Download
| Alert*
oval:org.secpod.oval:def:2105379
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary Java ... oval:org.secpod.oval:def:2100001 Sun Solaris 11 is installed oval:org.secpod.oval:def:2105247 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succe ... oval:org.secpod.oval:def:2101171 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. oval:org.secpod.oval:def:2101177 Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. oval:org.secpod.oval:def:2105244 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succe ... oval:org.secpod.oval:def:2105252 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful ... oval:org.secpod.oval:def:2101287 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges. oval:org.secpod.oval:def:2101290 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. oval:org.secpod.oval:def:2101295 All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges oval:org.secpod.oval:def:2100071 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Success ... oval:org.secpod.oval:def:2105364 The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. oval:org.secpod.oval:def:2100003 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks ... oval:org.secpod.oval:def:2105130 The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vec ... oval:org.secpod.oval:def:2105089 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim"s Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via ... oval:org.secpod.oval:def:2100108 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succes ... oval:org.secpod.oval:def:2100107 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successfu ... oval:org.secpod.oval:def:2100101 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succes ... oval:org.secpod.oval:def:2100112 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulner ... oval:org.secpod.oval:def:2100113 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. ... oval:org.secpod.oval:def:2100109 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Su ... oval:org.secpod.oval:def:2100110 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vul ... oval:org.secpod.oval:def:2100091 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise ... oval:org.secpod.oval:def:2100084 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via IKE to compromise Solaris. Successful attacks of this vulnerab ... oval:org.secpod.oval:def:2100086 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to compromise Solaris. Successful attacks of this vuln ... oval:org.secpod.oval:def:2100093 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful ... oval:org.secpod.oval:def:2100088 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succ ... oval:org.secpod.oval:def:2100094 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Su ... oval:org.secpod.oval:def:2100000 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris execute ... oval:org.secpod.oval:def:2100004 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successf ... oval:org.secpod.oval:def:2100072 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successfu ... oval:org.secpod.oval:def:2100026 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solari ... oval:org.secpod.oval:def:2100017 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise ... oval:org.secpod.oval:def:2100023 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise ... oval:org.secpod.oval:def:2100005 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successfu ... oval:org.secpod.oval:def:2100013 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successfu ... oval:org.secpod.oval:def:2101465 In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. oval:org.secpod.oval:def:2101325 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. oval:org.secpod.oval:def:2101451 The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sendi ... oval:org.secpod.oval:def:2101467 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges oval:org.secpod.oval:def:2101487 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. oval:org.secpod.oval:def:2101481 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. oval:org.secpod.oval:def:2101484 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. oval:org.secpod.oval:def:2104623 Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirr ... oval:org.secpod.oval:def:2101256 libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:2100069 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Sol ... oval:org.secpod.oval:def:2101301 If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. oval:org.secpod.oval:def:2100076 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this ... oval:org.secpod.oval:def:2101175 The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file. oval:org.secpod.oval:def:2105356 RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 oval:org.secpod.oval:def:2101183 GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. oval:org.secpod.oval:def:2101455 In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point opera ... oval:org.secpod.oval:def:2101460 CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. oval:org.secpod.oval:def:2101161 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository oval:org.secpod.oval:def:2101501 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ... oval:org.secpod.oval:def:2101128 FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. oval:org.secpod.oval:def:2101306 A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunde ... oval:org.secpod.oval:def:2101185 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. oval:org.secpod.oval:def:2101508 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. oval:org.secpod.oval:def:2101478 In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. oval:org.secpod.oval:def:2101293 A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "Dest ... oval:org.secpod.oval:def:2100103 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Sola ... oval:org.secpod.oval:def:2100097 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this vulnerabil ... oval:org.secpod.oval:def:2101459 Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. oval:org.secpod.oval:def:2101191 Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth out ... oval:org.secpod.oval:def:2101442 Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. oval:org.secpod.oval:def:2101470 The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects ... oval:org.secpod.oval:def:2101331 In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero"s (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. oval:org.secpod.oval:def:2101188 Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. oval:org.secpod.oval:def:2101314 The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and ... oval:org.secpod.oval:def:2101500 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. oval:org.secpod.oval:def:2101311 Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. oval:org.secpod.oval:def:2101313 In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. oval:org.secpod.oval:def:2101132 Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. oval:org.secpod.oval:def:2101120 A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another u ... oval:org.secpod.oval:def:2101172 A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim"s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim co ... oval:org.secpod.oval:def:2101130 Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. oval:org.secpod.oval:def:2101339 The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk"s length, but doesn"t check that the chunk length is a non-negative number. The code th ... oval:org.secpod.oval:def:2101156 A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird ... oval:org.secpod.oval:def:2101326 A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird &l ... oval:org.secpod.oval:def:2101281 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. oval:org.secpod.oval:def:2101466 The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. oval:org.secpod.oval:def:2101458 The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. oval:org.secpod.oval:def:2101150 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type "Digest" was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no "=" assignment could reflect the stale v ... oval:org.secpod.oval:def:2101178 tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. oval:org.secpod.oval:def:2101118 The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). oval:org.secpod.oval:def:2101258 Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." oval:org.secpod.oval:def:2101511 The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. oval:org.secpod.oval:def:2103454 An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. oval:org.secpod.oval:def:2103450 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. oval:org.secpod.oval:def:2103452 An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. oval:org.secpod.oval:def:2103458 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. oval:org.secpod.oval:def:2103004 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. oval:org.secpod.oval:def:2103006 Libvorbis - (bulletinjul2018). oval:org.secpod.oval:def:2103002 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. oval:org.secpod.oval:def:2103001 The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. oval:org.secpod.oval:def:2100380 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful ... oval:org.secpod.oval:def:2100385 Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise O ... oval:org.secpod.oval:def:2103894 In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. oval:org.secpod.oval:def:2100381 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracl ... oval:org.secpod.oval:def:2100384 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Wh ... oval:org.secpod.oval:def:2103409 "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to ... oval:org.secpod.oval:def:2100378 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabrics Tools). The supported version that is affected is 11.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Sol ... oval:org.secpod.oval:def:2102315 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. oval:org.secpod.oval:def:2102314 Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a cha ... oval:org.secpod.oval:def:2103887 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. oval:org.secpod.oval:def:2103647 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so ... oval:org.secpod.oval:def:2100398 The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. oval:org.secpod.oval:def:2103414 Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. oval:org.secpod.oval:def:2103433 The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. oval:org.secpod.oval:def:2103425 An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. oval:org.secpod.oval:def:2102597 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:2102596 named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named c ... oval:org.secpod.oval:def:2102599 The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. oval:org.secpod.oval:def:2102593 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action= ... oval:org.secpod.oval:def:2102595 There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. oval:org.secpod.oval:def:2103441 xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. oval:org.secpod.oval:def:2103437 Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. oval:org.secpod.oval:def:2103499 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn"t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` ... oval:org.secpod.oval:def:2103494 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. oval:org.secpod.oval:def:2103008 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:2103007 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:2103009 NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < ... oval:org.secpod.oval:def:2103260 The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. oval:org.secpod.oval:def:2102186 The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI ... oval:org.secpod.oval:def:2102187 When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. oval:org.secpod.oval:def:2102192 A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. oval:org.secpod.oval:def:2102195 A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:2102196 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols ... oval:org.secpod.oval:def:2102912 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. oval:org.secpod.oval:def:2100731 Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the ... oval:org.secpod.oval:def:2102911 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:2102910 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc ... oval:org.secpod.oval:def:2100987 The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. oval:org.secpod.oval:def:2100984 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. oval:org.secpod.oval:def:2101608 libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel ... oval:org.secpod.oval:def:2101609 Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. oval:org.secpod.oval:def:2101617 If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site t ... oval:org.secpod.oval:def:2102705 The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vu ... oval:org.secpod.oval:def:2101610 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. oval:org.secpod.oval:def:2102701 The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. oval:org.secpod.oval:def:2102708 In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:2102707 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:2100933 GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. oval:org.secpod.oval:def:2100935 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service. oval:org.secpod.oval:def:2100939 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service. oval:org.secpod.oval:def:2100943 All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. oval:org.secpod.oval:def:2100709 In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. oval:org.secpod.oval:def:2100947 Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. oval:org.secpod.oval:def:2100949 An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. oval:org.secpod.oval:def:2100712 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private string ... oval:org.secpod.oval:def:2100954 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. oval:org.secpod.oval:def:2100715 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. oval:org.secpod.oval:def:2100952 The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. oval:org.secpod.oval:def:2100959 Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. oval:org.secpod.oval:def:2100718 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. oval:org.secpod.oval:def:2101808 GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD"s CVE- ... oval:org.secpod.oval:def:2100966 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. oval:org.secpod.oval:def:2102904 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository ... oval:org.secpod.oval:def:2100721 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. oval:org.secpod.oval:def:2101810 In GNU Binutils 2.30, there"s an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. oval:org.secpod.oval:def:2102909 The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file. oval:org.secpod.oval:def:2102905 The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involvin ... oval:org.secpod.oval:def:2100729 stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA cer ... oval:org.secpod.oval:def:2102908 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a "%" character, which leads to a he ... oval:org.secpod.oval:def:2102907 If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1. oval:org.secpod.oval:def:2100341 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to ... oval:org.secpod.oval:def:2100342 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks require human inte ... oval:org.secpod.oval:def:2101675 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. oval:org.secpod.oval:def:2100340 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks ... oval:org.secpod.oval:def:2103606 ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim"s disk. oval:org.secpod.oval:def:2100334 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Su ... oval:org.secpod.oval:def:2100335 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to compromise Solaris. Successful attacks of this ... oval:org.secpod.oval:def:2101665 The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. oval:org.secpod.oval:def:2100337 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise So ... oval:org.secpod.oval:def:2100352 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. ... oval:org.secpod.oval:def:2100353 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Success ... oval:org.secpod.oval:def:2100354 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Succes ... oval:org.secpod.oval:def:2100355 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of th ... oval:org.secpod.oval:def:2100350 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successfu ... oval:org.secpod.oval:def:2100351 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks of this vulner ... oval:org.secpod.oval:def:2100349 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Success ... oval:org.secpod.oval:def:2100346 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. ... oval:org.secpod.oval:def:2100347 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via Portmap v3 to compromise Solaris. Successful attacks of this ... oval:org.secpod.oval:def:2100348 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulne ... oval:org.secpod.oval:def:2101678 OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the expl ... oval:org.secpod.oval:def:2100364 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromi ... oval:org.secpod.oval:def:2103872 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. oval:org.secpod.oval:def:2100365 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS Package Manager). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successful ... oval:org.secpod.oval:def:2100361 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise ... oval:org.secpod.oval:def:2103871 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fil ... oval:org.secpod.oval:def:2103870 Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources ... oval:org.secpod.oval:def:2100358 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attack ... oval:org.secpod.oval:def:2100374 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of ... oval:org.secpod.oval:def:2102311 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension"s timelib_meridian handling of "front of" and "back of" directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c ou ... oval:org.secpod.oval:def:2100375 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compr ... oval:org.secpod.oval:def:2100376 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Ora ... oval:org.secpod.oval:def:2102313 Type confusion exists in _cancel_eval Ruby"s TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. oval:org.secpod.oval:def:2103886 In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. oval:org.secpod.oval:def:2103401 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ... oval:org.secpod.oval:def:2100370 In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowin ... oval:org.secpod.oval:def:2100372 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to comp ... oval:org.secpod.oval:def:2100373 In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a mali ... oval:org.secpod.oval:def:2102308 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. oval:org.secpod.oval:def:2102307 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. oval:org.secpod.oval:def:2100369 Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: File Locking Services). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to co ... oval:org.secpod.oval:def:2101631 An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. oval:org.secpod.oval:def:2101626 Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. oval:org.secpod.oval:def:2101627 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, ... oval:org.secpod.oval:def:2101622 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. oval:org.secpod.oval:def:2102711 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). oval:org.secpod.oval:def:2101624 Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. oval:org.secpod.oval:def:2100320 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of ... oval:org.secpod.oval:def:2101650 It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. oval:org.secpod.oval:def:2101653 librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. oval:org.secpod.oval:def:2100318 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successfu ... oval:org.secpod.oval:def:2101649 An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. oval:org.secpod.oval:def:2101646 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. oval:org.secpod.oval:def:2100331 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise Solaris. Successful attack ... oval:org.secpod.oval:def:2101664 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is r ... oval:org.secpod.oval:def:2103600 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. oval:org.secpod.oval:def:2100333 This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex ... oval:org.secpod.oval:def:2101660 In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. oval:org.secpod.oval:def:2101659 There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:2100328 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via RPC to compromise Solaris. While the vulnerability is in Solaris ... oval:org.secpod.oval:def:2101658 When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. oval:org.secpod.oval:def:2102505 The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution ... oval:org.secpod.oval:def:2100323 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful ... oval:org.secpod.oval:def:2101654 Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil" ... oval:org.secpod.oval:def:2100325 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks requi ... oval:org.secpod.oval:def:2101657 The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. oval:org.secpod.oval:def:2102504 Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. oval:org.secpod.oval:def:2100326 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to com ... oval:org.secpod.oval:def:2102503 Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually sp ... oval:org.secpod.oval:def:2103569 newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a dif ... oval:org.secpod.oval:def:2103588 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreat ... oval:org.secpod.oval:def:2103350 A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. oval:org.secpod.oval:def:2103114 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE ... oval:org.secpod.oval:def:2103598 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:2103355 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent a ... oval:org.secpod.oval:def:2103116 tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. oval:org.secpod.oval:def:2103110 An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. oval:org.secpod.oval:def:2103112 Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. oval:org.secpod.oval:def:2103354 Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. oval:org.secpod.oval:def:2103353 Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. oval:org.secpod.oval:def:2103109 There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. oval:org.secpod.oval:def:2102038 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. oval:org.secpod.oval:def:2103369 The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. oval:org.secpod.oval:def:2103362 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the A ... oval:org.secpod.oval:def:2103117 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. oval:org.secpod.oval:def:2103530 An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the ... oval:org.secpod.oval:def:2103524 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. oval:org.secpod.oval:def:2103526 Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. oval:org.secpod.oval:def:2102695 A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were me ... oval:org.secpod.oval:def:2103542 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. oval:org.secpod.oval:def:2102698 The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server del ... oval:org.secpod.oval:def:2103544 The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server"s private key (this is a variation of the Bleichenbacher attack). oval:org.secpod.oval:def:2102692 In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. oval:org.secpod.oval:def:2102691 In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. oval:org.secpod.oval:def:2102694 python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback"s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component er ... oval:org.secpod.oval:def:2103541 Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if "." were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. oval:org.secpod.oval:def:2102693 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. Th ... oval:org.secpod.oval:def:2103539 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one chara ... oval:org.secpod.oval:def:2103536 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. oval:org.secpod.oval:def:2103553 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. oval:org.secpod.oval:def:2103555 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. oval:org.secpod.oval:def:2103550 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. oval:org.secpod.oval:def:2102699 Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. oval:org.secpod.oval:def:2103548 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, result ... oval:org.secpod.oval:def:2102085 In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. oval:org.secpod.oval:def:2102080 Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. oval:org.secpod.oval:def:2102090 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to c ... oval:org.secpod.oval:def:2100902 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. oval:org.secpod.oval:def:2100909 For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an ... oval:org.secpod.oval:def:2100913 For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper in ... oval:org.secpod.oval:def:2100917 Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:2100929 The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges v ... oval:org.secpod.oval:def:2102041 All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. oval:org.secpod.oval:def:2103371 Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. oval:org.secpod.oval:def:2102050 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. oval:org.secpod.oval:def:2102292 The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. oval:org.secpod.oval:def:2102052 An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. oval:org.secpod.oval:def:2102051 It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. oval:org.secpod.oval:def:2102293 A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. oval:org.secpod.oval:def:2102059 Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, an ... oval:org.secpod.oval:def:2103386 Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. oval:org.secpod.oval:def:2102074 In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. oval:org.secpod.oval:def:2102079 In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. oval:org.secpod.oval:def:2102078 In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. oval:org.secpod.oval:def:2100872 In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. oval:org.secpod.oval:def:2102805 A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by su ... oval:org.secpod.oval:def:2100869 In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will ... oval:org.secpod.oval:def:2102804 The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. oval:org.secpod.oval:def:2102807 Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. oval:org.secpod.oval:def:2102806 The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. oval:org.secpod.oval:def:2102809 The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. oval:org.secpod.oval:def:2102808 The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. oval:org.secpod.oval:def:2100881 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of ser ... oval:org.secpod.oval:def:2103902 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. oval:org.secpod.oval:def:2102816 Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. oval:org.secpod.oval:def:2100873 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a ... oval:org.secpod.oval:def:2102810 convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. oval:org.secpod.oval:def:2100875 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. oval:org.secpod.oval:def:2102812 Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. oval:org.secpod.oval:def:2102811 lynx: It was found that Lynx doesn"t parse the authority component of the URL correctly when the host name part ends with "?", and could instead be tricked into connecting to a different host. oval:org.secpod.oval:def:2103907 NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. oval:org.secpod.oval:def:2100893 All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. oval:org.secpod.oval:def:2100889 The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. oval:org.secpod.oval:def:2100885 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:2100402 All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet "vty" CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports c ... oval:org.secpod.oval:def:2100403 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. oval:org.secpod.oval:def:2101909 curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. oval:org.secpod.oval:def:2101912 A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. oval:org.secpod.oval:def:2101913 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. oval:org.secpod.oval:def:2101916 curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. oval:org.secpod.oval:def:2101918 An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl"s deliver-data function treats zero as a ma ... oval:org.secpod.oval:def:2101917 When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used ... oval:org.secpod.oval:def:2101923 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. oval:org.secpod.oval:def:2101922 libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the co ... oval:org.secpod.oval:def:2101925 libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double ... oval:org.secpod.oval:def:2101924 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a care ... oval:org.secpod.oval:def:2101920 An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensiti ... oval:org.secpod.oval:def:2101926 The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. oval:org.secpod.oval:def:2101929 An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. oval:org.secpod.oval:def:2101936 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid "\N{U+...}" escape. oval:org.secpod.oval:def:2101930 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demon ... oval:org.secpod.oval:def:2101938 Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. oval:org.secpod.oval:def:2101937 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a "\N{}" escape and the case-insensitive modifier. oval:org.secpod.oval:def:2100460 The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. oval:org.secpod.oval:def:2101791 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to bu ... oval:org.secpod.oval:def:2101786 The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. oval:org.secpod.oval:def:2100457 Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ... oval:org.secpod.oval:def:2101788 When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cle ... oval:org.secpod.oval:def:2102412 pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. oval:org.secpod.oval:def:2102411 Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1 ... oval:org.secpod.oval:def:2102407 Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. oval:org.secpod.oval:def:2102406 Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. oval:org.secpod.oval:def:2102408 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certif ... oval:org.secpod.oval:def:2102403 Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. oval:org.secpod.oval:def:2101797 Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS r ... oval:org.secpod.oval:def:2102405 This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw ex ... oval:org.secpod.oval:def:2101799 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic ... oval:org.secpod.oval:def:2102404 Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. oval:org.secpod.oval:def:2103512 A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. oval:org.secpod.oval:def:2103511 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user"s process (e.g., a system ba ... oval:org.secpod.oval:def:2103509 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created ... oval:org.secpod.oval:def:2103745 Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. oval:org.secpod.oval:def:2102413 Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZ ... oval:org.secpod.oval:def:2103746 freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. oval:org.secpod.oval:def:2103520 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. oval:org.secpod.oval:def:2103518 The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. oval:org.secpod.oval:def:2103516 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. oval:org.secpod.oval:def:2103515 libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. oval:org.secpod.oval:def:2100415 The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. oval:org.secpod.oval:def:2100416 The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. oval:org.secpod.oval:def:2100417 curl before version 7.51.0 doesn"t parse the authority component of the URL correctly when the host name part ends with a "#" character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to ... oval:org.secpod.oval:def:2100418 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end a ... oval:org.secpod.oval:def:2100411 The "globbing" feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. oval:org.secpod.oval:def:2100412 curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl"s implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. oval:org.secpod.oval:def:2100413 A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. oval:org.secpod.oval:def:2100414 The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. oval:org.secpod.oval:def:2100898 NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. oval:org.secpod.oval:def:2100431 A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials ... oval:org.secpod.oval:def:2100673 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. oval:org.secpod.oval:def:2100432 The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get e ... oval:org.secpod.oval:def:2102600 Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. oval:org.secpod.oval:def:2102602 Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. oval:org.secpod.oval:def:2100681 Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. oval:org.secpod.oval:def:2100439 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. oval:org.secpod.oval:def:2100433 The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. oval:org.secpod.oval:def:2100675 Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. oval:org.secpod.oval:def:2100434 A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. oval:org.secpod.oval:def:2100677 MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. oval:org.secpod.oval:def:2100678 Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. oval:org.secpod.oval:def:2100454 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a la ... oval:org.secpod.oval:def:2100687 An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. oval:org.secpod.oval:def:2105386 Oracle Solaris 11 - ( CVE-2020-2656 ) oval:org.secpod.oval:def:2101182 The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. oval:org.secpod.oval:def:2101072 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. oval:org.secpod.oval:def:2101087 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols ... oval:org.secpod.oval:def:2101102 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve ... oval:org.secpod.oval:def:2100766 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pr ... oval:org.secpod.oval:def:2101813 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where ... oval:org.secpod.oval:def:2101443 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot ... oval:org.secpod.oval:def:2101342 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise ... oval:org.secpod.oval:def:2101174 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. oval:org.secpod.oval:def:2103844 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network acces ... oval:org.secpod.oval:def:2103857 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to ... oval:org.secpod.oval:def:2103748 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols t ... oval:org.secpod.oval:def:2103602 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. oval:org.secpod.oval:def:2100400 An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks"s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered throug ... oval:org.secpod.oval:def:2107699 Oracle Solaris 11 - ( CVE-2022-30595 ) oval:org.secpod.oval:def:2100382 Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While th ... oval:org.secpod.oval:def:2105398 Oracle Solaris 11 - ( CVE-2019-5443 ) oval:org.secpod.oval:def:2101503 A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connectio ... oval:org.secpod.oval:def:2103387 zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contex ... oval:org.secpod.oval:def:2101629 gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. oval:org.secpod.oval:def:2100862 Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. oval:org.secpod.oval:def:2100702 Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. oval:org.secpod.oval:def:2101117 The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers ... oval:org.secpod.oval:def:2100366 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:2103566 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. oval:org.secpod.oval:def:2101252 An issue was discovered in Erlang/OTP 18.x. Erlang"s generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_a ... oval:org.secpod.oval:def:2103893 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. oval:org.secpod.oval:def:2103901 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. oval:org.secpod.oval:def:2103421 An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). oval:org.secpod.oval:def:2103100 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. oval:org.secpod.oval:def:2104570 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is m ... oval:org.secpod.oval:def:2103513 In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. oval:org.secpod.oval:def:2105116 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string"s length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. oval:org.secpod.oval:def:2107060 Oracle Solaris 11 - ( CVE-2016-20011 ) oval:org.secpod.oval:def:2107054 Oracle Solaris 11 - ( CVE-2020-10931 ) oval:org.secpod.oval:def:2107013 Oracle Solaris 11 - ( CVE-2020-7942 ) oval:org.secpod.oval:def:2106989 Oracle Solaris 11 - ( CVE-2021-22117 ) oval:org.secpod.oval:def:2107073 Oracle Solaris 11 - ( CVE-2021-2192 ) oval:org.secpod.oval:def:2107072 Oracle Solaris 11 - ( CVE-2021-2381 ) oval:org.secpod.oval:def:2107070 Oracle Solaris 11 - ( CVE-2021-35539 ) oval:org.secpod.oval:def:2107071 Oracle Solaris 11 - ( CVE-2021-35549 ) oval:org.secpod.oval:def:2107079 Oracle Solaris 11 - ( CVE-2022-21263 ) oval:org.secpod.oval:def:2107077 Oracle Solaris 11 - ( CVE-2022-21375 ) oval:org.secpod.oval:def:2107091 Oracle Solaris 11 - ( CVE-2022-21439 ) oval:org.secpod.oval:def:2107080 Oracle Solaris 11 - ( CVE-2022-21446 ) oval:org.secpod.oval:def:2107082 Oracle Solaris 11 - ( CVE-2022-21461 ) oval:org.secpod.oval:def:2107081 Oracle Solaris 11 - ( CVE-2022-21493 ) oval:org.secpod.oval:def:2107089 Oracle Solaris 11 - ( CVE-2022-21514 ) oval:org.secpod.oval:def:2107088 Oracle Solaris 11 - ( CVE-2022-21524 ) oval:org.secpod.oval:def:2107090 Oracle Solaris 11 - ( CVE-2022-21533 ) oval:org.secpod.oval:def:2107083 Oracle Solaris 11 - ( CVE-2022-21416 ) oval:org.secpod.oval:def:2107193 Oracle Solaris 11 - ( CVE-2022-21610 ) oval:org.secpod.oval:def:2107192 Oracle Solaris 11 - ( CVE-2022-39401 ) oval:org.secpod.oval:def:2107191 Oracle Solaris 11 - ( CVE-2022-39417 ) oval:org.secpod.oval:def:2108013 Oracle Solaris 11 - ( CVE-2021-37519 ) oval:org.secpod.oval:def:2102913 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. oval:org.secpod.oval:def:2107353 Oracle Solaris 11 - ( CVE-2022-37797 ) oval:org.secpod.oval:def:2106134 Oracle Solaris 11 - ( CVE-2020-12825 ) oval:org.secpod.oval:def:2101613 BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9 ... oval:org.secpod.oval:def:2107023 Oracle Solaris 11 - ( CVE-2021-3781 ) oval:org.secpod.oval:def:2108018 Oracle Solaris 11 - ( CVE-2021-33657 ) oval:org.secpod.oval:def:2107351 Oracle Solaris 11 - ( CVE-2022-3276 ) oval:org.secpod.oval:def:2101805 elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related t ... oval:org.secpod.oval:def:2107945 Oracle Solaris 11 - ( CVE-2022-44792 ) oval:org.secpod.oval:def:2105004 Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). oval:org.secpod.oval:def:2105074 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:2105124 GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window ... oval:org.secpod.oval:def:2105165 rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. oval:org.secpod.oval:def:2104543 Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proces ... oval:org.secpod.oval:def:2107333 Oracle Solaris 11 - ( CVE-2022-0718 ) oval:org.secpod.oval:def:2108040 Oracle Solaris 11 - ( CVE-2021-3575 ) oval:org.secpod.oval:def:2108063 Oracle Solaris 11 - ( CVE-2022-37290 ) oval:org.secpod.oval:def:2107202 Oracle Solaris 11 - ( CVE-2022-3515 ) oval:org.secpod.oval:def:2107959 Oracle Solaris 11 - ( CVE-2022-48303 ) oval:org.secpod.oval:def:2107074 Oracle Solaris 11 - ( CVE-2021-43395 ) oval:org.secpod.oval:def:2107865 Oracle Solaris 11 - ( CVE-2021-46823 ) oval:org.secpod.oval:def:2107343 Oracle Solaris 11 - ( CVE-2022-36113 ) oval:org.secpod.oval:def:2102906 libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. oval:org.secpod.oval:def:2108259 Oracle Solaris 11 - ( CVE-2021-44917 ) oval:org.secpod.oval:def:2100733 (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump ... oval:org.secpod.oval:def:2105264 The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecifie ... oval:org.secpod.oval:def:2108156 Oracle Solaris 11 - ( CVE-2021-46784 ) oval:org.secpod.oval:def:2100921 Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted ... oval:org.secpod.oval:def:2107902 Oracle Solaris 11 - ( CVE-2022-29885 ) oval:org.secpod.oval:def:2108137 Oracle Solaris 11 - ( CVE-2022-3924 ) oval:org.secpod.oval:def:93821 Oracle Solaris 11 - ( CVE-2023-31284 ) oval:org.secpod.oval:def:2104605 FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. oval:org.secpod.oval:def:2107925 Oracle Solaris 11 - ( CVE-2022-4883 ) oval:org.secpod.oval:def:2107808 Oracle Solaris 11 - ( CVE-2022-42898 ) oval:org.secpod.oval:def:2107181 Oracle Solaris 11 - ( CVE-2021-44227 ) oval:org.secpod.oval:def:2107058 Oracle Solaris 11 - ( CVE-2021-36222 ) oval:org.secpod.oval:def:2106987 Oracle Solaris 11 - ( CVE-2020-36318 ) oval:org.secpod.oval:def:2107717 Oracle Solaris 11 - ( CVE-2022-1328 ) oval:org.secpod.oval:def:2104574 "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion f ... oval:org.secpod.oval:def:2105007 The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. oval:org.secpod.oval:def:2104581 To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update ... oval:org.secpod.oval:def:2107368 Oracle Solaris 11 - ( CVE-2022-46882 ) oval:org.secpod.oval:def:2107198 Oracle Solaris 11 - ( CVE-2023-21896 ) oval:org.secpod.oval:def:2107194 Oracle Solaris 11 - ( CVE-2023-21900 ) oval:org.secpod.oval:def:2107200 Oracle Solaris 11 - ( CVE-2023-21928 ) oval:org.secpod.oval:def:2107195 Oracle Solaris 11 - ( CVE-2023-21985 ) oval:org.secpod.oval:def:2107199 Oracle Solaris 11 - ( CVE-2023-21984 ) oval:org.secpod.oval:def:2107975 Oracle Solaris 11 - ( CVE-2022-46663 ) oval:org.secpod.oval:def:2107960 Oracle Solaris 11 - ( CVE-2022-40897 ) oval:org.secpod.oval:def:2107371 Oracle Solaris 11 - ( CVE-2022-45063 ) oval:org.secpod.oval:def:2107349 Oracle Solaris 11 - ( CVE-2021-46848 ) oval:org.secpod.oval:def:2107328 Oracle Solaris 11 - ( CVE-2022-2928 ) oval:org.secpod.oval:def:2107354 Oracle Solaris 11 - ( CVE-2022-3204 ) oval:org.secpod.oval:def:2107873 Oracle Solaris 11 - ( CVE-2022-36087 ) oval:org.secpod.oval:def:2107805 Oracle Solaris 11 - ( CVE-2022-1271 ) oval:org.secpod.oval:def:2107908 Oracle Solaris 11 - ( CVE-2022-2509 ) oval:org.secpod.oval:def:2107887 Oracle Solaris 11 - ( CVE-2022-2274 ) oval:org.secpod.oval:def:2107944 Oracle Solaris 11 - ( CVE-2022-28805 ) oval:org.secpod.oval:def:2107685 Oracle Solaris 11 - ( CVE-2022-26691 ) oval:org.secpod.oval:def:2107871 Oracle Solaris 11 - ( CVE-2022-1348 ) oval:org.secpod.oval:def:2107684 Oracle Solaris 11 - ( CVE-2022-1587 ) oval:org.secpod.oval:def:2107794 Oracle Solaris 11 - ( CVE-2022-24801 ) oval:org.secpod.oval:def:2107342 Oracle Solaris 11 - ( CVE-2022-1122 ) oval:org.secpod.oval:def:2107735 Oracle Solaris 11 - ( CVE-2022-24303 ) oval:org.secpod.oval:def:2107741 Oracle Solaris 11 - ( CVE-2022-24302 ) oval:org.secpod.oval:def:2107538 Oracle Solaris 11 - ( CVE-2021-4115 ) oval:org.secpod.oval:def:2107632 Oracle Solaris 11 - ( CVE-2022-0336 ) oval:org.secpod.oval:def:2107638 Oracle Solaris 11 - ( CVE-2022-21712 ) oval:org.secpod.oval:def:2107534 Oracle Solaris 11 - ( CVE-2022-24130 ) oval:org.secpod.oval:def:2107122 Oracle Solaris 11 - ( CVE-2021-44540 ) oval:org.secpod.oval:def:2107533 Oracle Solaris 11 - ( CVE-2021-43519 ) oval:org.secpod.oval:def:2106857 Oracle Solaris 11 - ( CVE-2021-42097 ) oval:org.secpod.oval:def:2106866 Oracle Solaris 11 - ( CVE-2021-42340 ) oval:org.secpod.oval:def:2107021 Oracle Solaris 11 - ( CVE-2021-40528 ) oval:org.secpod.oval:def:2107171 Oracle Solaris 11 - ( CVE-2021-39272 ) oval:org.secpod.oval:def:2107052 Oracle Solaris 11 - ( CVE-2021-36770 ) oval:org.secpod.oval:def:2107025 Oracle Solaris 11 - ( CVE-2021-3246 ) oval:org.secpod.oval:def:2107446 Oracle Solaris 11 - ( CVE-2021-41771 ) oval:org.secpod.oval:def:2107022 Oracle Solaris 11 - ( CVE-2021-35517 ) oval:org.secpod.oval:def:2107016 Oracle Solaris 11 - ( CVE-2021-30640 ) oval:org.secpod.oval:def:2107178 Oracle Solaris 11 - ( CVE-2021-27815 ) oval:org.secpod.oval:def:2107532 Oracle Solaris 11 - ( CVE-2021-0561 ) oval:org.secpod.oval:def:2107435 Oracle Solaris 11 - ( CVE-2020-29651 ) oval:org.secpod.oval:def:2106007 Oracle Solaris 11 - ( CVE-2020-1747 ) oval:org.secpod.oval:def:2105000 In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the "UnsafeLoader" has been introduced for backward compatibility with the function. oval:org.secpod.oval:def:2105446 Oracle Solaris 11 - ( CVE-2020-5313 ) oval:org.secpod.oval:def:2105393 Oracle Solaris 11 - ( CVE-2019-19203 ) oval:org.secpod.oval:def:2105274 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusi ... oval:org.secpod.oval:def:2105005 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. oval:org.secpod.oval:def:2105261 idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. oval:org.secpod.oval:def:2105275 ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. oval:org.secpod.oval:def:2104957 A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version ... oval:org.secpod.oval:def:2105154 libpng before 1.6.32 does not properly check the length of chunks against the user limit. oval:org.secpod.oval:def:2105296 Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, b ... oval:org.secpod.oval:def:2105258 The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed ... oval:org.secpod.oval:def:2105349 GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable v ... oval:org.secpod.oval:def:2105394 Oracle Solaris 11 - ( CVE-2019-17012 ) oval:org.secpod.oval:def:2104500 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. oval:org.secpod.oval:def:2105299 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may le ... oval:org.secpod.oval:def:2106851 Oracle Solaris 11 - ( CVE-2021-38503 ) oval:org.secpod.oval:def:2107115 Oracle Solaris 11 - ( CVE-2021-4140 ) oval:org.secpod.oval:def:2107653 Oracle Solaris 11 - ( CVE-2022-26381 ) oval:org.secpod.oval:def:2107418 Oracle Solaris 11 - ( CVE-2022-1097 ) oval:org.secpod.oval:def:2107798 Oracle Solaris 11 - ( CVE-2022-31736 ) oval:org.secpod.oval:def:2107905 Oracle Solaris 11 - ( CVE-2022-34484 ) oval:org.secpod.oval:def:2107732 Oracle Solaris 11 - ( CVE-2022-2200 ) oval:org.secpod.oval:def:2107909 Oracle Solaris 11 - ( CVE-2022-38472 ) oval:org.secpod.oval:def:2107881 Oracle Solaris 11 - ( CVE-2022-3032 ) oval:org.secpod.oval:def:2107827 Oracle Solaris 11 - ( CVE-2022-42927 ) oval:org.secpod.oval:def:2103372 _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. oval:org.secpod.oval:def:2107837 Oracle Solaris 11 - ( CVE-2022-23901 ) oval:org.secpod.oval:def:2108026 Oracle Solaris 11 - ( CVE-2021-3618 ) oval:org.secpod.oval:def:2107179 Oracle Solaris 11 - ( CVE-2021-39212 ) oval:org.secpod.oval:def:2107716 Oracle Solaris 11 - ( CVE-2021-4219 ) oval:org.secpod.oval:def:2107896 Oracle Solaris 11 - ( CVE-2022-36359 ) oval:org.secpod.oval:def:2106872 Oracle Solaris 11 - ( CVE-2018-14339 ) oval:org.secpod.oval:def:2105229 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. oval:org.secpod.oval:def:2107055 Oracle Solaris 11 - ( CVE-2021-22235 ) oval:org.secpod.oval:def:2107182 Oracle Solaris 11 - ( CVE-2021-39920 ) oval:org.secpod.oval:def:2107118 Oracle Solaris 11 - ( CVE-2021-4181 ) oval:org.secpod.oval:def:2107092 Oracle Solaris 11 - ( CVE-2022-0582 ) oval:org.secpod.oval:def:2107884 Oracle Solaris 11 - ( CVE-2022-3190 ) oval:org.secpod.oval:def:2107537 Oracle Solaris 11 - ( CVE-2021-3448 ) oval:org.secpod.oval:def:2107126 Oracle Solaris 11 - ( CVE-2021-3737 ) oval:org.secpod.oval:def:2107172 Oracle Solaris 11 - ( CVE-2021-3572 ) oval:org.secpod.oval:def:2106858 Oracle Solaris 11 - ( CVE-2021-42771 ) oval:org.secpod.oval:def:2107269 Oracle Solaris 11 - ( CVE-2022-2309 ) oval:org.secpod.oval:def:2107913 Oracle Solaris 11 - ( CVE-2022-2097 ) oval:org.secpod.oval:def:2108139 Oracle Solaris 11 - ( CVE-2022-4899 ) oval:org.secpod.oval:def:2107746 Oracle Solaris 11 - ( CVE-2021-21708 ) oval:org.secpod.oval:def:2107801 Oracle Solaris 11 - ( CVE-2022-29824 ) oval:org.secpod.oval:def:2107656 Oracle Solaris 11 - ( CVE-2022-0778 ) oval:org.secpod.oval:def:2107425 Oracle Solaris 11 - ( CVE-2022-23308 ) oval:org.secpod.oval:def:2107424 Oracle Solaris 11 - ( CVE-2022-22620 ) oval:org.secpod.oval:def:2107432 Oracle Solaris 11 - ( CVE-2021-45444 ) oval:org.secpod.oval:def:2107718 Oracle Solaris 11 - ( CVE-2022-1473 ) oval:org.secpod.oval:def:2107536 Oracle Solaris 11 - ( CVE-2021-4217 ) oval:org.secpod.oval:def:2107681 Oracle Solaris 11 - ( CVE-2022-34265 ) oval:org.secpod.oval:def:2107265 Oracle Solaris 11 - ( CVE-2022-40304 ) oval:org.secpod.oval:def:2100343 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Sudo). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of ... oval:org.secpod.oval:def:2103205 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:2100396 Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. oval:org.secpod.oval:def:2100751 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439. oval:org.secpod.oval:def:2100704 A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. oval:org.secpod.oval:def:2100906 A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerabilit ... oval:org.secpod.oval:def:2100924 Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. oval:org.secpod.oval:def:2100406 The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. oval:org.secpod.oval:def:2100887 Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. oval:org.secpod.oval:def:2102409 named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. oval:org.secpod.oval:def:2101512 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto ... oval:org.secpod.oval:def:2100683 named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. oval:org.secpod.oval:def:2100445 Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. oval:org.secpod.oval:def:2100689 Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an ar ... oval:org.secpod.oval:def:2108265 Oracle Solaris 11 - ( CVE-2021-33391 ) oval:org.secpod.oval:def:2108336 Oracle Solaris 11 - ( CVE-2022-31008 ) oval:org.secpod.oval:def:2108301 Oracle Solaris 11 - ( CVE-2022-37032 ) oval:org.secpod.oval:def:2108373 Oracle Solaris 11 - ( CVE-2023-22129 ) oval:org.secpod.oval:def:2107674 Oracle Solaris 11 - ( CVE-2022-0391 ) oval:org.secpod.oval:def:2108305 Oracle Solaris 11 - ( CVE-2023-26555 ) oval:org.secpod.oval:def:2107844 Oracle Solaris 11 - ( CVE-2022-1920 ) oval:org.secpod.oval:def:2108324 Oracle Solaris 11 - ( CVE-2023-40359 ) oval:org.secpod.oval:def:2108367 Oracle Solaris 11 - ( CVE-2023-4504 ) oval:org.secpod.oval:def:2107750 Oracle Solaris 11 - ( CVE-2022-23806 ) oval:org.secpod.oval:def:2107824 Oracle Solaris 11 - ( CVE-2022-42252 ) oval:org.secpod.oval:def:2107268 Oracle Solaris 11 - ( CVE-2022-45939 ) oval:org.secpod.oval:def:2105298 There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. oval:org.secpod.oval:def:2103261 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ... oval:org.secpod.oval:def:2103427 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to "/foo/" when the user requested "/foo") a specially crafted URL could be used to cause the redirect to be generated to any URI of the at ... oval:org.secpod.oval:def:2102304 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that poi ... oval:org.secpod.oval:def:2103380 django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. oval:org.secpod.oval:def:2102298 As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a resu ... oval:org.secpod.oval:def:2101475 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted r ... oval:org.secpod.oval:def:2100724 A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn mean ... oval:org.secpod.oval:def:2101505 The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. oval:org.secpod.oval:def:2101179 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original ... oval:org.secpod.oval:def:2100864 A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This c ... oval:org.secpod.oval:def:2100956 An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. oval:org.secpod.oval:def:2107209 Oracle Solaris 11 - ( CVE-2022-40898 ) oval:org.secpod.oval:def:2107170 Oracle Solaris 11 - ( CVE-2021-43332 ) oval:org.secpod.oval:def:2107151 Oracle Solaris 11 - ( CVE-2021-4008 ) oval:org.secpod.oval:def:2105280 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:2104603 Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. oval:org.secpod.oval:def:2104532 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many "P" characters. oval:org.secpod.oval:def:2105138 GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:2104517 binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be ex ... oval:org.secpod.oval:def:2105232 cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. oval:org.secpod.oval:def:2105192 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. oval:org.secpod.oval:def:2104563 Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. oval:org.secpod.oval:def:2105167 daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket o ... oval:org.secpod.oval:def:2104940 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. oval:org.secpod.oval:def:2104943 Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. oval:org.secpod.oval:def:2105791 Oracle Solaris 11 - ( CVE-2019-19221 ) oval:org.secpod.oval:def:2105304 Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. oval:org.secpod.oval:def:2105094 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. oval:org.secpod.oval:def:2104552 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. oval:org.secpod.oval:def:2104579 The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impa ... oval:org.secpod.oval:def:2105083 The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment v ... oval:org.secpod.oval:def:2104545 In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize ... oval:org.secpod.oval:def:2105420 Oracle Solaris 11 - ( CVE-2018-15861 ) oval:org.secpod.oval:def:2105234 GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. oval:org.secpod.oval:def:2104962 Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. oval:org.secpod.oval:def:2105125 The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. oval:org.secpod.oval:def:2105140 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. oval:org.secpod.oval:def:2105081 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. oval:org.secpod.oval:def:2105038 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible. oval:org.secpod.oval:def:2105058 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-31 ... oval:org.secpod.oval:def:2104502 A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the defa ... oval:org.secpod.oval:def:2104506 Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. oval:org.secpod.oval:def:2104535 Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. oval:org.secpod.oval:def:2104528 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. oval:org.secpod.oval:def:2105235 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. oval:org.secpod.oval:def:2105243 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. oval:org.secpod.oval:def:2105263 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. oval:org.secpod.oval:def:2105028 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible. oval:org.secpod.oval:def:2104586 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receive ... oval:org.secpod.oval:def:2105204 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. Th ... oval:org.secpod.oval:def:2107863 Oracle Solaris 11 - ( CVE-2022-29154 ) oval:org.secpod.oval:def:2105160 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:2104626 Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. oval:org.secpod.oval:def:2105145 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS ... oval:org.secpod.oval:def:2105075 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some ... oval:org.secpod.oval:def:2105099 libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage ... oval:org.secpod.oval:def:2104576 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. oval:org.secpod.oval:def:2104996 A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird ... oval:org.secpod.oval:def:2104994 A flaw in Thunderbird"s implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. oval:org.secpod.oval:def:2104525 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. oval:org.secpod.oval:def:2105024 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitra ... oval:org.secpod.oval:def:2105215 In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). oval:org.secpod.oval:def:2104638 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. oval:org.secpod.oval:def:2105361 It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. oval:org.secpod.oval:def:2105288 dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus ... oval:org.secpod.oval:def:2104522 The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet A ... oval:org.secpod.oval:def:2105259 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). oval:org.secpod.oval:def:2105257 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:2105269 tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. oval:org.secpod.oval:def:2105265 libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. oval:org.secpod.oval:def:2105194 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to com ... oval:org.secpod.oval:def:2105175 In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion"s svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. oval:org.secpod.oval:def:2104959 In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. oval:org.secpod.oval:def:2104627 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. oval:org.secpod.oval:def:2104635 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. oval:org.secpod.oval:def:2105110 A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the ... oval:org.secpod.oval:def:2105357 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. oval:org.secpod.oval:def:2105121 In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo ... oval:org.secpod.oval:def:2105123 In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. oval:org.secpod.oval:def:2105137 _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. oval:org.secpod.oval:def:2105107 It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. oval:org.secpod.oval:def:2105102 In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. oval:org.secpod.oval:def:2105270 SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. oval:org.secpod.oval:def:2105456 Oracle Solaris 11 - ( CVE-2020-6800 ) oval:org.secpod.oval:def:2107643 Oracle Solaris 11 - ( CVE-2022-24407 ) oval:org.secpod.oval:def:2107164 Oracle Solaris 11 - ( CVE-2019-14822 ) oval:org.secpod.oval:def:2106018 Oracle Solaris 11 - ( CVE-2020-12137 ) oval:org.secpod.oval:def:2105786 Oracle Solaris 11 - ( CVE-2019-18874 ) oval:org.secpod.oval:def:2104637 tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open ... oval:org.secpod.oval:def:2105353 An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. oval:org.secpod.oval:def:2105136 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. oval:org.secpod.oval:def:2105214 In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. oval:org.secpod.oval:def:2105359 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have t ... oval:org.secpod.oval:def:2105354 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A ... oval:org.secpod.oval:def:2105362 In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted wit ... oval:org.secpod.oval:def:2106985 Oracle Solaris 11 - ( CVE-2018-19490 ) oval:org.secpod.oval:def:2105203 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. oval:org.secpod.oval:def:2107901 Oracle Solaris 11 - ( CVE-2020-28196 ) oval:org.secpod.oval:def:2107176 Oracle Solaris 11 - ( CVE-2020-15250 ) oval:org.secpod.oval:def:2105370 pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. oval:org.secpod.oval:def:2107011 Oracle Solaris 11 - ( CVE-2021-20254 ) oval:org.secpod.oval:def:2107928 Oracle Solaris 11 - ( CVE-2023-0494 ) oval:org.secpod.oval:def:2107250 Oracle Solaris 11 - ( CVE-2022-46340 ) oval:org.secpod.oval:def:2108271 Oracle Solaris 11 - ( CVE-2023-0184 ) oval:org.secpod.oval:def:2107843 Oracle Solaris 11 - ( CVE-2022-2867 ) oval:org.secpod.oval:def:2107345 Oracle Solaris 11 - ( CVE-2022-3970 ) oval:org.secpod.oval:def:2108111 Oracle Solaris 11 - ( CVE-2023-3666 ) oval:org.secpod.oval:def:2107845 Oracle Solaris 11 - ( CVE-2022-26981 ) oval:org.secpod.oval:def:2107850 Oracle Solaris 11 - ( CVE-2022-24070 ) oval:org.secpod.oval:def:2107144 Oracle Solaris 11 - ( CVE-2021-30851 ) oval:org.secpod.oval:def:2107220 Oracle Solaris 11 - ( CVE-2022-45199 ) oval:org.secpod.oval:def:2101441 Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:2101463 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. oval:org.secpod.oval:def:2101464 Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. oval:org.secpod.oval:def:2101462 tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. oval:org.secpod.oval:def:2103577 The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. oval:org.secpod.oval:def:2101320 tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. oval:org.secpod.oval:def:2101321 tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. oval:org.secpod.oval:def:2101322 tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. oval:org.secpod.oval:def:2101323 tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." oval:org.secpod.oval:def:2101318 tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." oval:org.secpod.oval:def:2101316 tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn"t reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." oval:org.secpod.oval:def:2101324 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. oval:org.secpod.oval:def:2101341 tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." oval:org.secpod.oval:def:2100435 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-ba ... oval:org.secpod.oval:def:2108326 Oracle Solaris 11 - ( CVE-2023-3824 ) oval:org.secpod.oval:def:2108128 Oracle Solaris 11 - ( CVE-2023-1393 ) oval:org.secpod.oval:def:2108041 Oracle Solaris 11 - ( CVE-2023-26767 ) oval:org.secpod.oval:def:2106016 Oracle Solaris 11 - ( CVE-2020-12762 ) oval:org.secpod.oval:def:2107941 Oracle Solaris 11 - ( CVE-2023-1161 ) oval:org.secpod.oval:def:2108148 Oracle Solaris 11 - ( CVE-2023-2879 ) oval:org.secpod.oval:def:2108153 Oracle Solaris 11 - ( CVE-2023-3138 ) oval:org.secpod.oval:def:2108147 Oracle Solaris 11 - ( CVE-2023-28450 ) oval:org.secpod.oval:def:2108334 Oracle Solaris 11 - ( CVE-2023-31484 ) oval:org.secpod.oval:def:2108122 Oracle Solaris 11 - ( CVE-2023-28879 ) oval:org.secpod.oval:def:2108310 Oracle Solaris 11 - ( CVE-2023-3316 ) oval:org.secpod.oval:def:2108157 Oracle Solaris 11 - ( CVE-2023-31147 ) oval:org.secpod.oval:def:2107936 Oracle Solaris 11 - ( CVE-2021-43618 ) oval:org.secpod.oval:def:2108311 Oracle Solaris 11 - ( CVE-2023-37369 ) oval:org.secpod.oval:def:2108158 Oracle Solaris 11 - ( CVE-2023-34969 ) oval:org.secpod.oval:def:2107350 Oracle Solaris 11 - ( CVE-2022-39260 ) oval:org.secpod.oval:def:2107330 Oracle Solaris 11 - ( CVE-2022-42010 ) oval:org.secpod.oval:def:2105451 Oracle Solaris 11 - ( CVE-2019-1351 ) oval:org.secpod.oval:def:2107633 Oracle Solaris 11 - ( CVE-2020-25717 ) oval:org.secpod.oval:def:2102598 Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. oval:org.secpod.oval:def:2108020 Oracle Solaris 11 - ( CVE-2022-4743 ) oval:org.secpod.oval:def:2108298 Oracle Solaris 11 - ( CVE-2023-41164 ) oval:org.secpod.oval:def:2108108 Oracle Solaris 11 - ( CVE-2023-4056 ) oval:org.secpod.oval:def:2108337 Oracle Solaris 11 - ( CVE-2022-41409 ) oval:org.secpod.oval:def:2108307 Oracle Solaris 11 - ( CVE-2023-36054 ) oval:org.secpod.oval:def:2108322 Oracle Solaris 11 - ( CVE-2023-4156 ) oval:org.secpod.oval:def:2108264 Oracle Solaris 11 - ( CVE-2023-2004 ) oval:org.secpod.oval:def:2106986 Oracle Solaris 11 - ( CVE-2021-3497 ) oval:org.secpod.oval:def:2108304 Oracle Solaris 11 - ( CVE-2023-4874 ) oval:org.secpod.oval:def:2108121 Oracle Solaris 11 - ( CVE-2022-48337 ) oval:org.secpod.oval:def:2107207 Oracle Solaris 11 - ( CVE-2022-3094 ) oval:org.secpod.oval:def:2108263 Oracle Solaris 11 - ( CVE-2023-1981 ) oval:org.secpod.oval:def:2108029 Oracle Solaris 11 - ( CVE-2021-3618 ) oval:org.secpod.oval:def:2107232 Oracle Solaris 11 - ( CVE-2023-0412 ) oval:org.secpod.oval:def:2108274 Oracle Solaris 11 - ( CVE-2023-40217 ) oval:org.secpod.oval:def:2108280 Oracle Solaris 11 - ( CVE-2023-37327 ) oval:org.secpod.oval:def:2108270 Oracle Solaris 11 - ( CVE-2023-4863 ) oval:org.secpod.oval:def:2108329 Oracle Solaris 11 - ( CVE-2023-24805 ) oval:org.secpod.oval:def:2108019 Oracle Solaris 11 - ( CVE-2022-4904 ) oval:org.secpod.oval:def:2106980 Oracle Solaris 11 - ( CVE-2021-37701 ) oval:org.secpod.oval:def:2108261 Oracle Solaris 11 - ( CVE-2023-29499 ) oval:org.secpod.oval:def:2107724 Oracle Solaris 11 - ( CVE-2022-24765 ) oval:org.secpod.oval:def:2107839 Oracle Solaris 11 - ( CVE-2022-40674 ) oval:org.secpod.oval:def:2107356 Oracle Solaris 11 - ( CVE-2022-43680 ) oval:org.secpod.oval:def:2107539 Oracle Solaris 11 - ( CVE-2022-23852 ) oval:org.secpod.oval:def:2107821 Oracle Solaris 11 - ( CVE-2022-41323 ) oval:org.secpod.oval:def:2107994 Oracle Solaris 11 - ( CVE-2023-23969 ) oval:org.secpod.oval:def:2106960 Oracle Solaris 11 - ( CVE-2021-25219 ) oval:org.secpod.oval:def:2107899 Oracle Solaris 11 - ( CVE-2022-2881 ) oval:org.secpod.oval:def:2107421 Oracle Solaris 11 - ( CVE-2022-28346 ) oval:org.secpod.oval:def:2107635 Oracle Solaris 11 - ( CVE-2022-23833 ) oval:org.secpod.oval:def:2107161 Oracle Solaris 11 - ( CVE-2021-44420 ) oval:org.secpod.oval:def:2107123 Oracle Solaris 11 - ( CVE-2021-45115 ) oval:org.secpod.oval:def:2107530 Oracle Solaris 11 - ( CVE-2021-25220 ) oval:org.secpod.oval:def:2107259 Oracle Solaris 11 - ( CVE-2022-25255 ) oval:org.secpod.oval:def:2107098 Oracle Solaris 11 - ( CVE-2021-43818 ) oval:org.secpod.oval:def:2107049 Oracle Solaris 11 - ( CVE-2021-22921 ) oval:org.secpod.oval:def:2107005 Oracle Solaris 11 - ( CVE-2021-3580 ) oval:org.secpod.oval:def:2104510 In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. oval:org.secpod.oval:def:2107667 Oracle Solaris 11 - ( CVE-2022-22720 ) oval:org.secpod.oval:def:2104597 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. oval:org.secpod.oval:def:2107137 Oracle Solaris 11 - ( CVE-2021-44790 ) oval:org.secpod.oval:def:2108014 Oracle Solaris 11 - ( CVE-2023-31047 ) oval:org.secpod.oval:def:2103604 Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. oval:org.secpod.oval:def:2107702 Oracle Solaris 11 - ( CVE-2022-1292 ) oval:org.secpod.oval:def:2103360 When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap v ... oval:org.secpod.oval:def:2107725 Oracle Solaris 11 - ( CVE-2022-31813 ) oval:org.secpod.oval:def:2103537 The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it w ... oval:org.secpod.oval:def:2102043 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across ... oval:org.secpod.oval:def:2108115 Oracle Solaris 11 - ( CVE-2023-36053 ) oval:org.secpod.oval:def:2108366 Oracle Solaris 11 - ( CVE-2023-41081 ) oval:org.secpod.oval:def:2106130 Oracle Solaris 11 - ( CVE-2020-10531 ) oval:org.secpod.oval:def:2107225 Oracle Solaris 11 - ( CVE-2022-36760 ) oval:org.secpod.oval:def:2105055 Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, ... oval:org.secpod.oval:def:2107009 Oracle Solaris 11 - ( CVE-2021-35940 ) oval:org.secpod.oval:def:2108161 Oracle Solaris 11 - ( CVE-2023-32681 ) oval:org.secpod.oval:def:2108374 Oracle Solaris 11 - ( CVE-2023-22128 ) oval:org.secpod.oval:def:2102799 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:2104580 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim"s clock. oval:org.secpod.oval:def:2100695 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. oval:org.secpod.oval:def:2103418 The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. oval:org.secpod.oval:def:2102700 The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. oval:org.secpod.oval:def:2100960 Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. oval:org.secpod.oval:def:2100962 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. oval:org.secpod.oval:def:2101438 The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. oval:org.secpod.oval:def:2101163 XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. oval:org.secpod.oval:def:2103364 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS ... oval:org.secpod.oval:def:2105407 Oracle Solaris 11 - ( CVE-2019-13057 ) oval:org.secpod.oval:def:2105422 Oracle Solaris 11 - ( CVE-2019-19553 ) oval:org.secpod.oval:def:2103407 The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. oval:org.secpod.oval:def:2100395 Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Succe ... oval:org.secpod.oval:def:2103430 Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. oval:org.secpod.oval:def:2105455 Oracle Solaris 11 - ( CVE-2019-19269 ) oval:org.secpod.oval:def:2105392 Oracle Solaris 11 - ( CVE-2019-9579 ) oval:org.secpod.oval:def:2103616 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. oval:org.secpod.oval:def:2102302 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:2102301 The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. oval:org.secpod.oval:def:2102310 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. oval:org.secpod.oval:def:2103640 In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. oval:org.secpod.oval:def:2102309 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most ... oval:org.secpod.oval:def:2102303 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. oval:org.secpod.oval:def:2102696 The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). F ... oval:org.secpod.oval:def:2105382 Oracle Solaris 11 - ( CVE-2020-2558 ) oval:org.secpod.oval:def:61658 Oracle Solaris 11 - ( CVE-2020-2565 ) oval:org.secpod.oval:def:2103389 A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root pr ... oval:org.secpod.oval:def:2103900 NTP through 4.2.8p12 has a NULL Pointer Dereference. oval:org.secpod.oval:def:2101919 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application"s provide callback), which could lead to other private data from the heap to ... oval:org.secpod.oval:def:2108312 Oracle Solaris 11 - ( CVE-2023-38633 ) oval:org.secpod.oval:def:2107121 Oracle Solaris 11 - ( CVE-2021-41817 ) oval:org.secpod.oval:def:2107106 Oracle Solaris 11 - ( CVE-2021-45078 ) oval:org.secpod.oval:def:2107002 Oracle Solaris 11 - ( CVE-2021-3530 ) oval:org.secpod.oval:def:2105453 Oracle Solaris 11 - ( CVE-2019-16201 ) oval:org.secpod.oval:def:2101251 The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnut ... oval:org.secpod.oval:def:2102709 Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. oval:org.secpod.oval:def:2103873 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2 ... oval:org.secpod.oval:def:2103884 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on "port contention". oval:org.secpod.oval:def:2102710 The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. oval:org.secpod.oval:def:2100575 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed li ... oval:org.secpod.oval:def:2100467 If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users s ... oval:org.secpod.oval:def:2107042 Oracle Solaris 11 - ( CVE-2021-42013 ) oval:org.secpod.oval:def:2107204 Oracle Solaris 11 - ( CVE-2023-22809 ) oval:org.secpod.oval:def:2108313 Oracle Solaris 11 - ( CVE-2023-2975 ) oval:org.secpod.oval:def:2108143 Oracle Solaris 11 - ( CVE-2023-2650 ) oval:org.secpod.oval:def:2107985 Oracle Solaris 11 - ( CVE-2022-23521 ) oval:org.secpod.oval:def:2108262 Oracle Solaris 11 - ( CVE-2023-32762 ) oval:org.secpod.oval:def:2107939 Oracle Solaris 11 - ( CVE-2023-27320 ) oval:org.secpod.oval:def:2107690 Oracle Solaris 11 - ( CVE-2022-2319 ) oval:org.secpod.oval:def:2107185 Oracle Solaris 11 - ( CVE-2021-43537 ) oval:org.secpod.oval:def:2106967 Oracle Solaris 11 - ( CVE-2021-1817 ) oval:org.secpod.oval:def:2107257 Oracle Solaris 11 - ( CVE-2021-30860 ) oval:org.secpod.oval:def:2100437 Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. oval:org.secpod.oval:def:2108378 Oracle Solaris 11 - ( CVE-2023-43804 ) oval:org.secpod.oval:def:2108444 Oracle Solaris 11 - ( CVE-2023-46589 ) oval:org.secpod.oval:def:2108418 Oracle Solaris 11 - ( CVE-2023-5752 ) oval:org.secpod.oval:def:2108441 Oracle Solaris 11 - ( CVE-2023-6207 ) oval:org.secpod.oval:def:2108431 Oracle Solaris 11 - ( CVE-2024-20920 ) oval:org.secpod.oval:def:2108430 Oracle Solaris 11 - ( CVE-2024-20946 ) oval:org.secpod.oval:def:2108046 Oracle Solaris 11 - ( CVE-2023-29007 ) oval:org.secpod.oval:def:2100450 It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. oval:org.secpod.oval:def:2107136 Oracle Solaris 11 - ( CVE-2021-43527 ) oval:org.secpod.oval:def:2108412 Oracle Solaris 11 - ( CVE-2023-5115 ) oval:org.secpod.oval:def:2108107 Oracle Solaris 11 - ( CVE-2023-29402 ) oval:org.secpod.oval:def:2107953 Oracle Solaris 11 - ( CVE-2023-23931 ) oval:org.secpod.oval:def:2106973 Oracle Solaris 11 - ( CVE-2020-25097 ) oval:org.secpod.oval:def:2105109 An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token"s value starts with a quote and ends wit ... oval:org.secpod.oval:def:2108423 Oracle Solaris 11 - ( CVE-2023-30584 ) oval:org.secpod.oval:def:2100345 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LFTP). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via FTP to compromise Solaris. Successful attacks of this vulnerabili ... oval:org.secpod.oval:def:2108071 Oracle Solaris 11 - ( CVE-2023-2731 ) oval:org.secpod.oval:def:2107996 Oracle Solaris 11 - ( CVE-2023-23918 ) oval:org.secpod.oval:def:2108119 Oracle Solaris 11 - ( CVE-2023-38403 ) oval:org.secpod.oval:def:2108113 Oracle Solaris 11 - ( CVE-2023-32005 ) oval:org.secpod.oval:def:2108267 Oracle Solaris 11 - ( CVE-2023-4057 ) oval:org.secpod.oval:def:2108273 Oracle Solaris 11 - ( CVE-2023-5217 ) oval:org.secpod.oval:def:2108375 Oracle Solaris 11 - ( CVE-2023-5168 ) oval:org.secpod.oval:def:2108331 Oracle Solaris 11 - ( CVE-2023-4584 ) oval:org.secpod.oval:def:2108294 Oracle Solaris 11 - ( CVE-2023-3341 ) oval:org.secpod.oval:def:2108043 Oracle Solaris 11 - ( CVE-2023-32324 ) oval:org.secpod.oval:def:2108136 Oracle Solaris 11 - ( CVE-2023-29491 ) oval:org.secpod.oval:def:2108154 Oracle Solaris 11 - ( CVE-2023-34241 ) oval:org.secpod.oval:def:2108141 Oracle Solaris 11 - ( CVE-2023-25193 ) oval:org.secpod.oval:def:2108369 Oracle Solaris 11 - ( CVE-2023-41080 ) oval:org.secpod.oval:def:2108383 Oracle Solaris 11 - ( CVE-2023-31122 ) oval:org.secpod.oval:def:2106854 Oracle Solaris 11 - ( CVE-2021-41617 ) oval:org.secpod.oval:def:2107217 Oracle Solaris 11 - ( CVE-2022-45143 ) oval:org.secpod.oval:def:2107834 Oracle Solaris 11 - ( CVE-2022-2207 ) oval:org.secpod.oval:def:2107429 Oracle Solaris 11 - ( CVE-2021-4173 ) oval:org.secpod.oval:def:2107148 Oracle Solaris 11 - ( CVE-2021-3770 ) oval:org.secpod.oval:def:2100745 vim before patch 8.0.0056 does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. oval:org.secpod.oval:def:2102702 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /e ... oval:org.secpod.oval:def:2107262 Oracle Solaris 11 - ( CVE-2022-2816 ) oval:org.secpod.oval:def:2108125 Oracle Solaris 11 - ( CVE-2023-0049 ) oval:org.secpod.oval:def:2107026 Oracle Solaris 11 - ( CVE-2021-29970 ) oval:org.secpod.oval:def:2106968 Oracle Solaris 11 - ( CVE-2021-3518 ) oval:org.secpod.oval:def:2107078 Oracle Solaris 11 - ( CVE-2022-21271 ) oval:org.secpod.oval:def:2107019 Oracle Solaris 11 - ( CVE-2008-2711 ) oval:org.secpod.oval:def:2107166 Oracle Solaris 11 - ( CVE-2016-2124 ) oval:org.secpod.oval:def:2106962 Oracle Solaris 11 - ( CVE-2020-26950 ) oval:org.secpod.oval:def:2106019 Oracle Solaris 11 - ( CVE-2020-12399 ) oval:org.secpod.oval:def:2105216 An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided ... oval:org.secpod.oval:def:2105224 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator"s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability ... oval:org.secpod.oval:def:2107791 Oracle Solaris 11 - ( CVE-2022-25762 ) oval:org.secpod.oval:def:2102601 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. oval:org.secpod.oval:def:2103400 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a "-" character. oval:org.secpod.oval:def:2103349 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:2104564 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. oval:org.secpod.oval:def:2100344 The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. oval:org.secpod.oval:def:2100338 The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. oval:org.secpod.oval:def:2101284 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. ... oval:org.secpod.oval:def:2103411 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting"s documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad ... oval:org.secpod.oval:def:2105193 Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. oval:org.secpod.oval:def:2103534 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default val ... oval:org.secpod.oval:def:2103546 The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as ... oval:org.secpod.oval:def:2102088 In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. oval:org.secpod.oval:def:2102294 In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. oval:org.secpod.oval:def:2102296 The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of th ... oval:org.secpod.oval:def:2101910 An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. oval:org.secpod.oval:def:2101666 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends ... oval:org.secpod.oval:def:2101165 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. oval:org.secpod.oval:def:2101141 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. oval:org.secpod.oval:def:2102690 os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temp ... oval:org.secpod.oval:def:2107989 Oracle Solaris 11 - ( CVE-2023-0215 ) oval:org.secpod.oval:def:2108438 Oracle Solaris 11 - ( CVE-2023-2610 ) oval:org.secpod.oval:def:2107722 Oracle Solaris 11 - ( CVE-2022-30333 ) oval:org.secpod.oval:def:2108372 Oracle Solaris 11 - ( CVE-2023-40477 ) oval:org.secpod.oval:def:2108297 Oracle Solaris 11 - ( CVE-2023-39322 ) oval:org.secpod.oval:def:2108425 Oracle Solaris 11 - ( CVE-2023-46137 ) oval:org.secpod.oval:def:2107969 Oracle Solaris 11 - ( CVE-2022-39348 ) oval:org.secpod.oval:def:2107278 Oracle Solaris 11 - ( CVE-2022-32189 ) oval:org.secpod.oval:def:2108399 Oracle Solaris 11 - ( CVE-2023-44487 ) oval:org.secpod.oval:def:2108302 Oracle Solaris 11 - ( CVE-2023-2953 ) oval:org.secpod.oval:def:2108434 Oracle Solaris 11 - ( CVE-2023-49083 ) oval:org.secpod.oval:def:2108319 Oracle Solaris 11 - ( CVE-2023-4511 ) oval:org.secpod.oval:def:2107838 Oracle Solaris 11 - ( CVE-2022-27404 ) oval:org.secpod.oval:def:2108432 Oracle Solaris 11 - ( CVE-2023-43115 ) oval:org.secpod.oval:def:2108009 Oracle Solaris 11 - ( CVE-2023-24998 ) oval:org.secpod.oval:def:2107833 Oracle Solaris 11 - ( CVE-2022-3597 ) oval:org.secpod.oval:def:2107974 Oracle Solaris 11 - ( CVE-2023-28486 ) oval:org.secpod.oval:def:2107980 Oracle Solaris 11 - ( CVE-2022-24963 ) oval:org.secpod.oval:def:2107998 Oracle Solaris 11 - ( CVE-2023-25690 ) oval:org.secpod.oval:def:2108023 Oracle Solaris 11 - ( CVE-2022-4743 ) oval:org.secpod.oval:def:2108037 Oracle Solaris 11 - ( CVE-2023-34416 ) oval:org.secpod.oval:def:2108042 Oracle Solaris 11 - ( CVE-2023-1999 ) oval:org.secpod.oval:def:2107986 Oracle Solaris 11 - ( CVE-2023-23598 ) oval:org.secpod.oval:def:2108260 Oracle Solaris 11 - ( CVE-2023-1906 ) oval:org.secpod.oval:def:2108306 Oracle Solaris 11 - ( CVE-2023-3428 ) oval:org.secpod.oval:def:2108414 Oracle Solaris 11 - ( CVE-2023-44271 ) oval:org.secpod.oval:def:2108065 Oracle Solaris 11 - ( CVE-2023-30608 ) oval:org.secpod.oval:def:2108045 Oracle Solaris 11 - ( CVE-2023-24539 ) oval:org.secpod.oval:def:2108012 Oracle Solaris 11 - ( CVE-2023-0795 ) oval:org.secpod.oval:def:2107095 Oracle Solaris 11 - ( CVE-2022-22815 ) oval:org.secpod.oval:def:2106999 Oracle Solaris 11 - ( CVE-2021-23437 ) oval:org.secpod.oval:def:2108072 Oracle Solaris 11 - ( CVE-2022-41716 ) oval:org.secpod.oval:def:2108021 Oracle Solaris 11 - ( CVE-2022-4743 ) oval:org.secpod.oval:def:2108151 Oracle Solaris 11 - ( CVE-2023-30581 ) oval:org.secpod.oval:def:2108296 Oracle Solaris 11 - ( CVE-2023-38545 ) oval:org.secpod.oval:def:2107938 Oracle Solaris 11 - ( CVE-2022-42916 ) oval:org.secpod.oval:def:2107341 Oracle Solaris 11 - ( CVE-2022-36227 ) oval:org.secpod.oval:def:2107145 Oracle Solaris 11 - ( CVE-2021-3968 ) oval:org.secpod.oval:def:2107723 Oracle Solaris 11 - ( CVE-2022-27779 ) oval:org.secpod.oval:def:2107738 Oracle Solaris 11 - ( CVE-2018-1000007 ) oval:org.secpod.oval:def:2107235 Oracle Solaris 11 - ( CVE-2018-25032 ) oval:org.secpod.oval:def:2107440 Oracle Solaris 11 - ( CVE-2021-22946 ) oval:org.secpod.oval:def:2107015 Oracle Solaris 11 - ( CVE-2021-22922 ) oval:org.secpod.oval:def:2107034 Oracle Solaris 11 - ( CVE-2021-3711 ) oval:org.secpod.oval:def:2106974 Oracle Solaris 11 - ( CVE-2021-22901 ) oval:org.secpod.oval:def:2107029 Oracle Solaris 11 - ( CVE-2019-17543 ) oval:org.secpod.oval:def:2101656 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. oval:org.secpod.oval:def:2105303 In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. oval:org.secpod.oval:def:2104629 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. oval:org.secpod.oval:def:2104625 ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. oval:org.secpod.oval:def:2102049 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). oval:org.secpod.oval:def:2103384 In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. oval:org.secpod.oval:def:2105297 In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. oval:org.secpod.oval:def:2105056 In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. oval:org.secpod.oval:def:2105057 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:2107168 Oracle Solaris 11 - ( CVE-2021-40812 ) oval:org.secpod.oval:def:2108450 Oracle Solaris 11 - ( CVE-2024-24680 ) oval:org.secpod.oval:def:2107329 Oracle Solaris 11 - ( CVE-2022-32207 ) oval:org.secpod.oval:def:2107977 Oracle Solaris 11 - ( CVE-2022-46908 ) oval:org.secpod.oval:def:2108517 Oracle Solaris 11 - ( CVE-2023-39615 ) oval:org.secpod.oval:def:2108058 Oracle Solaris 11 - ( CVE-2023-28484 ) oval:org.secpod.oval:def:2107180 Oracle Solaris 11 - ( CVE-2021-4034 ) oval:org.secpod.oval:def:2107927 Oracle Solaris 11 - ( CVE-2023-31284 ) oval:org.secpod.oval:def:2107912 Oracle Solaris 11 - ( CVE-2022-26373 ) oval:org.secpod.oval:def:2108309 Oracle Solaris 11 - ( CVE-2022-23825 ) oval:org.secpod.oval:def:2107812 Oracle Solaris 11 - ( CVE-2022-37454 ) oval:org.secpod.oval:def:2107817 Oracle Solaris 11 - ( CVE-2015-20107 ) oval:org.secpod.oval:def:2107846 Oracle Solaris 11 - ( CVE-2020-10735 ) oval:org.secpod.oval:def:2107357 Oracle Solaris 11 - ( CVE-2022-45061 ) oval:org.secpod.oval:def:2107321 Oracle Solaris 11 - ( CVE-2022-32221 ) oval:org.secpod.oval:def:2108338 Oracle Solaris 11 - ( CVE-2023-24329 ) oval:org.secpod.oval:def:2107109 Oracle Solaris 11 - ( CVE-2021-33430 ) oval:org.secpod.oval:def:2106995 Oracle Solaris 11 - ( CVE-2021-22959 ) oval:org.secpod.oval:def:2107687 Oracle Solaris 11 - ( CVE-2022-32213 ) oval:org.secpod.oval:def:2107858 Oracle Solaris 11 - ( CVE-2022-3602 ) oval:org.secpod.oval:def:2107133 Oracle Solaris 11 - ( CVE-2022-21824 ) oval:org.secpod.oval:def:2107967 Oracle Solaris 11 - ( CVE-2020-23903 ) oval:org.secpod.oval:def:2107879 Oracle Solaris 11 - ( CVE-2021-42574 ) oval:org.secpod.oval:def:2107895 Oracle Solaris 11 - ( CVE-2022-37434 ) oval:org.secpod.oval:def:2107433 Oracle Solaris 11 - ( CVE-2022-0729 ) oval:org.secpod.oval:def:2107864 Oracle Solaris 11 - ( CVE-2022-29458 ) oval:org.secpod.oval:def:2108016 Oracle Solaris 11 - ( CVE-2023-31047 ) oval:org.secpod.oval:def:2108047 Oracle Solaris 11 - ( CVE-2023-21980 ) oval:org.secpod.oval:def:2107713 Oracle Solaris 11 - ( CVE-2022-0943 ) oval:org.secpod.oval:def:2108124 Oracle Solaris 11 - ( CVE-2023-23914 ) oval:org.secpod.oval:def:2107698 Oracle Solaris 11 - ( CVE-2022-28739 ) oval:org.secpod.oval:def:2107006 Oracle Solaris 11 - ( CVE-2021-36690 ) oval:org.secpod.oval:def:2107064 Oracle Solaris 11 - ( CVE-2021-40145 ) oval:org.secpod.oval:def:2107160 Oracle Solaris 11 - ( CVE-2021-42717 ) oval:org.secpod.oval:def:2105209 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. oval:org.secpod.oval:def:2107069 Oracle Solaris 11 - ( CVE-2020-8694 ) oval:org.secpod.oval:def:2106006 Oracle Solaris 11 - ( CVE-2018-12207 ) oval:org.secpod.oval:def:2100114 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. oval:org.secpod.oval:def:2105100 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:2103448 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. oval:org.secpod.oval:def:2104551 In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. oval:org.secpod.oval:def:2107830 Oracle Solaris 11 - ( CVE-2022-31630 ) oval:org.secpod.oval:def:2103419 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. oval:org.secpod.oval:def:2103442 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an ... oval:org.secpod.oval:def:2107892 Oracle Solaris 11 - ( CVE-2022-31627 ) oval:org.secpod.oval:def:2105452 Oracle Solaris 11 - ( CVE-2019-11044 ) oval:org.secpod.oval:def:2108005 Oracle Solaris 11 - ( CVE-2023-0568 ) oval:org.secpod.oval:def:2107188 Oracle Solaris 11 - ( CVE-2021-21707 ) oval:org.secpod.oval:def:2106869 Oracle Solaris 11 - ( CVE-2021-21703 ) oval:org.secpod.oval:def:2103558 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac1 ... oval:org.secpod.oval:def:2105112 Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. oval:org.secpod.oval:def:2105272 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. oval:org.secpod.oval:def:2107066 Oracle Solaris 11 - ( CVE-2021-21704 ) oval:org.secpod.oval:def:2104978 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:2103889 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. oval:org.secpod.oval:def:2105008 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of t ... oval:org.secpod.oval:def:2105039 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. oval:org.secpod.oval:def:2103608 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. oval:org.secpod.oval:def:2103643 In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. oval:org.secpod.oval:def:2103385 An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:2100356 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. oval:org.secpod.oval:def:2100357 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store B ... oval:org.secpod.oval:def:2108167 Oracle Solaris 11 - ( CVE-2017-5715 ) oval:org.secpod.oval:def:2101792 An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunde ... oval:org.secpod.oval:def:2107810 Oracle Solaris 11 - ( CVE-2022-35256 ) oval:org.secpod.oval:def:2101490 While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. oval:org.secpod.oval:def:2105260 nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been f ... oval:org.secpod.oval:def:2105205 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:2105460 Oracle Solaris 11 - ( CVE-2019-12387 ) oval:org.secpod.oval:def:2105221 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname ... oval:org.secpod.oval:def:2105161 Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability ... oval:org.secpod.oval:def:2105173 Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. oval:org.secpod.oval:def:2105185 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with prox ... oval:org.secpod.oval:def:2100967 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to ... oval:org.secpod.oval:def:2104948 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:2104944 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they ... oval:org.secpod.oval:def:2102501 During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This ... oval:org.secpod.oval:def:2103585 Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are hand ... oval:org.secpod.oval:def:2104630 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. oval:org.secpod.oval:def:2104639 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lac ... oval:org.secpod.oval:def:2102064 CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) oval:org.secpod.oval:def:2105103 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time ... oval:org.secpod.oval:def:2105077 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. oval:org.secpod.oval:def:2101940 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks a ... oval:org.secpod.oval:def:2103913 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse. ... oval:org.secpod.oval:def:2103500 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib"s apop() method. An attacker could use this flaw to cause denial of service. oval:org.secpod.oval:def:2100679 There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is becau ... oval:org.secpod.oval:def:2101776 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. ... oval:org.secpod.oval:def:2101461 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif ... oval:org.secpod.oval:def:2101457 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. oval:org.secpod.oval:def:2101652 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. oval:org.secpod.oval:def:2103370 In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ... oval:org.secpod.oval:def:2101319 tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." oval:org.secpod.oval:def:2101140 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a cra ... oval:org.secpod.oval:def:2103897 The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. oval:org.secpod.oval:def:2104583 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulne ... oval:org.secpod.oval:def:2101452 ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery a ... oval:org.secpod.oval:def:2101189 The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. oval:org.secpod.oval:def:2101333 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted ... oval:org.secpod.oval:def:2100951 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. oval:org.secpod.oval:def:2100919 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to th ... oval:org.secpod.oval:def:2100923 sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. oval:org.secpod.oval:def:2101278 ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deseria ... oval:org.secpod.oval:def:2101298 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application"s outbound HTTP traff ... |