilk reported a heap-based buffer overflow vulnerability in procmail"s formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss.

oval:org.secpod.oval:def:603216
Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603176
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603175
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603204
Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.

oval:org.secpod.oval:def:603207
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:603215
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system.

oval:org.secpod.oval:def:603218
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ...

oval:org.secpod.oval:def:603219
Gabriel Corona reported that sensible-browser from sensible-utils, a collection of small utilities used to sensibly select and spawn an appropriate browser, editor or pager, does not validate strings before launching the program specified by the BROWSER environment variable, potentially allowing a r ...

oval:org.secpod.oval:def:603227
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened.

oval:org.secpod.oval:def:603224
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:603160
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

oval:org.secpod.oval:def:603132
Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603226
Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service, information disclosure and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603075
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.26. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/ https://mariad ...

oval:org.secpod.oval:def:603057
It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.

oval:org.secpod.oval:def:603154
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603153
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603217
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ...

oval:org.secpod.oval:def:603072
Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users ...

oval:org.secpod.oval:def:603082
It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code.

oval:org.secpod.oval:def:603089
Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in disclosure of RTP connections or the execution of arbitrary shell commands

oval:org.secpod.oval:def:603070
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:603157
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ...

oval:org.secpod.oval:def:603261
It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.

oval:org.secpod.oval:def:603264
A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue. For reference, the relevant part of the original advisory text follows. It was discovered t ...

oval:org.secpod.oval:def:603262
Two vulnerabilities were discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library.

oval:org.secpod.oval:def:603265
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ...

oval:org.secpod.oval:def:603268
Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

oval:org.secpod.oval:def:603271
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2017-17563 Jan Beulich discovered that an incorrect reference count overflow check in x86 shadow mode may result in denial of service or privilege escalation. CVE-2017-17564 Jan Beulich discovered that improper x86 shadow mode ...

oval:org.secpod.oval:def:603270
Two vulnerabilities were discovered in the libraries of the Vorbis audio compression codec, which could result in denial of service or the execution of arbitrary code if a malformed media file is processed.

oval:org.secpod.oval:def:603272
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:603274
Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted.

oval:org.secpod.oval:def:603275
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ...

oval:org.secpod.oval:def:603279
This update doesn"t fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates.

oval:org.secpod.oval:def:603281
Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-001

oval:org.secpod.oval:def:603137
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:603177
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

oval:org.secpod.oval:def:603299
The security update announced as DSA-4120-1 caused regressions on the powerpc kernel architecture . Updated packages are now available to correct this issue.

oval:org.secpod.oval:def:603298
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth m ...

oval:org.secpod.oval:def:603295
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash.

oval:org.secpod.oval:def:603297
Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.

oval:org.secpod.oval:def:603296
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ...

oval:org.secpod.oval:def:603301
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service. CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host deni ...

oval:org.secpod.oval:def:603300
It was discovered that incorrect validation of frame widths in the libvpx multimedia library may result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603302
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ...

oval:org.secpod.oval:def:603292
Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.tx ...

oval:org.secpod.oval:def:603251
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:603273
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:603267
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:603290
Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.

oval:org.secpod.oval:def:603090
Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2015-9096 SMTP command injection in Net::SMTP. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0900 Denial of service in the RubyGems client. CVE-2017-0 ...

oval:org.secpod.oval:def:603168
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in heap ...

oval:org.secpod.oval:def:603139
Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.

oval:org.secpod.oval:def:603206
It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.

oval:org.secpod.oval:def:603116
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbit ...

oval:org.secpod.oval:def:603203
George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.

oval:org.secpod.oval:def:603291
Two vulnerabilities have been found in Solr, a search server based on Lucene, which could result in the execution of arbitrary code or path traversal.

oval:org.secpod.oval:def:43397
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ...

oval:org.secpod.oval:def:43396
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ...

oval:org.secpod.oval:def:603228
Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Meltdown and is add ...

oval:org.secpod.oval:def:603280
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:43398
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant ...

oval:org.secpod.oval:def:603189
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ...

oval:org.secpod.oval:def:603222
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, po ...

oval:org.secpod.oval:def:603081
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafte ...

oval:org.secpod.oval:def:603278
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:603263
It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events.

oval:org.secpod.oval:def:603306
Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user is tricked into using the umount complet ...

oval:org.secpod.oval:def:603308
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:603309
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:603310
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:603311
Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

oval:org.secpod.oval:def:603312
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603313
Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603314
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.

oval:org.secpod.oval:def:603316
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ...

oval:org.secpod.oval:def:603317
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603315
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:603318
Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0915 / CVE-2018-3710 Arbitrary code execution in project import. CVE-2017-0916 Command injection via Webhooks. CVE-2017-0917 Cross-site scripting in CI job output. CVE-2017-0918 Insufficient ...

oval:org.secpod.oval:def:44750
tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.

oval:org.secpod.oval:def:44751
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.

oval:org.secpod.oval:def:44752
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.

oval:org.secpod.oval:def:44754
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ...

oval:org.secpod.oval:def:44755
In the cron package through 3.0pl1-128 on Debian, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

oval:org.secpod.oval:def:603322
Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.

oval:org.secpod.oval:def:603327
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603329
It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603330
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ...

oval:org.secpod.oval:def:603258
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ...

oval:org.secpod.oval:def:603242
The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution.

oval:org.secpod.oval:def:603332
Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute ...

oval:org.secpod.oval:def:603333
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.

oval:org.secpod.oval:def:603336
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002

oval:org.secpod.oval:def:603202
Michael Eder and Thomas Kittel discovered that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service by sending maliciously crafted packets.

oval:org.secpod.oval:def:603195
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.

oval:org.secpod.oval:def:603191
Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-16943 A use-after-free vulnerability was discovered in Exim"s routines responsible for parsing mail headers. A remote attacker can ...

oval:org.secpod.oval:def:602954
The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/ ...

oval:org.secpod.oval:def:603335
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603338
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:603337
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:603340
Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code. The oldstable distribution is not affected.

oval:org.secpod.oval:def:603343
It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.

oval:org.secpod.oval:def:603341
James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that m ...

oval:org.secpod.oval:def:603342
Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service.

oval:org.secpod.oval:def:603348
It was discovered that a race condition in beep allows local privilege escalation.

oval:org.secpod.oval:def:603350
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:603351
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ...

oval:org.secpod.oval:def:603354
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:603266
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

oval:org.secpod.oval:def:603357
Multiple vulnerabilities have been discovered in the PJSIP/PJProject multimedia communication which may result in denial of service during the processing of SIP and SDP messages and ioqueue keys.

oval:org.secpod.oval:def:603245
It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.

oval:org.secpod.oval:def:603244
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ...

oval:org.secpod.oval:def:603358
Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient.

oval:org.secpod.oval:def:603361
The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a cod ...

oval:org.secpod.oval:def:603362
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:603364
Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files , which could result in the execution of arbitrary code if a malformed spreadsheet is processed.

*CPE
cpe:/o:debian:debian_linux:9.x

© 2013 SecPod Technologies