Download
| Alert*
oval:org.secpod.oval:def:1900920
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. oval:org.secpod.oval:def:1900417 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:704424 pixman: pixel-manipulation library for X and cairo pixman could be made to crash or run programs if it processed specially crafted instructions. oval:org.secpod.oval:def:1901391 dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service via a malformed DHCP response, aka interna ... oval:org.secpod.oval:def:1901115 dhcpcd before 6.10.0 allows remote attackers to cause a denial of service via vectors related to the option length. oval:org.secpod.oval:def:23613 nss: Network Security Service library NSS was updated to refresh the CA certificates bundle. oval:org.secpod.oval:def:33564 pam: Pluggable Authentication Modules Details: USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2935-1 introduced a reg ... oval:org.secpod.oval:def:32978 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:704186 ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Details: USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. We apolo ... oval:org.secpod.oval:def:21000 openjdk-7: Open Source Java implementation Details: USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. We apologize for the in ... oval:org.secpod.oval:def:1901396 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application"s unrestricted use of the render method and providing a .. in a pathname. NOTE: this vulnerability exists because of ... oval:org.secpod.oval:def:704148 amd64-microcode: Processor microcode firmware for AMD CPUs Details: USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 . Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS. We apologize for the inconvenien ... oval:org.secpod.oval:def:704287 linux: Linux kernel Details: USN-3741-1 introduced mitigations in the Linux kernel for Ubuntu 14.04 LTS to address L1 Terminal Fault vulnerabilities . Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications ... oval:org.secpod.oval:def:704165 ant: Java based build tool like make Apache Ant could be made to overwrite files. oval:org.secpod.oval:def:1901467 The ff_h2645_extract_rbsp function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:33378 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:42578 The host is installed with docker.io on Ubuntu 14.04 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow local attackers to conduct downgrade attacks and obtain authentication ... oval:org.secpod.oval:def:42577 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack. Successful exploitation could allow local users to gain privileges. oval:org.secpod.oval:def:43821 systemd: system and service manager Several security issues were fixed in systemd. oval:org.secpod.oval:def:704346 texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live. oval:org.secpod.oval:def:33563 pam: Pluggable Authentication Modules Several security issues were fixed in PAM. oval:org.secpod.oval:def:704869 firebird2.5: A full-featured, open source SQL database derived from Borland InterBase 6.0 Several security issues were fixed in Firebird. oval:org.secpod.oval:def:23948 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:24344 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:24345 libxml-libxml-perl: Perl interface to the libxml2 library XML::LibXML could be made to expose sensitive information. oval:org.secpod.oval:def:50338 Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. oval:org.secpod.oval:def:704161 policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit. oval:org.secpod.oval:def:1900830 Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application"s unrestricted use of the render method. oval:org.secpod.oval:def:702507 dpkg: Debian package management system dpkg could be tricked into bypassing source package signature checks. oval:org.secpod.oval:def:702983 libssh: A tiny C SSH library Several security issues were fixed in libssh. oval:org.secpod.oval:def:702988 cpio: a tool to manage archives of files Several security issues were fixed in GNU cpio. oval:org.secpod.oval:def:703834 ocaml: ML language implementation with a class-based object system OCaml applications could be made to crash, expose sensitive information, or run programs. oval:org.secpod.oval:def:701640 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702970 nettle: low level cryptographic library Several security issues were fixed in Nettle. oval:org.secpod.oval:def:39000 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:702979 xdelta3: Diff utility which works with binary files xdelta3 could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702978 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:701639 python-django: High-level Python web development framework Details: USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2169-1 introduced a regression in Djang ... oval:org.secpod.oval:def:702969 gtk+2.0: GTK+ graphical user interface library - gtk+3.0: GTK+ graphical user interface library GTK+ could be made to crash or run programs as your login if it processed a specially crafted image. oval:org.secpod.oval:def:702963 firefox: Mozilla Open Source web browser A same-origin-policy bypass was discovered in Firefox. oval:org.secpod.oval:def:702962 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:702961 firefox: Mozilla Open Source web browser Details: USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2880-1 introd ... oval:org.secpod.oval:def:702968 eog: Eye of GNOME graphics viewer program Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. oval:org.secpod.oval:def:703815 fontforge: font editor Several security issues were fixed in FontForge. oval:org.secpod.oval:def:702967 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:702966 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for CVE-2015-5252 introduced a regression in certain specific environments. This update fixes the problem. Original advisory USN-2855-1 introduced a regression in Samba. oval:org.secpod.oval:def:702941 rsync: fast, versatile, remote file-copying tool rsync could be made to write files outside of the expected directory. oval:org.secpod.oval:def:702940 ecryptfs-utils: eCryptfs cryptographic filesystem utilities mount.ecryptfs_private could be used to run programs as an administrator. oval:org.secpod.oval:def:702946 curl: HTTP, HTTPS, and FTP client and client libraries curl would incorrectly re-use credentials. oval:org.secpod.oval:def:702945 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702922 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702914 pygments: syntax highlighting package written in Python Pygments could be made to crash or run programs if it processed a specially crafted font request. oval:org.secpod.oval:def:702918 isc-dhcp: DHCP server and client DHCP server, client, or relay could be made to crash if they received specially crafted network traffic. oval:org.secpod.oval:def:702905 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:702909 ldb: LDAP-like embedded database Several security issues were fixed in ldb. oval:org.secpod.oval:def:41754 freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:702095 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement GnuPG could be made to hang if it processed a specially crafted message. oval:org.secpod.oval:def:49674 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:702085 cinder: OpenStack storage service OpenStack Cinder could be made to run programs as an administrator under certain conditions. oval:org.secpod.oval:def:702084 heat: OpenStack Orchestration Service OpenStack Heat would expose sensitive information over the network. oval:org.secpod.oval:def:702082 openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory USN-2232-1 ... oval:org.secpod.oval:def:702081 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2. oval:org.secpod.oval:def:702075 nova: OpenStack Compute cloud infrastructure Several security issues were fixed in OpenStack Nova. oval:org.secpod.oval:def:702078 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered source packages. oval:org.secpod.oval:def:702070 chkrootkit: rootkit detector chkrootkit could be made to run programs as an administrator. oval:org.secpod.oval:def:702062 openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem. Original advisory ... oval:org.secpod.oval:def:702066 dpkg: Debian package management system A malicious source package could write files outside the unpack directory. oval:org.secpod.oval:def:702058 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2 ... oval:org.secpod.oval:def:702045 mod-wsgi: Python WSGI adapter module for Apache mod_wsgi could be made to run programs as an administrator if it executes a specially crafted file. mod_wsgi could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702498 firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification. oval:org.secpod.oval:def:702497 mailman: Powerful, web-based mailing list manager Mailman could be made to run programs if it processed a specially crafted list name. oval:org.secpod.oval:def:702499 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702483 jakarta-taglibs-standard: Implementation of JSP Standard Tag Library Apache Standard Taglibs loaded external XML entities. oval:org.secpod.oval:def:702487 libgcrypt11: LGPL Crypto library - libgcrypt20: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:702489 tiff: Tag Image File Format library Details: USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for ... oval:org.secpod.oval:def:702488 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:702471 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702468 libxfont: X11 font rasterisation library libXfont could be made to crash or run programs as an administrator if it opened a specially crafted bdf font file. oval:org.secpod.oval:def:703313 libdbd-mysql-perl: Perl5 database interface to the MySQL database DBD::mysql could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:702453 firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated quot;-remotequot; command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ... oval:org.secpod.oval:def:702452 requests: elegant and simple HTTP library for Python Requests could be made to expose cookies over the network. oval:org.secpod.oval:def:702458 ecryptfs-utils: eCryptfs cryptographic filesystem utilities Sensitive information in encrypted home and Private directories could be exposed if an attacker gained access to your files. oval:org.secpod.oval:def:702455 sudo: Provide limited super user privileges to specific users Sudo would allow unintended access to files. oval:org.secpod.oval:def:703770 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:702449 linux: Linux kernel Details: USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original adviso ... oval:org.secpod.oval:def:702430 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703761 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 f ... oval:org.secpod.oval:def:702439 cups: Common UNIX Printing System CUPS could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:702421 xorg-server: X.Org X11 server - xorg-server-lts-utopic: X.Org X11 server - xorg-server-lts-trusty: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:702422 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702428 e2fsprogs: ext2/ext3/ext4 file system utilities e2fsprogs could be made to crash or run programs as an administrator if it processed a specially crafted filesystem image. oval:org.secpod.oval:def:702427 ca-certificates: Common CA certificates ca-certificates was updated to the 20141019 package. oval:org.secpod.oval:def:702410 krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:702894 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it processed an untrusted repository. oval:org.secpod.oval:def:702419 unzip: De-archiver for .zip files unzip could be made to run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702408 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:702884 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to run programs as the lp user if it processed a specially crafted print job. oval:org.secpod.oval:def:702407 binutils: GNU assembler, linker and binary utilities Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file. oval:org.secpod.oval:def:702406 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:702872 libsndfile: Library for reading/writing audio files libsndfile could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702870 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to run programs as the lp user if it processed a specially crafted print job. oval:org.secpod.oval:def:702873 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703726 gdb: GNU Debugger Several security issues were fixed in gdb. oval:org.secpod.oval:def:702878 cups: Common UNIX Printing System A security improvement has been made to CUPS. oval:org.secpod.oval:def:31641 krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:702623 unattended-upgrades: automatic installation of security upgrades An attacker could trick unattended-upgrades into installing altered packages. oval:org.secpod.oval:def:702625 tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:702624 python2.7: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:702619 linux: Linux kernel Details: The Fix for CVE-2015-1328 introduced a regression into the Linux kernel"s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory The system could be made to cr ... oval:org.secpod.oval:def:702612 wpa: client support for WPA and WPA2 - wpasupplicant: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to crash if they received specially crafted network traffic. oval:org.secpod.oval:def:702611 aptdaemon: transaction based package management service Aptdaemon could be made to expose sensitive information, or allow file access as the administrator. oval:org.secpod.oval:def:703942 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown . Unfortunately, that update introduced a regression where a few systems failed to boot successfully. T ... oval:org.secpod.oval:def:702610 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to run programs as an administrator. oval:org.secpod.oval:def:702615 linux-lts-utopic: Linux hardware enablement kernel from Utopic Details: The Fix for CVE-2015-1328 introduced a regression into the Linux kernel"s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Origi ... oval:org.secpod.oval:def:702614 patch: Apply a diff file to an original Several security issues were fixed in GNU patch. oval:org.secpod.oval:def:702613 devscripts: scripts to make the life of a Debian Package maintainer easier devscripts could be made to overwrite files. oval:org.secpod.oval:def:702609 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:702606 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703929 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty - linux-aws: Linux kernel for Amazon Web Services systems Details: USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented t ... oval:org.secpod.oval:def:703088 lcms2: Little CMS color management library Applications using the Little CMS library could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703072 libtasn1-6: Library to manage ASN.1 structures - libtasn1-3: Library to manage ASN.1 structures Libtasn1 could be made to hang if it processed specially crafted data. oval:org.secpod.oval:def:703065 poppler: PDF rendering library poppler could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703055 optipng: advanced PNG optimizer OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703054 firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2917-1 introduced several regressions in Firefox. oval:org.secpod.oval:def:703044 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Details: USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This ... oval:org.secpod.oval:def:703041 openjdk-7: Open Source Java implementation OpenJDK could be made to crash or run programs as your login if it received specially crafted input. oval:org.secpod.oval:def:703040 xchat-gnome: simple and featureful IRC client for GNOME XChat-GNOME could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702190 libreoffice: Office productivity suite LibreOffice Calc could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703049 firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This up ... oval:org.secpod.oval:def:703032 pam: Pluggable Authentication Modules Details: USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2935-1 introduced a reg ... oval:org.secpod.oval:def:703037 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702187 libgcrypt11: LGPL Crypto library Libgcrypt could expose sensitive information when performing decryption. oval:org.secpod.oval:def:703029 exim4: Exim is a mail transport agent Several security issues were fixed in Exim. oval:org.secpod.oval:def:703495 munin: Network-wide graphing framework Details: USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. Original advisory USN-3215-1 introduced a regression in Munin. oval:org.secpod.oval:def:703010 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:703492 munin: Network-wide graphing framework Munin could be made to overwrite files. oval:org.secpod.oval:def:703015 bsh: Java scripting environment BeanShell could be made to run programs if it processed specially crafted input. oval:org.secpod.oval:def:703014 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:703013 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703018 python-django: High-level Python web development framework Details: USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2915-1 introduced a regression in Django. oval:org.secpod.oval:def:702153 python-pycadf: implementation of DMTF Cloud Audit data model pyCADF could be made to expose sensitive information. oval:org.secpod.oval:def:703000 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Details: USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15 ... oval:org.secpod.oval:def:702152 serf: high-performance asynchronous HTTP client library Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:703002 gnutls26: GNU TLS library Details: USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory Updated GnuTLS packages are required for the USN-2913 ... oval:org.secpod.oval:def:703001 glib-networking: network-related giomodules for GLib Details: USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. Original advisory Updated glib-netw ... oval:org.secpod.oval:def:703008 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:703007 pixman: pixel-manipulation library for X and cairo pixman could be made to crash or run programs as your login if it processed specially crafted data. oval:org.secpod.oval:def:703005 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703009 python-django: High-level Python web development framework Details: USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory USN-2 ... oval:org.secpod.oval:def:702142 kde4libs: KDE 4 core applications and libraries kauth could be tricked into bypassing polkit authorizations. oval:org.secpod.oval:def:702146 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:702144 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:703475 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Tomcat could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:702143 unity: Interface designed for efficiency of space and interaction. The Unity lock screen could possibly be bypassed in certain circumstances. oval:org.secpod.oval:def:702139 lzo2: data compression library LZO could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:703451 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Details: USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advis ... oval:org.secpod.oval:def:703456 squid3: Web proxy cache server Squid could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702592 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:702591 strongswan: IPsec VPN solution strongSwan could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702117 liblwp-protocol-https-perl: HTTPS driver for LWP::UserAgent LWP::Protocol::https could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702116 transmission: lightweight BitTorrent client Transmission could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702115 miniupnpc: UPnP IGD client lightweight library client MiniUPnPc could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702586 t1utils: Collection of simple Type 1 font manipulation programs t1utils could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702584 openssl: Secure Socket Layer cryptographic library and tools The export cipher suites have been disabled in OpenSSL. oval:org.secpod.oval:def:702587 qt4-x11: Qt 4 libraries - qtbase-opensource-src: Qt 5 libraries Qt could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702571 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702570 python-dbusmock: mock D-Bus objects for tests python-dbusmock could be tricked into running arbitrary programs. oval:org.secpod.oval:def:702575 apport: automatically generate crash reports for debugging Apport could be tricked into creating arbitrary files as an administrator, resulting in privilege escalation. oval:org.secpod.oval:def:702572 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:702568 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703413 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702569 fuse: Filesystem in Userspace FUSE could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703880 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702553 linux-lts-utopic: Linux hardware enablement kernel from Utopic Details: USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes th ... oval:org.secpod.oval:def:702552 libmodule-signature-perl: module to manipulate CPAN SIGNATURE files Several security issues were fixed in Module::Signature. oval:org.secpod.oval:def:702555 libtasn1-6: Library to manage ASN.1 structures - libtasn1-3: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:702558 linux: Linux kernel Details: USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenien ... oval:org.secpod.oval:def:702540 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Dnsmasq could be made to crash or expose sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:703874 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:702548 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702532 network-manager: Network connection manager NetworkManager would allow unintended access to files and modem device configuration. oval:org.secpod.oval:def:702520 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702523 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702528 ppp: Point-to-Point Protocol ppp could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702993 oxide-qt: Web browser engine library for Qt Oxide could be made to bypass same-origin restrictions. oval:org.secpod.oval:def:702991 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702519 tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702518 usb-creator: create a startup disk using a CD or disc image usb-creator could be tricked into running programs as an administrator. oval:org.secpod.oval:def:702997 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Details: USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubunt ... oval:org.secpod.oval:def:702512 apport: automatically generate crash reports for debugging Details: USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more c ... oval:org.secpod.oval:def:702996 openssl: Secure Socket Layer cryptographic library and tools Details: USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. Original advisory Updated OpenSSL ... oval:org.secpod.oval:def:702511 apport: automatically generate crash reports for debugging Apport could be tricked into running programs as an administrator. oval:org.secpod.oval:def:702995 ca-certificates: Common CA certificates ca-certificates was updated to the 20160104 package. oval:org.secpod.oval:def:702510 libxrender: X11 Rendering Extension client library - libx11: X11 client-side library libx11 could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:702517 wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash, expose memory, or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702998 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Details: USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu ... oval:org.secpod.oval:def:702740 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702742 freetype: FreeType 2 is a font engine library Several security issues were fixed in FreeType. oval:org.secpod.oval:def:702747 unity-settings-daemon: daemon handling the Unity session settings Unity Settings Daemon would allow mounting removable media while the screen is locked. oval:org.secpod.oval:def:702736 openslp-dfsg: OpenSLP development files OpenSLP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702734 libvdpau: Video Decode and Presentation API for Unix libvdpau could be made to run programs as an administrator. oval:org.secpod.oval:def:702722 firefox: Mozilla Open Source web browser Details: USN-2702-1 fixed vulnerabilities in Firefox. After upgrading, some users in the US reported that their default search engine switched to Yahoo. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2702-1 introduced ... oval:org.secpod.oval:def:702721 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:702720 python-django: High-level Python web development framework Django could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702710 openssh: secure shell for secure access to remote machines Details: USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory USN-271 ... oval:org.secpod.oval:def:702713 pollinate: seed the pseudo random number generator in virtual machines The certificate bundled with pollinate has been refreshed. oval:org.secpod.oval:def:49022 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:702702 swift: OpenStack distributed virtual object store Several security issues were fixed in Swift. oval:org.secpod.oval:def:702294 apparmor: Linux security system apparmor_parser could allow applications that are confined by AppArmor to gain unintended access to resources. oval:org.secpod.oval:def:703136 glibc: GNU C Library - eglibc: GNU C Library Details: USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-201 ... oval:org.secpod.oval:def:702286 neutron: OpenStack Virtual Network Service OpenStack Neutron would allow unintended access to configuration over the network. oval:org.secpod.oval:def:702280 curl: HTTP, HTTPS, and FTP client and client libraries curl could expose sensitive information over the network. oval:org.secpod.oval:def:702260 requests: elegant and simple HTTP library for Python Requests could be made to expose authentication credentials over the network. oval:org.secpod.oval:def:703598 libytnef: improved decoder for application/ms-tnef attachments libytnef could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702265 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:702268 wget: retrieves files from the web Wget could be made to overwrite files. oval:org.secpod.oval:def:703580 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:703586 fop: XML formatter Apache Fop would allow unintended access to files over the network or could be made to crash. oval:org.secpod.oval:def:702254 pollinate: seed the pseudo random number generator in virtual machines The certificate bundled with pollinate has been refreshed. oval:org.secpod.oval:def:702259 wpa: client support for WPA and WPA2 - wpasupplicant: client support for WPA and WPA2 wpa_supplicant could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702258 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703589 batik: SVG Library Apache Batik would allow unintended access to files over the network or could be made to crash. oval:org.secpod.oval:def:702242 exuberant-ctags: build tag file indexes of source code definitions Exuberant Ctags could be made to consume resources. oval:org.secpod.oval:def:702248 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:702246 apt: Advanced front-end for dpkg APT could be made to overwrite files. oval:org.secpod.oval:def:702223 apt: Advanced front-end for dpkg APT could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702210 apt: Advanced front-end for dpkg Several security issues were fixed in APT. oval:org.secpod.oval:def:702214 nss: Network Security Service library NSS was updated to refresh the CA certificates bundle. oval:org.secpod.oval:def:702213 nginx: small, powerful, scalable web/proxy server nginx could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703532 audiofile: Open-source version of the SGI audiofile library audiofile could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702203 cups: Common UNIX Printing System CUPS could be made to expose sensitive information, leading to privilege escalation. oval:org.secpod.oval:def:702687 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:703534 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it explored a specially crafted repository. oval:org.secpod.oval:def:702208 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702207 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703520 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703522 pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703510 kde4libs: KDE 4 core applications and libraries KDE-Libs could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702652 nbd: Network Block Device protocol Several security issues were fixed in NBD. oval:org.secpod.oval:def:702650 lxc: Linux Containers userspace tools Several security issues were fixed in LXC. oval:org.secpod.oval:def:703981 puppet: Centralized configuration management Puppet could be made to crash or run programs. oval:org.secpod.oval:def:702659 hplip: HP Linux Printing and Imaging System HPLIP could be tricked into downloading a different GPG key when performing printer plugin installations. oval:org.secpod.oval:def:702640 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703974 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:702646 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:702630 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702639 libwmf: Windows metafile conversion tools libwmf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702860 gnutls26: GNU TLS library GnuTLS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702859 icedtea-web: A web browser plugin to execute Java applets Several security issues were fixed in IcedTea Web. oval:org.secpod.oval:def:702857 dpkg: Debian package management system dpkg-deb could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702856 python-django: High-level Python web development framework Django could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702849 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-304-updates: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340-updates: NVIDIA binary X.Org driver - nvidia-graphics-drivers-352: NVIDIA binary X.Org dri ... oval:org.secpod.oval:def:702846 strongswan: IPsec VPN solution strongSwan could be made to bypass authentication. oval:org.secpod.oval:def:702836 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant and hostapd. oval:org.secpod.oval:def:702833 unzip: De-archiver for .zip files Details: USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2788-1 introduced a regression in unzip. oval:org.secpod.oval:def:702823 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:702816 unzip: De-archiver for .zip files unzip could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702810 apport: automatically generate crash reports for debugging Apport could be made to run programs as an administrator. oval:org.secpod.oval:def:701960 rsync: fast, versatile, remote file-copying tool rsync could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:701961 python-django: High-level Python web development framework Django applications could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702812 audiofile: Open-source version of the SGI audiofile library audiofile could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701951 pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:701952 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701955 unity: Interface designed for efficiency of space and interaction. Details: USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue. We apologize for the inco ... oval:org.secpod.oval:def:701956 dpkg: Debian package management system A malicious source package could write files outside the unpack directory. oval:org.secpod.oval:def:702802 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:701947 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:701940 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:701941 dovecot: IMAP and POP3 email server Dovecot could be made to stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:701944 dpkg: Debian package management system Details: USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory A malicious source package could w ... oval:org.secpod.oval:def:701945 jbigkit: JBIG1 data compression library JBIG-KIT could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:701937 unity: Interface designed for efficiency of space and interaction. The Unity lock screen could be bypassed. oval:org.secpod.oval:def:701938 elfutils: collection of utilities to handle ELF objects elfutils could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:701936 cups-filters: OpenPrinting CUPS Filters Several security issues were fixed in cups-filters. oval:org.secpod.oval:def:701931 Ubuntu 14.04 is installed oval:org.secpod.oval:def:703258 imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2. oval:org.secpod.oval:def:702394 firefox: Mozilla Open Source web browser Details: USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-24 ... oval:org.secpod.oval:def:702398 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:703245 libidn: implementation of IETF IDN specifications Several security issues were fixed in Libidn. oval:org.secpod.oval:def:703244 harfbuzz: OpenType text shaping engine HarfBuzz could be made to crash or run programs as your login if it processed specially crafted data. oval:org.secpod.oval:def:702388 elfutils: collection of utilities to handle ELF objects elfutils could be made to overwrite files in the root directory if it received a specially crafted file. oval:org.secpod.oval:def:702387 unbound: validating, recursive, caching DNS resolver Unbound could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:702386 samba: SMB/CIFS file, print, and login server for Unix A security issue was fixed in Samba. oval:org.secpod.oval:def:702370 pyyaml: YAML parser and emitter for Python Applications using PyYAML could be made to crash if they received specially crafted input. oval:org.secpod.oval:def:702377 curl: HTTP, HTTPS, and FTP client and client libraries curl could be tricked into adding arbitrary requests when following certain URLs. oval:org.secpod.oval:def:702376 libyaml: Fast YAML 1.1 parser and emitter library Applications using LibYAML could be made to crash if they received specially crafted input. oval:org.secpod.oval:def:702379 libevent: Asynchronous event notification library libevent could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:702362 gtk+3.0: GTK+ graphical user interface library GTK+ improperly handled the menu key, possibly allowing lock screen bypass. oval:org.secpod.oval:def:702361 libyaml-libyaml-perl: Perl interface to libyaml, a YAML implementation Applications using libyaml-libyaml-perl could be made to crash if they received specially crafted input. oval:org.secpod.oval:def:703690 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt. oval:org.secpod.oval:def:702369 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it received specially crafted changes from a remote repository. oval:org.secpod.oval:def:702368 libssh: A tiny C SSH library libssh could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702367 coreutils: GNU core utilities date and touch could be made to crash or run programs if they handled specially crafted input. oval:org.secpod.oval:def:703214 kde4libs: KDE 4 core applications and libraries KDE-Libs could be made to overwrite files. oval:org.secpod.oval:def:702350 nss: Network Security Service library NSS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702353 cpio: a program to manage archives of files The GNU cpio program could be made to crash or run programs if it opened a specially crafted file or received specially crafted input. oval:org.secpod.oval:def:702352 mime-support: MIME support programs run-mailcap could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703204 pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702356 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703671 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:702344 linux-lts-utopic: Linux hardware enablement kernel from Utopic Details: USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original a ... oval:org.secpod.oval:def:702346 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702345 cgmanager: Central cgroup manager daemon cgmanager could be made to expose sensitive information or devices to containers running on the system. oval:org.secpod.oval:def:702330 mutt: text-based mailreader supporting MIME, GPG, PGP and threading The mutt mail client could be made to crash if it opened a specially crafted email. oval:org.secpod.oval:def:703661 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:702339 xorg-server: X.Org X11 server - xorg-server-lts-trusty: Xorg X server - source files Details: USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Original advisory USN-2436-1 con ... oval:org.secpod.oval:def:702321 tcpdump: command-line network traffic analyzer Several security issues were fixed in tcpdump. oval:org.secpod.oval:def:702320 maas: Ubuntu MAAS Server Details: USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2431-1 caused a regression in the MAAS package. oval:org.secpod.oval:def:702326 graphviz: rich set of graph drawing tools graphviz could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702790 pollinate: seed the pseudo random number generator in virtual machines Details: USN-2709-1 updated pollinate"s certificate for entropy.ubuntu.com but did not include a new certificate authority certificate. This update fixes the problem. We apologize for the inconvenience. Original advisory The syst ... oval:org.secpod.oval:def:702310 flac: Free Lossless Audio Codec FLAC could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702794 click: Click package manager Click could be made to allow malicious apps unintended access to the system. oval:org.secpod.oval:def:702793 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information across origins oval:org.secpod.oval:def:703640 puppet: Centralized configuration management Several security issues were fixed in Puppet. oval:org.secpod.oval:def:702315 mod-wsgi: Python WSGI adapter module for Apache mod_wsgi could be made to run programs with incorrect privileges. oval:org.secpod.oval:def:702796 miniupnpc: UPnP IGD client lightweight library An application using the MiniUPnP library could be made to crash or run programs as your login if it received specially crafted network traffic. oval:org.secpod.oval:def:702319 ppp: Point-to-Point Protocol ppp could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:702318 openvpn: virtual private network software OpenVPN could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702782 lxc: Linux Containers userspace tools Details: USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a "/./" directory specified as a bind mount target in their con ... oval:org.secpod.oval:def:702309 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:702306 squid3: Web proxy cache server Squid could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702789 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702771 lxc: Linux Containers userspace tools Details: USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had an absolute path specified as a bind mount target in their configuration file. This u ... oval:org.secpod.oval:def:702770 rpcbind: converts RPC program numbers into universal addresses rpcbind could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702776 firefox: Mozilla Open Source web browser Details: USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2743-1 intro ... oval:org.secpod.oval:def:702779 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702761 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-304-updates: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340-updates: NVIDIA binary X.Org driver - nvidia-graphics-drivers-346: NVIDIA binary X.Org dri ... oval:org.secpod.oval:def:702763 lxc: Linux Containers userspace tools LXC could be made to start containers without AppArmor confinement or access the host filesystem. oval:org.secpod.oval:def:703616 openjdk-7: Open Source Java implementation Details: USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3275-2 introduced a regression i ... oval:org.secpod.oval:def:702750 simplestreams: Library and tools for using Simple Streams data Applications using Simple Streams could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702754 simplestreams: Library and tools for using Simple Streams data Details: USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2746-1 intr ... oval:org.secpod.oval:def:703600 kde4libs: KDE 4 core applications and libraries KDE-Libs could be made to run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:702752 apport: automatically generate crash reports for debugging Apport could be made to crash or overwrite files as an administrator. oval:org.secpod.oval:def:54090 busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox. oval:org.secpod.oval:def:702964 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or run programs if it handled specially crafted data. oval:org.secpod.oval:def:702351 bsd-mailx: simple mail user agent bsd-mailx could be made to run programs if it parsed a specially crafted email address. oval:org.secpod.oval:def:1900848 Cross-site scripting vulnerability in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. oval:org.secpod.oval:def:703842 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:32230 sosreport: Set of tools to gather troubleshooting data from a system sosreport could be made to expose sensitive information or overwrite files as the administrator. oval:org.secpod.oval:def:703474 gtk-vnc: VNC viewer widget gtk-vnc could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702954 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:32820 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703395 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703389 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:38125 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:703852 horizon: Web interface for OpenStack cloud infrastructure OpenStack Horizon could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703191 gimp: The GNU Image Manipulation Program GIMP could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703127 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703126 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703117 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703116 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703119 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703528 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:702784 spice: SPICE protocol client and server library Spice could be made to crash or run programs. oval:org.secpod.oval:def:703856 glance: OpenStack Image Registry and Delivery Service Several security issues were fixed in OpenStack Glance. oval:org.secpod.oval:def:703841 nova: OpenStack Compute cloud infrastructure Several security issues were fixed in OpenStack Nova. oval:org.secpod.oval:def:702971 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702965 glibc: GNU C Library - eglibc: GNU C Library GNU C Library could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703846 swift: OpenStack distributed virtual object store Several security issues were fixed in OpenStack Swift. oval:org.secpod.oval:def:702861 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703131 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:702743 spice: SPICE protocol client and server library Spice could be made to crash or run programs. oval:org.secpod.oval:def:702719 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702715 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702712 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703033 pam: Pluggable Authentication Modules Several security issues were fixed in PAM. oval:org.secpod.oval:def:702470 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:702725 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:25766 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:702629 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to crash or run programs as the lp user if it processed a specially crafted print job. oval:org.secpod.oval:def:702703 python-keystoneclient: Client library for OpenStack Identity API - python-keystonemiddleware: Client library for OpenStack Identity API Keystone could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702437 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:702464 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:702333 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:702288 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:702281 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702176 keystone: OpenStack identity service Several security issues were fixed in OpenStack Keystone. oval:org.secpod.oval:def:702157 gpgme1.0: GPGME - GnuPG Made Easy GPGME could be made to crash or run programs as your login if it processed a specially crafted certificate. oval:org.secpod.oval:def:702283 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:702289 cinder: OpenStack storage service OpenStack Cinder could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702284 nova: OpenStack Compute cloud infrastructure OpenStack Nova could be made to expose sensitive information. oval:org.secpod.oval:def:702234 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:702285 keystone: OpenStack identity service OpenStack Keystone could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702172 horizon: Web interface for OpenStack cloud infrastructure Several security issues were fixed in OpenStack Horizon. oval:org.secpod.oval:def:21002 nova: OpenStack Compute cloud infrastructure OpenStack Nova could be made to expose sensitive information over the network. oval:org.secpod.oval:def:20999 ceilometer: OpenStack Telemetry service Details: USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory OpenStack Ceilometer could be made to expose sensitive information. oval:org.secpod.oval:def:702173 neutron: OpenStack Virtual Network Service OpenStack Neutron could be made to expose sensitive information or crash. oval:org.secpod.oval:def:702119 cups: Common UNIX Printing System CUPS could be made to expose sensitive information, leading to privilege escalation. oval:org.secpod.oval:def:702096 swift: OpenStack distributed virtual object store Swift did not properly perform input validation of certain HTTP headers. oval:org.secpod.oval:def:702079 libreoffice: Office productivity suite LibreOffice would unconditionally execute certain VBA macros. oval:org.secpod.oval:def:21001 glance: OpenStack Image Registry and Delivery Service OpenStack Glance could be made to stop serving requests. oval:org.secpod.oval:def:701958 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:30208 postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database PostgreSQL could be made to crash or expose private information if it handled specially crafted data. oval:org.secpod.oval:def:44099 erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang. oval:org.secpod.oval:def:702202 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901524 Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a "system" entrypoint from fbudf.so. oval:org.secpod.oval:def:1901169 An issue was discovered in libtskbase.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unm ... oval:org.secpod.oval:def:1901275 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmappe ... oval:org.secpod.oval:def:1900695 An issue was discovered in libtskfs.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me ... oval:org.secpod.oval:def:1901068 An issue was discovered in libtskimg.a in The Sleuth Kit from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory caus ... oval:org.secpod.oval:def:704169 liblouis: Braille translation library - utilities Liblouis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702184 lua5.1: Simple, extensible, embeddable programming language Lua could be made to crash or run programs. oval:org.secpod.oval:def:1901402 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application"s unrestricted use of the render method and providing a ... oval:org.secpod.oval:def:1900687 actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service via ... oval:org.secpod.oval:def:702311 libksba: X.509 and CMS support library Libksba could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702912 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to run programs as an administrator. oval:org.secpod.oval:def:702906 linux-lts-wily: Linux hardware enablement kernel from Wily The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703035 git: fast, scalable, distributed revision control system Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository. oval:org.secpod.oval:def:1900012 An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. oval:org.secpod.oval:def:1901443 If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrec ... oval:org.secpod.oval:def:1901244 An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the oval:org.secpod.oval:def:43676 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:34008 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:703048 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703047 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703045 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703845 libffi: Foreign Function Interface library A security issue was fixed in libffi. oval:org.secpod.oval:def:702069 json-c: JSON manipulation library json-c could be made to crash or consume CPU if it processed a specially crafted JSON document. oval:org.secpod.oval:def:704246 bouncycastle: Java implementation of cryptographic algorithms Several security issues were fixed in Bouncy Castle. oval:org.secpod.oval:def:1900024 Resource exhaustion via TCP connection to port serving the SSL endpoint oval:org.secpod.oval:def:1901729 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in ... oval:org.secpod.oval:def:32658 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:1901731 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arb ... oval:org.secpod.oval:def:34609 libksba: X.509 and CMS support library Libksba could be made to crash or run programs if it decoded specially crafted data. oval:org.secpod.oval:def:1900667 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service via a crafted public key to a program that uses HTTPS client certificates or SSH s ... oval:org.secpod.oval:def:703036 webkitgtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:702137 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702175 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702193 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702262 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702296 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702389 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702411 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702459 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:702233 bash: GNU Bourne Again SHell Details: USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn"t get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory Bash allowed bypassing e ... oval:org.secpod.oval:def:702232 bash: GNU Bourne Again SHell Bash allowed bypassing environment restrictions in certain environments. oval:org.secpod.oval:def:702228 bash: GNU Bourne Again SHell Bash allowed bypassing environment restrictions in certain environments. oval:org.secpod.oval:def:701638 mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:702089 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:702077 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702068 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:702061 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702491 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702490 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702467 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702441 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702447 icu: International Components for Unicode library ICU could be made to crash or run programs as your login if it processed specially crafted data. oval:org.secpod.oval:def:702446 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702429 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:702402 file: Tool to determine file types file could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702185 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702174 squid3: Web proxy cache server Squid could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702171 eglibc: GNU C Library Certain applications could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702162 krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:702150 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702159 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:702158 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:702145 eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:702126 mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:702113 file: Tool to determine file types File could be made to crash or hang if it processed specially crafted data. oval:org.secpod.oval:def:702112 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702573 openldap: OpenLDAP utilities OpenLDAP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:22313 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:702271 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702263 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702261 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702264 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:702255 mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:702257 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702245 file: Tool to determine file types file could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702230 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory Fraudulent security certificates could allow sensitive information to be exposed when accessing the Inter ... oval:org.secpod.oval:def:702236 rsyslog: Enhanced syslogd Rsyslog could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:702222 nss: Network Security Service library Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:30044 commons-httpclient: A Java library for creating HTTP clients Several security issues were fixed in commons-httpclient. oval:org.secpod.oval:def:702225 firefox: Mozilla Open Source web browser Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:702205 php5: HTML-embedded scripting language interpreter php5 could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702204 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702209 openjdk-7: Open Source Java implementation Details: USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Original advisory This update provides stability updates for OpenJDK 7. oval:org.secpod.oval:def:701959 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701954 libxfont: X11 font rasterisation library Several security issues were fixed in libXfont. oval:org.secpod.oval:def:701943 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:701935 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702395 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702373 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Original advisory This update provides compatible packages for Firefox 35. oval:org.secpod.oval:def:702365 rpm: package manager for RPM Several security issues were fixed in RPM. oval:org.secpod.oval:def:702364 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702363 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702340 nvidia-graphics-drivers-304: NVIDIA binary Xorg driver - nvidia-graphics-drivers-304-updates: NVIDIA binary Xorg driver - nvidia-graphics-drivers-331: NVIDIA binary Xorg driver - nvidia-graphics-drivers-331-updates: NVIDIA binary Xorg driver Several security issues were fixed in the NVIDIA graphics ... oval:org.secpod.oval:def:702337 xorg-server: X.Org X11 server - xorg-server-lts-trusty: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:702314 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702316 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702982 linux-lts-wily: Linux hardware enablement kernel from Wily Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702989 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702987 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702938 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702937 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702936 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702931 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702935 linux-lts-wily: Linux hardware enablement kernel from Wily The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702900 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703382 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703374 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703351 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703347 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703315 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703314 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703301 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703305 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1901134 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has b ... oval:org.secpod.oval:def:702600 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703098 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:703053 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:703051 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703022 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703498 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703497 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703012 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703461 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702596 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703449 linux: Linux kernel The system could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703420 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702560 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702562 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703419 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702557 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:702549 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702516 mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:702515 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702744 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702746 openldap: OpenLDAP utilities Several security issues were fixed in OpenLDAP. oval:org.secpod.oval:def:702745 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:702733 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702735 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702726 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702708 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information from local files. oval:org.secpod.oval:def:702709 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:1901002 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding , `Buffer#write` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input byt ... oval:org.secpod.oval:def:1901008 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. oval:org.secpod.oval:def:703198 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703197 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703185 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703182 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703181 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703173 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703179 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703152 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703159 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703106 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703570 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703541 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703544 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702681 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702651 mysql-5.6: MySQL database development files - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:702647 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702634 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:702828 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702822 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:704137 nasm: General-purpose x86 assembler NASM could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703280 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703272 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703253 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702392 mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703249 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703231 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703237 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702372 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703224 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703222 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703205 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703203 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702338 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1901493 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security deci ... oval:org.secpod.oval:def:702783 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702781 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702778 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702760 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702765 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702764 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702753 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703605 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:1900023 Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks. oval:org.secpod.oval:def:1900020 skins/classic/views/control cap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange]parameter. oval:org.secpod.oval:def:1900021 daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. oval:org.secpod.oval:def:1900022 ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. oval:org.secpod.oval:def:1900027 python3-sqlalchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:1900028 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "". This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable. oval:org.secpod.oval:def:1900029 includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. oval:org.secpod.oval:def:1900001 An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server can overwrite arbitrary files in a directory on ... oval:org.secpod.oval:def:1900002 An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ... oval:org.secpod.oval:def:1900003 ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. oval:org.secpod.oval:def:1900000 In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. oval:org.secpod.oval:def:1900009 An issue was discovered in the function mark_beginning_as_normal in nfa.cin flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vul ... oval:org.secpod.oval:def:1900005 python3-sqlalchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. oval:org.secpod.oval:def:1900015 ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. oval:org.secpod.oval:def:1900011 SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. oval:org.secpod.oval:def:1900017 A Denial of Service issue was discovered in the LIVE555 Strealibming-dev Media libraries as used in Live555 Media Server 0.93. It can cause an RTSP Server crash in handle HTTPCmd_Tunneling POST, when RTSP-over-HTTP tunneling is supported, via x-session cookie HTTP headers in a GET request and a POST ... oval:org.secpod.oval:def:1900034 Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. oval:org.secpod.oval:def:1900036 ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. oval:org.secpod.oval:def:1900030 The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are ... oval:org.secpod.oval:def:1900032 Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. oval:org.secpod.oval:def:704359 audiofile: Open-source version of the SGI audiofile library Several security issues were fixed in audiofile. oval:org.secpod.oval:def:1900103 Netwide Assembler 2.14rc15 has a buffer over-read in x86/regflags.c. oval:org.secpod.oval:def:1900106 Netwide Assembler 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. oval:org.secpod.oval:def:1900111 In libjs-dojo-core Toolkit before 1.14, there is unescaped string injection in libjs-dojo-corex/Grid/DataGrid. oval:org.secpod.oval:def:1900113 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade an ... oval:org.secpod.oval:def:1900110 Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. oval:org.secpod.oval:def:1900115 NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption of nasm when handling a crafted file due to function assemble_file at asm/nasm.c:482. vulnerability in function assemble_file at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appe ... oval:org.secpod.oval:def:1900141 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request. oval:org.secpod.oval:def:1900148 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode,but not in m ... oval:org.secpod.oval:def:1900157 A bug in Bluez may allow for the Bluetooth Discoverable state being set toon when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. oval:org.secpod.oval:def:1900152 Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance"s port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to ... oval:org.secpod.oval:def:1900151 In libwpd-dev 0.10.2, there is a NULL pointer dereference in the functionWP6Content Listener::defineTable in WP6Content Listener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. oval:org.secpod.oval:def:1900153 An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to makens-slapd crash via a specially crafted LDAP request, thus result ing in denial of ... oval:org.secpod.oval:def:1900127 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy function in DriverManager/__info.c. oval:org.secpod.oval:def:1900128 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis-dev 1.3.6 has a stack-based buffer over-read. oval:org.secpod.oval:def:1900136 In libgraphite2-dev in libgraphite2-dev 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation,which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. oval:org.secpod.oval:def:1900135 Netwide Assembler before 2.13.02 has a use-after-free in detoken atasm/preproc.c. oval:org.secpod.oval:def:1900132 Netwide Assembler 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a global line no integer overflow. oval:org.secpod.oval:def:1900067 An issue was discovered in GEGL through 0.3.32. Thegegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in ... oval:org.secpod.oval:def:1900069 Netwide Assembler 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. oval:org.secpod.oval:def:1900064 An issue was discovered in zziplib-bin 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900065 In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function . Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. oval:org.secpod.oval:def:1900062 The caml_ba_deserialize function in byterun/big array.c in the standardlibrary in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafte ... oval:org.secpod.oval:def:1900061 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. oval:org.secpod.oval:def:1900078 Incorrect returning of an error code in the index.c:read_entry function leads to a double free in libgit2-dev before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:1900075 An issue was discovered in login 4.5. new gidmap is setuid and allows an unprivileged user to be placed in a user namespace where setgroups is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator h ... oval:org.secpod.oval:def:1900074 The html package through 2018-09-25 in Go mishandles<table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. oval:org.secpod.oval:def:1900073 Integer overflow in the index.c:read_entry function while decompressing a compressed prefix length in libgit2-dev before v0.26.2 allows an attacker to cause a denial of service via a crafted repository index file. oval:org.secpod.oval:def:1900072 nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. oval:org.secpod.oval:def:1900046 Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $and ! characters. oval:org.secpod.oval:def:1900045 Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. oval:org.secpod.oval:def:1900048 prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a usersession remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the ... oval:org.secpod.oval:def:1900043 In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an ar ... oval:org.secpod.oval:def:1900057 Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. oval:org.secpod.oval:def:1900056 There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer. oval:org.secpod.oval:def:1900059 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in PrivateDNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages we refixed, but later u ... oval:org.secpod.oval:def:1900053 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps-dev through 0.3.0because it does not reject negative return values from ag_input_stream_read call. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900054 An issue was discovered in GEGL through 0.3.32. Thegegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to thebabl_format ... oval:org.secpod.oval:def:1900051 An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. oval:org.secpod.oval:def:1900089 mapping0_forward in mapping0.c in Xiph.Org libvorbis-dev 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900086 Open Chinese Convert 1.0.5 allows attackers to cause a denial of service because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. oval:org.secpod.oval:def:1900081 asm/labels.c in Netwide Assembler is prone to NULL PointerDereference, which allows the attacker to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900083 zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service orarbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed i ... oval:org.secpod.oval:def:1900097 libtiff-toolsClientOpen in tif_unix.c in Liblibtiff-tools 3.8.2 has memory leaks, as demonstrated by bmp2libtiff-tools. oval:org.secpod.oval:def:1900099 No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. oval:org.secpod.oval:def:1900098 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps-dev through 0.3.0. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900094 A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. oval:org.secpod.oval:def:1900184 python-fedmsg 0.18.1 and older is vulnerable to a message validation flaw result ing in message validation not being enabled if configured to be on. oval:org.secpod.oval:def:1900183 In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900167 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900166 Directory traversal vulnerability in zziplib-bin 0.13.69 allows attackers to overwrite arbitrary files via a .. in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. oval:org.secpod.oval:def:1900162 Netwide Assembler 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. oval:org.secpod.oval:def:1900164 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before1. ... oval:org.secpod.oval:def:1900178 In ncurses-bin 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900177 The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900179 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service in ReadMATImage if the size specified for a MAT Object is larger than the actual amount of data. oval:org.secpod.oval:def:1900173 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:1900176 In ncurses-bin 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900340 The main function in plistutil.c in libimobiledevice libplist++-dev through 1.12allows attackers to obtain sensitive information from process memory or cause a denial of service via Apple Property List data that is too short. oval:org.secpod.oval:def:1900323 It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions. oval:org.secpod.oval:def:1900322 A program libming-dev error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509certificate would need to be delivered to the client or server application in orde ... oval:org.secpod.oval:def:1900329 It was discovered that libice-dev before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. oval:org.secpod.oval:def:1900325 In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger t ... oval:org.secpod.oval:def:1900324 Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a cha ... oval:org.secpod.oval:def:1900332 The parse_dict_node function in bplist.c in libplist++-dev allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900334 The gst_asf_demux_process_ext_stream_props function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3allows remote attackers to cause a denial of service via vectors related to the number of languages in a video file. oval:org.secpod.oval:def:1900333 wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makesit easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup. oval:org.secpod.oval:def:1900330 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, result ing in denial of service. oval:org.secpod.oval:def:1900336 wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. oval:org.secpod.oval:def:1900335 The plist_free_data function in plist.c in libplist++-dev allows attackers to cause a denial of service via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. oval:org.secpod.oval:def:1900338 Cross-site scripting vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related towp-admin/includes/class-theme-installer-skin.php. oval:org.secpod.oval:def:1900337 Cross-site scripting vulnerability inwp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary webscript or HTML via a crafted excerpt. oval:org.secpod.oval:def:1900301 wp-admin/user-new.php in WordPress before 4.9.1 sets the new bloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. oval:org.secpod.oval:def:1900307 The function d2ulaw_array in ulaw.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246. oval:org.secpod.oval:def:1900309 libopenafs-dev 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. oval:org.secpod.oval:def:1900308 wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. oval:org.secpod.oval:def:1900303 The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library 0.6.1 does not ensure anon-negative size, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900311 The swri_audio_convert function in audio convert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, libaubio-dev 0.4.6, and other products,allows remote attackers to cause a denial of service via a crafted audio file. oval:org.secpod.oval:def:1900318 Open Ticket Request System 4.0.x before 4.0.28, 5.0.x before 5.0.26,and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. oval:org.secpod.oval:def:1900317 In python-yaml before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used. oval:org.secpod.oval:def:1900313 wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. oval:org.secpod.oval:def:1900316 wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. oval:org.secpod.oval:def:1900315 pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. oval:org.secpod.oval:def:1900287 LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. oval:org.secpod.oval:def:1900289 plugins/preauth/pkinit/pkinit_crypto_opelibnss3-devl.c in MIT Kerberos 5 through 1.15.2 mishandles Distinguished Name fields, which allow sremote attackers to execute arbitrary code or cause a denial of service in situations involving untrustedX.509 data, related to the get_matching_data and X509_NA ... oval:org.secpod.oval:def:1900284 Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker to execute arbitrary code as the user running Ohcount. oval:org.secpod.oval:def:1900283 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. oval:org.secpod.oval:def:1900286 A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadBytefunction of the gifread.c file. oval:org.secpod.oval:def:1900285 The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length,which allows local users to cause a denial of service or possibly have unspecified other impact via a crafted input stream. oval:org.secpod.oval:def:1900280 shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic Metadata Provider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the Metadata Filter plugins and does not perform critical security checks such as signature verification, enforcement of validity pe ... oval:org.secpod.oval:def:1900282 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 , if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application rootfolder to a file of choice and querying passenger-status --show=xml. oval:org.secpod.oval:def:1900281 In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. oval:org.secpod.oval:def:1900299 The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19edoes not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. oval:org.secpod.oval:def:1900298 An issue was discovered in OpenStack nova-common 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header,result ing in a denial of service attack on the compute host. All nova-common ... oval:org.secpod.oval:def:1900295 Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. oval:org.secpod.oval:def:1900296 An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. oval:org.secpod.oval:def:1900291 An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI.This allows attackers to ... oval:org.secpod.oval:def:1900293 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash . oval:org.secpod.oval:def:1900221 Directory traversal vulnerability in minion id validation in salt-common Stack salt-common before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. oval:org.secpod.oval:def:1900220 In login before 4.5, the new users tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control P ... oval:org.secpod.oval:def:1900225 The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900228 Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. oval:org.secpod.oval:def:1900227 The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900233 NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. oval:org.secpod.oval:def:1900232 The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900235 There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900234 There is an infinite loop in the next_char function in comp_scan.c in ncurses-bin 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900231 The elf_read_notes function in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file. oval:org.secpod.oval:def:1900237 In The Sleuth Kit 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table in tsk/vs/dos.c in libtskvs.a,as demonstrated by mmls. oval:org.secpod.oval:def:1900239 There is an illegal address access in the function _nc_read_entry_source in progs/tic.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900238 In The Sleuth Kit 4.4.2, fls hangs on a corrupt exfat image intsk_img_read in tsk/img/img_io.c in libtskimg.a. oval:org.secpod.oval:def:1900201 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service via a crafted mid file. NOTE: CPU consumption might be relevant when using the--background option. oval:org.secpod.oval:def:1900208 The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service via a crafted HTML file. oval:org.secpod.oval:def:1900204 An out-of-bounds read and write flaw was found in the way SIPcrack 0.2processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. oval:org.secpod.oval:def:1900203 The _tokenize_matrix function in audio_out.c in Xiph.Org libao-dev 1.2.0 allow sremote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1900206 The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900205 FontForge 20161012 is vulnerable to a buffer over-read in umodenc resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900211 main.c in Tinyproxy 1.8.4 and earlier creates a/run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-rootaccount, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kil ... oval:org.secpod.oval:def:1900210 A memory leak was found in the way SIPcrack 0.2 handled processing of SIPtraffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. oval:org.secpod.oval:def:1900213 The SdpContents::Session::Medium::parse function inresip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service by triggering many media connections. oval:org.secpod.oval:def:1900212 FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName resulting in DoS or code execution via a crafted otf file. oval:org.secpod.oval:def:1900219 The DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. oval:org.secpod.oval:def:1900215 Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. oval:org.secpod.oval:def:1900217 The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900216 The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu0.8 can cause a denial of service via a crafted djvu file. oval:org.secpod.oval:def:1900266 Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. oval:org.secpod.oval:def:1900268 Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. oval:org.secpod.oval:def:1900262 The _zip_read_eocd64 function in zip_open.c in libzip-dev before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service via a crafted ZIP archive. oval:org.secpod.oval:def:1900261 WordPress 4.8.2 stores cleartext wp_signups.activation_key values , which might make it easier for remote attackers to hijack unactivated useraccounts by leveraging database read access . oval:org.secpod.oval:def:1900264 In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure is possible with careful tilibming-dev by an attacker. The "strictrtp" option in rtp.conf enab ... oval:org.secpod.oval:def:1900263 Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. oval:org.secpod.oval:def:1900277 Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 oval:org.secpod.oval:def:1900276 spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. oval:org.secpod.oval:def:1900279 Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. oval:org.secpod.oval:def:1900278 WordPress before 4.8.3 is affected by an issue where $wpdb->prepare can create unexpected and unsafe queries leading to potential SQL injection in plugins and themes, as demonstrated by a "double prepare"approach, a different vulnerability than CVE-2017-14723. oval:org.secpod.oval:def:1900272 logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. oval:org.secpod.oval:def:1900274 backintime-common before 1.1.24 did improper escaping/quoting of file paths used as arguments to the "notify-send" command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notify plugin.py. This could allow an attacker to craft an unreadab ... oval:org.secpod.oval:def:1900271 In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before13.13-cert5, unauthorized command execution is possible. The app_minivmmodule has an "externnotify" program configuration option that is executed by the MinivmNot ... oval:org.secpod.oval:def:1900270 RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service via crafted RTP packets. oval:org.secpod.oval:def:1900244 There is an illegal address access in the function post process_termcap in parse_entry.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900243 In The Sleuth Kit 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. oval:org.secpod.oval:def:1900246 There is an illegal address access in the function dump_uses in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900245 There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses-bin 6.0. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900240 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses-bin 6.0 that might lead to a remote denial of service attack. oval:org.secpod.oval:def:1900242 In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLoggersubsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. oval:org.secpod.oval:def:1900248 Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. oval:org.secpod.oval:def:1900247 WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd-dev 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service . This vulnerability can be triggered in LibreOffice before5.3.7. It may lead to suffering a remote attack against a LibreOffi ... oval:org.secpod.oval:def:1900249 In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before13.13-cert6, insufficient RTCP packet validation could allow read ing stalebuffer contents and when combined with the "nat" and "symmetric_rtp"options allow redir ... oval:org.secpod.oval:def:1900255 Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. oval:org.secpod.oval:def:1900257 Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. oval:org.secpod.oval:def:1900251 In the pjsip channel driver in Asterisk 13.x before 13.17.1 and14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. oval:org.secpod.oval:def:1900250 Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. oval:org.secpod.oval:def:1900253 Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugineditor via a crafted plugin name. oval:org.secpod.oval:def:1900252 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file. oval:org.secpod.oval:def:1900259 A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick"s "convert"utility. It"s not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Customapplications u ... oval:org.secpod.oval:def:1900258 GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a.desktop file"s Name field ends in .pdf but this file"s Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication ... oval:org.secpod.oval:def:704197 gimp: The GNU Image Manipulation Program Several security issues were fixed in GIMP. oval:org.secpod.oval:def:1900189 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CASserver. oval:org.secpod.oval:def:1900188 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relyi ... oval:org.secpod.oval:def:1900185 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service via a file that begins with many "\0"characters. oval:org.secpod.oval:def:1900186 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. oval:org.secpod.oval:def:1900199 The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900196 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the --background option. oval:org.secpod.oval:def:1900197 The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900192 The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2can cause a denial of service via a crafted mid file. oval:org.secpod.oval:def:1900191 In ncurses-bin 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900194 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allow sremote attackers to cause a denial of service via a crafted mid file. NOTE: a crash might be relevant when using the--background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. oval:org.secpod.oval:def:1900193 In ncurses-bin 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. oval:org.secpod.oval:def:1900190 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0,v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8snapshots enab ... oval:org.secpod.oval:def:1900343 SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Queryin WordPress before 4.7.2 allows remote attackers to execute arbitrary SQLcommands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. oval:org.secpod.oval:def:1900342 The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors. oval:org.secpod.oval:def:1900345 Multiple cross-site scripting vulnerabilities inwp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the name or version header of a plugin. oval:org.secpod.oval:def:1900344 Cross-site request forgery vulnerability in WordPress before 4.7.1allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. oval:org.secpod.oval:def:1900341 The base64decode function in base64.c in libimobiledevice libplist++-dev through1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via split encoded Apple Property List data. oval:org.secpod.oval:def:1900347 libplist++-dev allows attackers to cause a denial of service via vectors involving an offset size of zero. oval:org.secpod.oval:def:1900346 wp-admin/includes/class-wp-press-this.php in Press This in WordPress before4.7.2 does not properly restrict visibility of a taxonomy-assignment userinterface, which allows remote attackers to bypass intended access restrictions by read ing terms. oval:org.secpod.oval:def:1900348 A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files in the context of the web server user. The attack vector is a .. ... oval:org.secpod.oval:def:1900356 Multiple heap-based buffer overflows in parser.c in libming-dev 0.4.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SWF file. NOTE:this issue exists because of an incomplete fix for CVE-2016-9831. oval:org.secpod.oval:def:1900355 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900350 Cross-site request forgery vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related towp-admin/includes/class-wp-screen.php and wp-ad ... oval:org.secpod.oval:def:1900351 sarnold> probably our packages are not-affected but marking as needed to communicate that this patch is needed too oval:org.secpod.oval:def:1900357 The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900359 In WordPress before 4.7.3 , control characters can trick redirect URL validation. oval:org.secpod.oval:def:1900387 Drupal core 7.x versions before 7.57 when using Drupal"s private filesystem, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is ... oval:org.secpod.oval:def:1900386 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900389 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service via a crafted binary file, related to use of a variable-size stackarray. oval:org.secpod.oval:def:1900383 Crypto++ through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. oval:org.secpod.oval:def:1900385 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email addr ... oval:org.secpod.oval:def:1900384 gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload,which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications , see information from the extensions , or even execute arbitrary commands. It all depends on what e ... oval:org.secpod.oval:def:1900381 In lrzip 0.631, a stack buffer overflow was found in the function get_file info in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900380 The cr_input_new_from_uri function in cr-input.c in libcroco3-dev 0.6.11 and0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900397 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. oval:org.secpod.oval:def:1900399 In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan . A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the us ... oval:org.secpod.oval:def:1900394 The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900393 The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900396 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the A ... oval:org.secpod.oval:def:1900390 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco3-dev 0.6.12 allow sremote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900392 PoDoFo 0.9.5 allows denial of service via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure . oval:org.secpod.oval:def:1900391 The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900365 The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service or possibly have unspecified other impact via a crafted archive. oval:org.secpod.oval:def:1900364 The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900367 The bufRead::get function in libzpaq/libzpaq.h in liblrzip.so in lrzip0.631 allows remote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900366 In libsamplerate0-dev before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. oval:org.secpod.oval:def:1900360 Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command=option. This occurs because ~/.ssh/authorized_keys is read with rootprivileges and symlinks are followed. oval:org.secpod.oval:def:1900363 The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. oval:org.secpod.oval:def:1900362 In WordPress before 4.7.5, a cross-site scripting vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. oval:org.secpod.oval:def:1900369 smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. oval:org.secpod.oval:def:1900368 php-tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. oval:org.secpod.oval:def:1900376 In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56;Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupalcore did not prev ... oval:org.secpod.oval:def:1900375 elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, has a "member access within null pointer"undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via an "int main {return 0;}" program. oval:org.secpod.oval:def:1900377 In WordPress before 4.7.3, there is authenticated Cross-Site Scripting via Media File Metadata. This is demonstrated by both mishandling of the playlist shortcode in the wp_playlist_shortcode function inwp-includes/media.php and mishandling of meta information in the render Tracks function in wp-inc ... oval:org.secpod.oval:def:1900372 The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while read ing section contents in a corrupt binary, leading to a program crash. oval:org.secpod.oval:def:1900371 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900374 In WordPress before 4.7.5, a cross-site scripting vulnerability related to the Customizer exists, involving an invalid customizationsession. oval:org.secpod.oval:def:1900373 The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted DEX file. oval:org.secpod.oval:def:1900379 The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900370 The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file isnot associated with any template file. oval:org.secpod.oval:def:1900465 SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in/ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. oval:org.secpod.oval:def:1900460 The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf20161001 and earlier allows remote attackers to cause a denial of service by calling the dwarfdump command on a crafted file. oval:org.secpod.oval:def:1900462 dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service via a crafted elf file. oval:org.secpod.oval:def:1900461 The parser_get_next_char function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service by crafting a string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900467 perltidy through 20160302, as used by perl critic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demon ... oval:org.secpod.oval:def:1900475 Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allow sremote authenticated users to obtain sensitive information by read ing the fields in the ics or XML calendar feeds. oval:org.secpod.oval:def:1900477 xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability ... oval:org.secpod.oval:def:1900476 lshell 0.9.16 allows remote authenticated users to break out of a limitedshell and execute arbitrary commands. oval:org.secpod.oval:def:1900471 The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. oval:org.secpod.oval:def:1900472 Integer overflow in X.org libxfixes-dev before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX,which triggers the client to stop read ing data and get out of sync. oval:org.secpod.oval:def:1900478 SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. oval:org.secpod.oval:def:1900442 The dex_load code function in libr/bin/p/bin_dex.c in radare2 1.2.1 allow sremote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900441 Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.cin libjasper-dev 2.0.10 allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:1900444 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header,which could potentially lead to clickjacking. oval:org.secpod.oval:def:1900443 In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. oval:org.secpod.oval:def:1900440 CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves hosting a crafted plugin that executes an arbitrary program from its __init__.py file and causing the victim to download, install, and enable this plugin. oval:org.secpod.oval:def:1900449 Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external s ... oval:org.secpod.oval:def:1900445 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.check Plain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML . This function does not correctly handle all methods of injecting malicious HTML, leading to across-sit ... oval:org.secpod.oval:def:1900448 The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900447 Use-after-free vulnerability in the fz_subsample_pixmap function infitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. oval:org.secpod.oval:def:1900455 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash when parsing an invalid file. oval:org.secpod.oval:def:1900451 In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. oval:org.secpod.oval:def:1900457 The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900456 A jQuery cross site scripting vulnerability is present when making Ajaxrequests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core ... oval:org.secpod.oval:def:1900458 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. oval:org.secpod.oval:def:1900486 Integer overflow in the opj_pi_create_decode function in pi.c in libopenjpeg-dev allows remote attackers to execute arbitrary code via a crafted JP2 file,which triggers an out-of-bounds read or write. oval:org.secpod.oval:def:1900485 The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service via a crafted JSON file. oval:org.secpod.oval:def:1900488 Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service or execute arbitrary code via a large decode array. oval:org.secpod.oval:def:1900487 The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service via a crafted GZIP response. oval:org.secpod.oval:def:1900482 listmp3.c in libming-dev 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. oval:org.secpod.oval:def:1900481 Multiple XML external entity vulnerabilities in the Dom4JDriver, DomDriver, JDomDriver, JDom2Driver, SjsxpDriver, StandardStaxDriver, and WstxDriver drivers in XStream before 1.4.9allow remote attackers to read arbitrary files via a crafted XML document. oval:org.secpod.oval:def:1900484 The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service by calling the dwarfdump command on a crafted file. oval:org.secpod.oval:def:1900496 chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service . oval:org.secpod.oval:def:1900499 SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in/ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. oval:org.secpod.oval:def:1900498 AST-2016-006 oval:org.secpod.oval:def:1900492 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through9.11.0b1 allows primary DNS servers to cause a denial of service via a large AXFR response, and possibly allows IXFRservers to cause a denial of service via a large IXFRresponse and allows remote authenticated users to cause a de ... oval:org.secpod.oval:def:1900495 The git_commit_message function in oid.c in libgit2-dev before 0.24.3 allow sremote attackers to cause a denial of service via acat-file command with a crafted object file. oval:org.secpod.oval:def:1900494 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. oval:org.secpod.oval:def:1900491 Cross-site scripting vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution attack. oval:org.secpod.oval:def:1900490 Multiple integer overflows in libopenjpeg-dev, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux,allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000data that is mishandled during ... oval:org.secpod.oval:def:1900420 A Cross-Site Scripting was discovered in ZoneMinder before 1.30.2.The vulnerability exists due to insufficient filtration of user-supplied data passed to the"ZoneMinder-master/web/skins/classic/views/js/post login.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in ... oval:org.secpod.oval:def:1900422 The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. oval:org.secpod.oval:def:1900421 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all chicken-bin Scheme versions prior to 4.13,which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. oval:org.secpod.oval:def:1900428 The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allow sremote attackers to cause a denial of service via a crafted archive. oval:org.secpod.oval:def:1900427 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900423 The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1900426 Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1900431 In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. oval:org.secpod.oval:def:1900430 In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user"s preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit th ... oval:org.secpod.oval:def:1900433 It was discovered that a program libming-dev error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting ... oval:org.secpod.oval:def:1900432 The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900439 Roundcube Webmail allows arbitrary password resets by authenticated users.This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. oval:org.secpod.oval:def:1900438 The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900435 SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. oval:org.secpod.oval:def:1900434 Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service via a large XMLdocument, aka Devil"s Ivy. NOTE: the large document would be blocked by m ... oval:org.secpod.oval:def:1900437 kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password ent ... oval:org.secpod.oval:def:1900400 rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted CascadingStyle Sheets token sequence within an SVG element. oval:org.secpod.oval:def:1900406 Incorrect interaction of the parse_packet and parse_part_sign_sha256functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:1900405 objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads while handling corrupt STABS enum typestrings in a crafted object file, leading to program crash. oval:org.secpod.oval:def:1900407 A null dereference vulnerability has been found in the MIME handling component of libetpan-dev before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Ccheader containing multiple e-mail addresses. oval:org.secpod.oval:def:1900403 The cr_parser_parse_selector_core function in cr-parser.c in libcroco3-dev0.6.12 allows remote attackers to cause a denial of service via a crafted CSS file. oval:org.secpod.oval:def:1900411 Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1900410 In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. oval:org.secpod.oval:def:1900416 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900419 In WordPress before 4.7.3 , unintended files can be deleted by administrators using the plugin deletion functionality. oval:org.secpod.oval:def:1900418 The parse_string_node function in bplist.c in libimobiledevice libplist++-dev1.12 allows local users to cause a denial of service via a crafted plist file. oval:org.secpod.oval:def:1900413 Stack-based buffer overflow in the libpcre3-dev2_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900412 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900415 In WordPress before 4.7.5, a Cross Site Request Forgery vulnerability exists in the filesystem credentials dia log because a nonce is not required for updating credentials. oval:org.secpod.oval:def:1900504 The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. oval:org.secpod.oval:def:1900503 NSD before 4.1.11 allows remote DNS master servers to cause a denial of service via a zone transfer with unlimited data. oval:org.secpod.oval:def:1900515 Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service via a large zonetransfer for DDNS, AXFR, or IXFR. oval:org.secpod.oval:def:1900517 Buffer overflow in the printMP3Headers function in listmp3.c in Liblibming-dev 0.4.7 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:1900512 Buffer underflow in X.org libxvmc-dev before 1.0.10 allows remote X servers to have unspecified impact via an empty string. oval:org.secpod.oval:def:1900511 perl-Image-Info: When parsing an SVG file, external entity expansion was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or,potentially, information disclosure. oval:org.secpod.oval:def:1900513 lshell 0.9.16 allows remote authenticated users to break out of a limitedshell and execute arbitrary commands. oval:org.secpod.oval:def:1900509 The oarsh script in OAR before 2.5.7 allows remote authenticated users of acluster to obtain sensitive information and possibly gain privileges via vectors related to Opelibnss3-devH options. oval:org.secpod.oval:def:1900508 The icaltime_from_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted string to the icalparser_parse_string function. oval:org.secpod.oval:def:1900540 Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service or gain privileges via a long GECOS field, involving longbuffer. oval:org.secpod.oval:def:1900543 file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. oval:org.secpod.oval:def:1900542 Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service via a crafted PDF file. oval:org.secpod.oval:def:1900544 The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by read ing these files. oval:org.secpod.oval:def:1900521 The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. oval:org.secpod.oval:def:1900527 The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments.The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a p ... oval:org.secpod.oval:def:1900526 The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. oval:org.secpod.oval:def:1900528 The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900523 PowerDNS Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service via a large AXFR or IXFR response. oval:org.secpod.oval:def:1900522 The icalparser_parse_string function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1900532 SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UIDand DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time"restriction, as demonstrated by correlating UIDs and DTSTAMPs between all u ... oval:org.secpod.oval:def:1900538 The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service via a crafted HTTP response or possibly a UPnP broadcast. oval:org.secpod.oval:def:1900539 The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service via a too small section. oval:org.secpod.oval:def:1900536 The sanity check module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. oval:org.secpod.oval:def:1900535 Gajim through 0.16.7 unconditionally implements the "XEP-0146: RemoteControlling Clients" extension. This can be abused by malicious XMPPservers to, for example, extract plaintext from OTR encrypted sessions. oval:org.secpod.oval:def:1900747 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. oval:org.secpod.oval:def:1900746 GNOME Web 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. oval:org.secpod.oval:def:1900742 The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. oval:org.secpod.oval:def:1900745 XSS issues were discovered in phpMyAdmin. This affects Zoom search ; GIS editor ; Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is r ... oval:org.secpod.oval:def:1900750 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:1900752 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900751 chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of serv ... oval:org.secpod.oval:def:1900754 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1900753 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. oval:org.secpod.oval:def:1900756 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none. oval:org.secpod.oval:def:1900724 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving a crafted table name that is mishandled during privilege checking in table_row.phtml ... oval:org.secpod.oval:def:1900727 Cross-site scripting vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. oval:org.secpod.oval:def:1900723 In Long Range Zip 0.631, there is an infinite loop and application hang in the get_fileinfo function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1900722 Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-common-master via Salt"s ssh_client. Users of Salt-API and salt-common-ssh could execute a command on the salt-common master via a hole when both systems ... oval:org.secpod.oval:def:1900718 Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. oval:org.secpod.oval:def:1900730 The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the ... oval:org.secpod.oval:def:1900736 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ... oval:org.secpod.oval:def:1900735 The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. oval:org.secpod.oval:def:1900738 The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file, because the program"s actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and cons ... oval:org.secpod.oval:def:1900732 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1900734 txAWS fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. oval:org.secpod.oval:def:1900729 The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900785 The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstra ... oval:org.secpod.oval:def:1900781 Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the username or host argument. oval:org.secpod.oval:def:1900780 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , HTTP/0.9 is handled poorly. An HTTP/1 style request line that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version , then the ... oval:org.secpod.oval:def:1900789 The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. oval:org.secpod.oval:def:1900793 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. oval:org.secpod.oval:def:1900796 Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host"s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid us ... oval:org.secpod.oval:def:1900797 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. oval:org.secpod.oval:def:1900799 The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1900760 Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. oval:org.secpod.oval:def:1900763 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace ... oval:org.secpod.oval:def:1900762 The elf_object_p function in elfcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service or possibly have unspecif ... oval:org.secpod.oval:def:1900765 WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c ... oval:org.secpod.oval:def:1900764 Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O lookup time. oval:org.secpod.oval:def:1900766 The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900771 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900774 An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op is due to a failure to check a pointer for being in bounds . oval:org.secpod.oval:def:1900770 The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a ... oval:org.secpod.oval:def:1900779 A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. oval:org.secpod.oval:def:1900778 The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service via crafted xml file. oval:org.secpod.oval:def:1900777 phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. oval:org.secpod.oval:def:1900702 In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. oval:org.secpod.oval:def:1900705 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. oval:org.secpod.oval:def:1900704 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900701 partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected appli ... oval:org.secpod.oval:def:1900700 XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature ; the "Tracking" feature ; and GIS visualization feature. All 4.6.x versions and 4.4.x versions are affected. oval:org.secpod.oval:def:1900714 The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. oval:org.secpod.oval:def:1900713 The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted INCLUDE or INCLURE tag and then accessing it with a valider_xml action. oval:org.secpod.oval:def:1900715 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. oval:org.secpod.oval:def:1900710 Prevent a MITM from forcing a NULL cipher for UDP oval:org.secpod.oval:def:1900712 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1900711 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service , related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. oval:org.secpod.oval:def:1900708 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. oval:org.secpod.oval:def:1900826 An integer overflow vulnerability in ptp-pack.c of libmtp-dev allows attackers to cause a denial of service or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. oval:org.secpod.oval:def:1900822 Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. oval:org.secpod.oval:def:1900821 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900817 libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. oval:org.secpod.oval:def:1900819 The `"path"` module in the Node.js 4.x release line contains a potential regular expression denial of service vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `"p ... oval:org.secpod.oval:def:1900818 front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. oval:org.secpod.oval:def:1900831 bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_ ... oval:org.secpod.oval:def:1900828 http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-162 ... oval:org.secpod.oval:def:1900829 The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document. oval:org.secpod.oval:def:1900802 An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc. With an unexpected size, the impact may have been a segfault or ... oval:org.secpod.oval:def:1900801 Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. oval:org.secpod.oval:def:1900804 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5. ... oval:org.secpod.oval:def:1900803 In Long Range Zip 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:1900800 Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. oval:org.secpod.oval:def:1900813 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading HTTP requests or server logs. oval:org.secpod.oval:def:1900815 In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. oval:org.secpod.oval:def:1900814 The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname ... oval:org.secpod.oval:def:1900810 When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor"s ACL by adding and removing netmasks, and to configure forward zones. It w ... oval:org.secpod.oval:def:1900809 In Long Range Zip 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1900808 The http_connect function in transports/http.c in libgit2-dev before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. oval:org.secpod.oval:def:1900807 A heap-based buffer over-read was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900585 Cross-site request forgery vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1900584 The check_allocations function in libass-dev/ass_shaper.c in libass-dev before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1900580 The mail transport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted e-mail address in the From, ReturnPath,or Sender header. oval:org.secpod.oval:def:1900583 /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. oval:org.secpod.oval:def:1900563 Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. oval:org.secpod.oval:def:1900560 An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. oval:org.secpod.oval:def:1900567 Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field. oval:org.secpod.oval:def:1900569 The XvQueryAdaptors and XvQueryEncodings functions in X.org libxv-dev before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. oval:org.secpod.oval:def:1900568 The create_script function in the lxc_container module in Ansible before1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on /opt/.lxc-attach-script, the archived container in the archive_path directory, or the lxc-attach-script.lo ... oval:org.secpod.oval:def:1900573 X.org libxi-dev before 1.7.7 allows remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1900575 SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. oval:org.secpod.oval:def:1900572 Cross-site request forgery vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. oval:org.secpod.oval:def:1900571 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in libopenjpeg-dev, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via cra ... oval:org.secpod.oval:def:1900579 The icalproperty_new_clone function in libical-dev 0.47 and 1.0 allows remote attackers to cause a denial of service via a crafted icsfile. oval:org.secpod.oval:def:1900549 The git_oid_nfmt function in commit.c in libgit2-dev before 0.24.3 allow sremote attackers to cause a denial of service via a cat-file command with a crafted object file. oval:org.secpod.oval:def:1900545 The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900547 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. oval:org.secpod.oval:def:1900546 The dwarf_get_a ranges_list function in dwarf_arrange.c in Libdwarf before20161124 allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:1900552 The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf20161001 and earlier allows remote attackers to cause a denial of service by calling the dwarfdump command on a crafted file. oval:org.secpod.oval:def:1900551 The wrap_lines_smart function in ass_render.c in libass-dev before 0.13.4allows remote attackers to cause a denial of service via unspecified vectors, related to "0/3 line wrapping equalization." oval:org.secpod.oval:def:1900554 libdwarf/dwarf_leb.c and dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." oval:org.secpod.oval:def:1900553 Integer overflow in the write_png function in libcairo2-dev 1.14.6 allows remote attackers to cause a denial of service via a large svg file. oval:org.secpod.oval:def:1900550 The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. oval:org.secpod.oval:def:1900559 Cross-site scripting vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. oval:org.secpod.oval:def:1900556 Tilibming-dev attack vulnerability oval:org.secpod.oval:def:1900558 The printMP3Headers function in listmp3.c in Liblibming-dev 0.4.7 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:1900557 An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between ... oval:org.secpod.oval:def:1900683 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1900686 A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900682 partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a "Denial of Service attack" in the context of the user running the affected application. oval:org.secpod.oval:def:1900681 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1900694 A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900697 An issue was discovered in liburiparser1 before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. oval:org.secpod.oval:def:1900691 The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900693 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS. oval:org.secpod.oval:def:1900692 Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. oval:org.secpod.oval:def:1900698 The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. oval:org.secpod.oval:def:1900662 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. oval:org.secpod.oval:def:1900664 setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. oval:org.secpod.oval:def:1900669 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness oval:org.secpod.oval:def:1900666 The spice-client-gtk widget allows remote authenticated users to obtain information from the host clipboard. oval:org.secpod.oval:def:1900665 lynx: It was found that Lynx doesn"t parse the authority component of the URL correctly when the host name part ends with "?", and could instead be tricked into connecting to a different host. oval:org.secpod.oval:def:1900673 A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900674 libical-dev allows remote attackers to cause a denial of service and possibly read heap memory via a crafted ics file. oval:org.secpod.oval:def:1900671 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. oval:org.secpod.oval:def:1900670 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1900678 The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted dwarf file. oval:org.secpod.oval:def:1900868 HTTPoxy oval:org.secpod.oval:def:1900864 unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service , which could be relevant if unrarlib is used as library code for a long-running application. oval:org.secpod.oval:def:1900863 js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. oval:org.secpod.oval:def:1900866 The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted DWARF section. oval:org.secpod.oval:def:1900871 In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. oval:org.secpod.oval:def:1900873 The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "o ... oval:org.secpod.oval:def:1900872 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV i ... oval:org.secpod.oval:def:1900879 Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted packet. oval:org.secpod.oval:def:1900878 An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction and deny rules for username by using Null Byte in the username. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900875 The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. oval:org.secpod.oval:def:1900874 It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the "System: Read Stage Users" permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclo ... oval:org.secpod.oval:def:1900877 Multiple buffer overflows in the XvQueryAdaptors and XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. oval:org.secpod.oval:def:1900846 negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. oval:org.secpod.oval:def:1900845 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters oval:org.secpod.oval:def:1900847 SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. oval:org.secpod.oval:def:1900842 The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI appli ... oval:org.secpod.oval:def:1900841 An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service attack by entering a very long password at the change password dialog. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900844 util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1900843 The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900839 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. oval:org.secpod.oval:def:1900838 Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. oval:org.secpod.oval:def:1900851 An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900850 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1900859 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful ... oval:org.secpod.oval:def:1900858 The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. oval:org.secpod.oval:def:1900853 QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip". oval:org.secpod.oval:def:1900855 The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Mach0 file. oval:org.secpod.oval:def:1900854 A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900882 A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. oval:org.secpod.oval:def:1900884 Cross-site scripting vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. oval:org.secpod.oval:def:1900880 rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. oval:org.secpod.oval:def:1900889 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. oval:org.secpod.oval:def:1900886 SimpleXML is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. oval:org.secpod.oval:def:1900885 Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 . Fixed in A ... oval:org.secpod.oval:def:1900887 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via normalization.php or js/normalization.js in the database normalization page, templates/database/structure/sortabl ... oval:org.secpod.oval:def:1900893 The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service via an object file with empty bss-like sections. oval:org.secpod.oval:def:1900894 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. oval:org.secpod.oval:def:1900891 An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900897 Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. oval:org.secpod.oval:def:1900899 GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow while attempting to unget an EOF character from the input stream, potentially leading to a program crash. oval:org.secpod.oval:def:1900898 The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted binary file. oval:org.secpod.oval:def:1900837 VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. oval:org.secpod.oval:def:1900836 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. oval:org.secpod.oval:def:1900833 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. oval:org.secpod.oval:def:1900832 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ... oval:org.secpod.oval:def:1901003 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1901001 The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. oval:org.secpod.oval:def:1901000 Cross-site scripting vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. oval:org.secpod.oval:def:1901006 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via a crafted Host HTTP header, related to libraries/Config.class.php; crafted JSON data, related to fi ... oval:org.secpod.oval:def:1901009 The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. oval:org.secpod.oval:def:1900981 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. oval:org.secpod.oval:def:1900980 Async Http Client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a "?" character occurs in a fragment identifier. Similar bugs were previously identified in cURL and Oracle Java 8 java.net.URL. oval:org.secpod.oval:def:1900983 The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service via a crafted BMP image. oval:org.secpod.oval:def:1900982 opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900988 The getsym function in tekhex.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a malformed tekhex binary. oval:org.secpod.oval:def:1900984 In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn"t stop when it should after no match is found; inste ... oval:org.secpod.oval:def:1900992 Cross-site scripting vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. oval:org.secpod.oval:def:1900994 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900990 ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admi ... oval:org.secpod.oval:def:1900995 The versados_mkobject function in bfd/versados.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file ... oval:org.secpod.oval:def:1900997 Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution oval:org.secpod.oval:def:1900960 The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. oval:org.secpod.oval:def:1900967 The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. oval:org.secpod.oval:def:1900959 Multiple cross-site scripting vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving server-privileges certificate data fields on the user privileges page, an "invalid JSON" error message in th ... oval:org.secpod.oval:def:1900971 FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. oval:org.secpod.oval:def:1900978 An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions and 4.4.x versions are affected. oval:org.secpod.oval:def:1900977 In ng_pkt in transports/smart_pkt.c in libgit2-dev before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS. oval:org.secpod.oval:def:1900979 A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thu ... oval:org.secpod.oval:def:1900974 In the GNU C Library through 2.29, the memcmp function for the x32 architecture can incorrectly return zero because the RDX most significant bit is mishandled. oval:org.secpod.oval:def:1900973 The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. oval:org.secpod.oval:def:1900975 Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of states or tags, which triggers an out-of-bounds write. oval:org.secpod.oval:def:1900900 opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1900902 libdwarf before 20160923 allows remote attackers to cause a denial of service via a large length value in a compilation unit header. oval:org.secpod.oval:def:1900912 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. oval:org.secpod.oval:def:1900914 Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1900913 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. oval:org.secpod.oval:def:1900910 Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimmi ... oval:org.secpod.oval:def:1900908 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900907 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. oval:org.secpod.oval:def:1900906 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an invalid read because the code to emit relocs does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker program crash. oval:org.secpod.oval:def:1900945 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in My ... oval:org.secpod.oval:def:1900944 An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly ke ... oval:org.secpod.oval:def:1900946 marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. oval:org.secpod.oval:def:1900941 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900940 HTTPoxy oval:org.secpod.oval:def:1900943 An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900937 An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900955 The get_build_id function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within ... oval:org.secpod.oval:def:1900958 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1900957 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker program crash ... oval:org.secpod.oval:def:1900952 dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a debugging information entry using DWARF5 and without a DW_AT_name. oval:org.secpod.oval:def:1900948 Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. oval:org.secpod.oval:def:1900923 Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. oval:org.secpod.oval:def:1900925 The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service via a crafted Web Assembly file. oval:org.secpod.oval:def:1900921 XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. oval:org.secpod.oval:def:1900919 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. oval:org.secpod.oval:def:1900916 The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file. oval:org.secpod.oval:def:1900918 dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on ... oval:org.secpod.oval:def:1900933 phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality oval:org.secpod.oval:def:1900936 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving an array value to FormDisplay.php, incorrect data to validate.php, unexpected data to Validator.php, a missing config directory during se ... oval:org.secpod.oval:def:1900930 Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. oval:org.secpod.oval:def:1900931 An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1900927 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. oval:org.secpod.oval:def:1900926 An invalid memory read vulnerability was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900929 SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. oval:org.secpod.oval:def:1900928 In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. oval:org.secpod.oval:def:1901036 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901035 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901037 An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. oval:org.secpod.oval:def:1901032 The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service via a crafted mp3 file. oval:org.secpod.oval:def:1901039 The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901047 In Moodle 3.3, the course overview block reveals activities in hidden courses. oval:org.secpod.oval:def:1901046 The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901043 The REPL server in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. oval:org.secpod.oval:def:1901041 The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 . oval:org.secpod.oval:def:1901013 A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901016 A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. oval:org.secpod.oval:def:1901010 In Moodle 3.x, course creators are able to change system default settings for courses. oval:org.secpod.oval:def:1901012 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901011 An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure. oval:org.secpod.oval:def:1901019 The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901024 The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. oval:org.secpod.oval:def:1901027 Multiple cross-site scripting vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. oval:org.secpod.oval:def:1901026 In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis. oval:org.secpod.oval:def:1901021 The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. oval:org.secpod.oval:def:1901020 uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. oval:org.secpod.oval:def:1901023 The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901022 An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service attack against the server. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901029 The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to decrypt hashed passwords by leveraging knowledge of client registration codes or gain login access by eavesdropping on login messages and re-using the hashed passwords. oval:org.secpod.oval:def:1901053 lib/Config/Model.pm in Config-Model before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array. oval:org.secpod.oval:def:1901051 Cross-site scripting vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. oval:org.secpod.oval:def:1901203 An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901208 The client in OpenAFS before 1.6.17 does not properly initialize the AFSStoreStatus, AFSStoreVolumeStatus, VldbListByAttributes, and ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. oval:org.secpod.oval:def:1901204 The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service by leveraging improper conversion of r ... oval:org.secpod.oval:def:1901207 The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901206 An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from ... oval:org.secpod.oval:def:1901234 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in My ... oval:org.secpod.oval:def:1901236 In SWFTools, a memcpy buffer overflow was found in swfc. oval:org.secpod.oval:def:1901235 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker program crash. oval:org.secpod.oval:def:1901230 Regular Expression Denial of Service oval:org.secpod.oval:def:1901232 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. oval:org.secpod.oval:def:1901231 The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. oval:org.secpod.oval:def:1901238 In Open Ticket Request System 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in qu ... oval:org.secpod.oval:def:1901237 Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. oval:org.secpod.oval:def:1901245 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. oval:org.secpod.oval:def:1901247 Cross-site request forgery vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. oval:org.secpod.oval:def:1901242 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method , which can be abused to lead to commit metadata forgery. oval:org.secpod.oval:def:1901249 An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901248 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. oval:org.secpod.oval:def:1901212 The order and group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. oval:org.secpod.oval:def:1901211 An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. oval:org.secpod.oval:def:1901214 In libquicktime-dev 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901213 In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901210 DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonst ... oval:org.secpod.oval:def:1901216 ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery attacks via a URL in the var_url parameter in a valider_xml action. oval:org.secpod.oval:def:1901215 Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an in ... oval:org.secpod.oval:def:1901218 U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. oval:org.secpod.oval:def:1901222 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901225 The gig::Region::Region function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901221 WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. oval:org.secpod.oval:def:1901220 BitlBee before 3.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. oval:org.secpod.oval:def:1901227 The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. oval:org.secpod.oval:def:1901226 The process_otr function in bfd/versados.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrate ... oval:org.secpod.oval:def:1901229 Cross-site request forgery vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer functi ... oval:org.secpod.oval:def:1901228 Cross-site scripting vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. oval:org.secpod.oval:def:1901157 Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for "roles" used for access control within the database, including the special case "_admin" role, th ... oval:org.secpod.oval:def:1901156 Cross-site request forgery vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined wi ... oval:org.secpod.oval:def:1901159 An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service attack on a server by passing large values to a loop. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901158 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. oval:org.secpod.oval:def:1901152 In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. oval:org.secpod.oval:def:1901155 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. oval:org.secpod.oval:def:1901154 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. oval:org.secpod.oval:def:1901167 Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901160 GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. oval:org.secpod.oval:def:1901161 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901131 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service via a crafted DEX file. oval:org.secpod.oval:def:1901133 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901132 An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. oval:org.secpod.oval:def:1901138 An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901146 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901145 The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service via a crafted SWF file. oval:org.secpod.oval:def:1901148 opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901147 Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. oval:org.secpod.oval:def:1901142 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. oval:org.secpod.oval:def:1901144 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901140 When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that ... oval:org.secpod.oval:def:1901196 In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. oval:org.secpod.oval:def:1901199 Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. oval:org.secpod.oval:def:1901198 The Git Smart Protocol support in libgit2-dev before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service via an empty packet line. oval:org.secpod.oval:def:1901195 liblibvips-dev before 8.7.4 writes to uninitialized memory locations in unspecified error cases because iofuncs/memory.c does not zero out allocated memory. oval:org.secpod.oval:def:1901191 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. oval:org.secpod.oval:def:1901179 An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if ... oval:org.secpod.oval:def:1901178 lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. oval:org.secpod.oval:def:1901175 Moodle 3.x has user fullname disclosure on the user preferences page. oval:org.secpod.oval:def:1901174 Cross-site scripting vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NO ... oval:org.secpod.oval:def:1901176 The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. oval:org.secpod.oval:def:1901173 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. oval:org.secpod.oval:def:1901172 An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901189 gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901186 An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901187 The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery attacks via unspecified vectors. oval:org.secpod.oval:def:1901182 The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. oval:org.secpod.oval:def:1901184 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the yr_re_exec function. oval:org.secpod.oval:def:1901180 marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it"s possible to bypass marked"s content injection protection to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` get ... oval:org.secpod.oval:def:1900469 Arbitrary File Write oval:org.secpod.oval:def:1901273 The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. oval:org.secpod.oval:def:1901270 The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. oval:org.secpod.oval:def:1901272 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304. oval:org.secpod.oval:def:1901256 A heap-based buffer over-read was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901255 The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. oval:org.secpod.oval:def:1901258 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. oval:org.secpod.oval:def:1901257 Cross-site scripting vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. oval:org.secpod.oval:def:1901254 In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. oval:org.secpod.oval:def:1901259 phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server oval:org.secpod.oval:def:1901267 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in ... oval:org.secpod.oval:def:1901262 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:704030 librelp: Reliable Event Logging Protocol library librelp could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1901113 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. oval:org.secpod.oval:def:1901112 Cross-site scripting vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter . oval:org.secpod.oval:def:1901111 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability. oval:org.secpod.oval:def:1901117 The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted DWARF section. oval:org.secpod.oval:def:1901116 The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of C ... oval:org.secpod.oval:def:1901119 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901124 file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242. oval:org.secpod.oval:def:1901126 An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions , 4.4.x ... oval:org.secpod.oval:def:1901125 libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901122 Cross-site scripting vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form action or xlink attribute. oval:org.secpod.oval:def:1901128 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. oval:org.secpod.oval:def:1901102 When using the local_batch client from salt-common-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. The LocalClient.cmd_batch method client does not accept external_ ... oval:org.secpod.oval:def:1901104 Cross-site scripting vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. oval:org.secpod.oval:def:1901100 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware . The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attack ... oval:org.secpod.oval:def:1901105 Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. oval:org.secpod.oval:def:1901108 The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. oval:org.secpod.oval:def:1901098 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. oval:org.secpod.oval:def:1901097 The LoadString function in helper.h in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901094 The htcondor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service by leveraging use of GSI and VOMS extensions. oval:org.secpod.oval:def:1901093 Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .ph ... oval:org.secpod.oval:def:1901090 The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect func ... oval:org.secpod.oval:def:1901092 In Apache libuima-core-java prior to 2.10.2, Apache libuima-core-java 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion capability of various XML parsers. UIMA ... oval:org.secpod.oval:def:1901091 The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service by leveraging improper conversion of return values to boolean. oval:org.secpod.oval:def:1901076 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule that is mishandled in the _yr_re_emit function. oval:org.secpod.oval:def:1901071 When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path trav ... oval:org.secpod.oval:def:1901070 The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. oval:org.secpod.oval:def:1901087 [improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt] oval:org.secpod.oval:def:1901086 Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from an ... oval:org.secpod.oval:def:1901089 Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service via a large number of options in a CAP LS message. oval:org.secpod.oval:def:1901083 Cross-site scripting vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. oval:org.secpod.oval:def:1901085 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. oval:org.secpod.oval:def:1901084 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. oval:org.secpod.oval:def:1901081 Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. oval:org.secpod.oval:def:1901080 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901057 WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. oval:org.secpod.oval:def:1901056 The authentication protocol allows an oracle attack that could potentially be exploited. oval:org.secpod.oval:def:1901065 In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. oval:org.secpod.oval:def:1901064 The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c. oval:org.secpod.oval:def:1901067 A heap-based buffer over-read was found in the function OpCode in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901061 The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901063 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service via a crafted binary file, as demonstrated by the r_read_le32 function. oval:org.secpod.oval:def:1901062 In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:704228 libytnef: improved decoder for application/ms-tnef attachments Several security issues were fixed in libytnef. oval:org.secpod.oval:def:1901311 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. oval:org.secpod.oval:def:1901310 The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. oval:org.secpod.oval:def:1901313 The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. oval:org.secpod.oval:def:1901319 The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. oval:org.secpod.oval:def:1901314 An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901322 The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. oval:org.secpod.oval:def:1901324 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the "&" character is mishandled in certain contexts. oval:org.secpod.oval:def:1901320 An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and termi ... oval:org.secpod.oval:def:1901325 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, a ... oval:org.secpod.oval:def:1901328 WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. oval:org.secpod.oval:def:1901327 Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service via a zero length error correcting redundancy packet for a UDPTL FAX packet ... oval:org.secpod.oval:def:1901300 DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. oval:org.secpod.oval:def:1901307 DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. oval:org.secpod.oval:def:1901309 An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901304 An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg["AllowArbitraryServer"]=true. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901303 The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player ... oval:org.secpod.oval:def:1901305 The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service via crafted xml file. oval:org.secpod.oval:def:1901354 An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize function. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901357 Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901353 Cross-site scripting vulnerability in Open Ticket Request System 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. oval:org.secpod.oval:def:1901359 An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. oval:org.secpod.oval:def:1901358 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. oval:org.secpod.oval:def:1901366 An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg["Servers"][$i]["AllowNoPassword"] = false are bypassed under certain PHP versions . This can allow the login of users who have no password set ... oval:org.secpod.oval:def:1901365 GNU Debugger 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. oval:org.secpod.oval:def:1901368 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901367 The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. oval:org.secpod.oval:def:1901362 In Long Range Zip 0.631, there is a use-after-free in the ucompthread function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1901363 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. oval:org.secpod.oval:def:1901360 The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder 1.28 allows remote attackers to cause a denial of service via a crafted wav file. oval:org.secpod.oval:def:1901334 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901331 lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. oval:org.secpod.oval:def:1901330 A null pointer dereference vulnerability was found in the function stackswap in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901339 examples/consumer/common.php in JanRain PHP OpenID library improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host heade ... oval:org.secpod.oval:def:1901344 The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901340 batteriesConfig.mlp in OCaml Batteries Included 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901279 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. oval:org.secpod.oval:def:1901289 GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. oval:org.secpod.oval:def:1901287 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. oval:org.secpod.oval:def:1901286 DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. oval:org.secpod.oval:def:1901280 Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service or possibly execute arbitrary code by causing a file transfer connection to expire. oval:org.secpod.oval:def:1901283 Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2-dev before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. oval:org.secpod.oval:def:1901282 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901296 A stack-based buffer overflow in the find_green function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. oval:org.secpod.oval:def:1901295 ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision w ... oval:org.secpod.oval:def:1901297 The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service via invalid handshake data. oval:org.secpod.oval:def:1901294 Cross-site scripting vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user"s email. oval:org.secpod.oval:def:1901290 The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service attack against parser.c. oval:org.secpod.oval:def:1901431 readelf in GNU Binutils 2.28 has a use-after-free error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. oval:org.secpod.oval:def:1901433 In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. oval:org.secpod.oval:def:1901439 An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacki ... oval:org.secpod.oval:def:1901435 The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman key to be used and consequently allow attackers to have unspecified impact via unknown vectors. oval:org.secpod.oval:def:1901442 The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during " ... oval:org.secpod.oval:def:1901441 There is a vulnerability of type use-after-free affecting DBD::mysql 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. oval:org.secpod.oval:def:1901449 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name co ... oval:org.secpod.oval:def:1901448 The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write while disassembling a corrupt binary that contains an empty function name, leading to a program crash. oval:org.secpod.oval:def:1901410 GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. oval:org.secpod.oval:def:1901412 Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. oval:org.secpod.oval:def:1901411 Cross-site scripting vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. oval:org.secpod.oval:def:1901417 The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. oval:org.secpod.oval:def:1901419 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. oval:org.secpod.oval:def:1901415 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster be ... oval:org.secpod.oval:def:1901421 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. oval:org.secpod.oval:def:1901420 In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. oval:org.secpod.oval:def:1901423 SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. oval:org.secpod.oval:def:1901429 The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file dur ... oval:org.secpod.oval:def:1901425 In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can"t access. oval:org.secpod.oval:def:1901424 In Long Range Zip 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. oval:org.secpod.oval:def:1901427 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x , and 9.4.x , when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored . If an intermediary decided on the shorter length, but ... oval:org.secpod.oval:def:1901426 guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901478 The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901472 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin"s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. oval:org.secpod.oval:def:1901471 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. oval:org.secpod.oval:def:1901474 An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user"s valid phpMyAdmin token. All 4.0.x versions are affected. oval:org.secpod.oval:def:1901487 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. oval:org.secpod.oval:def:1901488 Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. oval:org.secpod.oval:def:1901483 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. oval:org.secpod.oval:def:1901482 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1901485 The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service via a crafted SWF file. oval:org.secpod.oval:def:1901484 A heap-based buffer overflow vulnerability was found in the function dcputs in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901481 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. oval:org.secpod.oval:def:1901480 GNU linker in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of "\0" termination of a name field in ldlex.l. oval:org.secpod.oval:def:1901454 Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity attacks via a crafted PDF. oval:org.secpod.oval:def:1901456 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:1901455 An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of ... oval:org.secpod.oval:def:1901450 X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service via a reply in the XRecordStartOfData, XRecordEndOfData, or XRecordClientDied category without a client sequence and with attached data. oval:org.secpod.oval:def:1901451 SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. oval:org.secpod.oval:def:1901458 An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow ... oval:org.secpod.oval:def:1901459 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. oval:org.secpod.oval:def:1901464 An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. oval:org.secpod.oval:def:1901466 MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonst ... oval:org.secpod.oval:def:1901460 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service via a crafted rule. oval:org.secpod.oval:def:1901463 JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. oval:org.secpod.oval:def:1901468 An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp-dev allows attackers to cause a denial of service or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. oval:org.secpod.oval:def:1901400 It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and s ... oval:org.secpod.oval:def:1901406 Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted network packet. oval:org.secpod.oval:def:1901409 In Open Ticket Request System 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. oval:org.secpod.oval:def:1901403 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. oval:org.secpod.oval:def:1901404 The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. oval:org.secpod.oval:def:1901399 tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. oval:org.secpod.oval:def:1901398 The pe_ILF_object_p function in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and ... oval:org.secpod.oval:def:1901395 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:1901397 The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig-dev 4.0.0 allows remote attackers to cause a denial of service via a crafted gig file. oval:org.secpod.oval:def:1901392 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. oval:org.secpod.oval:def:1901377 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions , and 4.4.x versions are affected. oval:org.secpod.oval:def:1901376 OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the client cache partition, fileserver vice partition, or certain RPC responses. oval:org.secpod.oval:def:1901379 An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901373 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. oval:org.secpod.oval:def:1901372 An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901371 In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901370 FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. oval:org.secpod.oval:def:1901387 XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. oval:org.secpod.oval:def:1901389 readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901386 The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. oval:org.secpod.oval:def:1901385 The bfd_make_section_with_flags function in section.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. oval:org.secpod.oval:def:1901380 In Open Ticket Request System through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. oval:org.secpod.oval:def:1901382 An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it"s valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions , 4.4.x versions ... oval:org.secpod.oval:def:1901531 SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. oval:org.secpod.oval:def:1901530 libcgroup1 up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. oval:org.secpod.oval:def:1901533 In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned length field in a way which later causes memory corruption or other failure. oval:org.secpod.oval:def:1901532 readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. oval:org.secpod.oval:def:1901539 An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service attack by forcing persistent connections when phpMyAdmin is running with $cfg["AllowArbitraryServer"]=true. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901538 liblivemedia-dev in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash or possibly have unspecified other impact. oval:org.secpod.oval:def:1901535 The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. oval:org.secpod.oval:def:1901534 uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. oval:org.secpod.oval:def:1901542 The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fi ... oval:org.secpod.oval:def:1901543 The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. oval:org.secpod.oval:def:1901540 WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to tran ... oval:org.secpod.oval:def:1901511 An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An atta ... oval:org.secpod.oval:def:1901510 Cross-site scripting vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter . oval:org.secpod.oval:def:1901517 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. oval:org.secpod.oval:def:1901516 In Moodle 3.x, there is XSS in the assignment submission page. oval:org.secpod.oval:def:1901519 ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service via a long request that uses the lightweight resolver protocol. oval:org.secpod.oval:def:1901513 Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by ... oval:org.secpod.oval:def:1901512 Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901509 Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. oval:org.secpod.oval:def:1901522 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ... oval:org.secpod.oval:def:1901521 An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user"s blowfi ... oval:org.secpod.oval:def:1901527 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack. oval:org.secpod.oval:def:1901529 The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. oval:org.secpod.oval:def:1901523 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service via vectors involving length fields. oval:org.secpod.oval:def:1901526 An issue was discovered in phpMyAdmin involving the $cfg["ArbitraryServerRegexp"] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901525 An error within the "tar_directory_for_file" function in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. oval:org.secpod.oval:def:1901500 Cross-site scripting vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:1901508 Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio before 4.3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large SIP packet. oval:org.secpod.oval:def:1901502 phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name oval:org.secpod.oval:def:1901501 CouchDB administrative users can configure the database server via HTTP. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary s ... oval:org.secpod.oval:def:1901504 An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901498 The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted -m or -c argument. oval:org.secpod.oval:def:1901494 The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. oval:org.secpod.oval:def:1901495 Cross-site scripting vulnerability in Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. oval:org.secpod.oval:def:1901492 The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a crafted ELF file. oval:org.secpod.oval:def:1901491 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" c ... oval:org.secpod.oval:def:1901674 SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider is misconfigured. oval:org.secpod.oval:def:1901673 PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. oval:org.secpod.oval:def:1901670 Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. oval:org.secpod.oval:def:1901672 A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attr ... oval:org.secpod.oval:def:1901671 Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands via vectors involving a branch whose name begins with a --config= or --debugger= substring, a re ... oval:org.secpod.oval:def:1901679 The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. oval:org.secpod.oval:def:1901685 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. oval:org.secpod.oval:def:1901687 The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901686 The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. oval:org.secpod.oval:def:1901681 Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery verification tokens via a crafted URL. oval:org.secpod.oval:def:1901683 In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. oval:org.secpod.oval:def:1901682 A cross site scripting vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts ... oval:org.secpod.oval:def:1901689 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PNG file. oval:org.secpod.oval:def:1901651 Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lo ... oval:org.secpod.oval:def:1901654 Heap buffer overflow in the yr_object_array_set_item function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. oval:org.secpod.oval:def:1901650 A flaw was found in RPC request using gfs2_create_req in glusterfs-common server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs-common server nodes. oval:org.secpod.oval:def:1901659 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. oval:org.secpod.oval:def:1901656 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. oval:org.secpod.oval:def:1901658 The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim"s web browser. oval:org.secpod.oval:def:1901657 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. oval:org.secpod.oval:def:1901663 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. oval:org.secpod.oval:def:1901662 The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901665 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. oval:org.secpod.oval:def:1901664 In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity attacks, as demonstrated by /ServerView. oval:org.secpod.oval:def:1901661 The dashboard subscription interface in Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. oval:org.secpod.oval:def:1901660 A cross site scripting vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/ht ... oval:org.secpod.oval:def:1901667 The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. oval:org.secpod.oval:def:1901666 The Htpasswd authentication source in the authcrypt module and SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. oval:org.secpod.oval:def:1901669 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. oval:org.secpod.oval:def:1901668 The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. oval:org.secpod.oval:def:1901696 gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service via a crafted web site, as demonstrated by GNOME Web . oval:org.secpod.oval:def:1901695 The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PE file. oval:org.secpod.oval:def:1901697 coffgen.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PE file. oval:org.secpod.oval:def:1901691 In SWFTools, a stack overflow was found in pdf2swf. oval:org.secpod.oval:def:1901694 When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load function in lib/png.c. oval:org.secpod.oval:def:1901699 The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c ... oval:org.secpod.oval:def:1901690 The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. oval:org.secpod.oval:def:1901605 A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. oval:org.secpod.oval:def:1901607 During Jelly file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity attacks i ... oval:org.secpod.oval:def:1901606 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A ... oval:org.secpod.oval:def:1901601 Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. oval:org.secpod.oval:def:1901600 Remote code execution in lspci_process oval:org.secpod.oval:def:1901603 The setup_group function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a group section that is too small. oval:org.secpod.oval:def:1901602 An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created ".avi" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicati ... oval:org.secpod.oval:def:1901632 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of ... oval:org.secpod.oval:def:1901638 A flaw was found in RPC request using gfs3_rename_req in glusterfs-common server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. oval:org.secpod.oval:def:1901637 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ... oval:org.secpod.oval:def:1901633 An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".tif" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A ... oval:org.secpod.oval:def:1901635 A flaw was found in RPC request using gfs3_symlink_req in glusterfs-common server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary c ... oval:org.secpod.oval:def:1901641 An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".cin" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901640 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create ... oval:org.secpod.oval:def:1901642 The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. oval:org.secpod.oval:def:1901645 A flaw was found in RPC request using gfs3_lookup_req in glusterfs-common server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. oval:org.secpod.oval:def:1901644 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of ... oval:org.secpod.oval:def:1901647 DoS in process_demand_active oval:org.secpod.oval:def:1901615 An exploitable integer overflow exists in the "modifier_mdef_compact_influences" functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the ... oval:org.secpod.oval:def:1901618 It was found that usage of snprintf function in feature/locks translator of glusterfs-common server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. oval:org.secpod.oval:def:1901617 Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack oval:org.secpod.oval:def:1901611 DoS in sec_parse_crypt_info and in sec_recv oval:org.secpod.oval:def:1901613 An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".bmp" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901609 An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An a ... oval:org.secpod.oval:def:1901620 An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".png" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901626 An exploitable integer overflow exists in the "multires_load_old_dm" functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application ... oval:org.secpod.oval:def:1901629 rbenv is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution oval:org.secpod.oval:def:1901623 An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".iris" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. ... oval:org.secpod.oval:def:1901625 Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whe ... oval:org.secpod.oval:def:1901619 It was found that glusterfs-common server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient ... oval:org.secpod.oval:def:1901795 The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901794 Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. oval:org.secpod.oval:def:1901790 An issue was discovered in Teluu libpjproject-dev in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ... oval:org.secpod.oval:def:1901793 Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. oval:org.secpod.oval:def:1901792 An issue was discovered in Teluu libpjproject-dev in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will ... oval:org.secpod.oval:def:1901773 In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. oval:org.secpod.oval:def:1901772 realloc_symlink in rock.c in GNU libcdio-dev before 1.0.0 allows remote attackers to cause a denial of service via a crafted iso file. oval:org.secpod.oval:def:1901775 Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses-bin 6.0 allows attackers to cause a denial of service or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. oval:org.secpod.oval:def:1901774 print_iso9660_recurse in iso-info.c in GNU libcdio-dev before 1.0.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted iso file. oval:org.secpod.oval:def:1901776 extplorer exposes /usr and /etc/extplorer over HTTP oval:org.secpod.oval:def:1901784 The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. oval:org.secpod.oval:def:1901783 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful ... oval:org.secpod.oval:def:1901782 Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 . Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. oval:org.secpod.oval:def:1901788 mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service via a crafted MP3 file. oval:org.secpod.oval:def:1901715 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." oval:org.secpod.oval:def:1901714 When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup function in lib/q.c. oval:org.secpod.oval:def:1901717 In SWFTools, an address access exception was found in swfdump swf_GetBits. oval:org.secpod.oval:def:1901716 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. oval:org.secpod.oval:def:1901710 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer ... oval:org.secpod.oval:def:1901712 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a." oval:org.secpod.oval:def:1901707 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe." oval:org.secpod.oval:def:1901709 Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack. oval:org.secpod.oval:def:1901726 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service via a crafted WAV file. oval:org.secpod.oval:def:1901725 When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite function in lib/rxfswf.c. oval:org.secpod.oval:def:1901727 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by s ... oval:org.secpod.oval:def:1901722 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901721 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF oval:org.secpod.oval:def:1901724 SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. oval:org.secpod.oval:def:1901723 SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS . oval:org.secpod.oval:def:1901719 In SWFTools, a memcpy buffer overflow was found in gif2swf. oval:org.secpod.oval:def:1901718 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter function in lib/modules/swffilter.c. oval:org.secpod.oval:def:1901704 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono function in lib/wav.c. oval:org.secpod.oval:def:1901703 The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ELF f ... oval:org.secpod.oval:def:1901706 When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate function in lib/modules/swftools.c. oval:org.secpod.oval:def:1901705 In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596." oval:org.secpod.oval:def:1901701 In SWFTools, a memory leak was found in wav2swf. oval:org.secpod.oval:def:1901751 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901752 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. oval:org.secpod.oval:def:1901757 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. oval:org.secpod.oval:def:1901769 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. oval:org.secpod.oval:def:1901730 In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information by reading a Referer log, because account/lost_password does not use a redirect. oval:org.secpod.oval:def:1901737 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901736 Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. oval:org.secpod.oval:def:1901738 An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. oval:org.secpod.oval:def:1901733 Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. oval:org.secpod.oval:def:1901732 JabberD 2.x before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. oval:org.secpod.oval:def:1901735 Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. oval:org.secpod.oval:def:1901734 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901749 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... oval:org.secpod.oval:def:1901553 In Long Range Zip 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. oval:org.secpod.oval:def:1901554 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading ... oval:org.secpod.oval:def:1901557 ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. oval:org.secpod.oval:def:1901556 The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264. oval:org.secpod.oval:def:1901559 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. oval:org.secpod.oval:def:1901558 the web framework using ljharb"s qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. oval:org.secpod.oval:def:1901564 In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a p ... oval:org.secpod.oval:def:1901565 xrdp 0.9.1 calls the PAM function auth_start_session in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. oval:org.secpod.oval:def:1901560 Cross-site scripting vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. oval:org.secpod.oval:def:1901568 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata is due to a failure to check a pointer for being in bounds and a failure in a check in dwarf_attr_list. oval:org.secpod.oval:def:1901569 mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service by leveraging in-memory database representation when authenticating against a non-existent database. oval:org.secpod.oval:def:1901544 WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. oval:org.secpod.oval:def:1901549 An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user"s session, username, and password are not compromised by this vulnerability. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901545 The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. oval:org.secpod.oval:def:1901547 GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. oval:org.secpod.oval:def:1901597 It was found that an attacker could issue a xattr request via glusterfs-common FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. oval:org.secpod.oval:def:1901596 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. oval:org.secpod.oval:def:1901599 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs-common server node ... oval:org.secpod.oval:def:1901593 An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. ... oval:org.secpod.oval:def:1901592 Major information leak in ui_clip_handle_data oval:org.secpod.oval:def:1901594 It was found that the "mknod" call derived from mknod can create files pointing to devices on a glusterfs-common server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs-common server node. oval:org.secpod.oval:def:1901591 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs-common server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs-common server node. oval:org.secpod.oval:def:1901575 An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute "tface" of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the app ... oval:org.secpod.oval:def:1901574 An information disclosure vulnerability was discovered in glusterfs-common server. An attacker could issue a xattr request via glusterfs-common FUSE to determine the existence of any file. oval:org.secpod.oval:def:1901576 An exploitable integer overflow exists in the "BKE_mesh_calc_normals_tessface" functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicat ... oval:org.secpod.oval:def:1901571 The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901570 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. oval:org.secpod.oval:def:1901572 An issue was discovered in phpMyAdmin. phpinfo shows PHP information including values of HttpOnly cookies. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. oval:org.secpod.oval:def:1901579 A flaw was found in the way dic_unserialize function of glusterfs-common does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. oval:org.secpod.oval:def:1901578 An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".hdr" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicatio ... oval:org.secpod.oval:def:1901586 An exploitable integer overflow exists in the "CustomData" Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the cont ... oval:org.secpod.oval:def:1901588 An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created ".avi" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicati ... oval:org.secpod.oval:def:1901587 Memory corruption in rdp_in_unistr oval:org.secpod.oval:def:1901582 An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted ".cin" file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An ... oval:org.secpod.oval:def:1901581 DoS in mcs_recv_connect_response and in mcs_parse_domain_params oval:org.secpod.oval:def:1901584 It was found that glusterfs-common server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using "alloca". An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed bu ... oval:org.secpod.oval:def:1901583 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An at ... oval:org.secpod.oval:def:1901589 plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901580 Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1(POI bugs 61338 and 61294 oval:org.secpod.oval:def:1901797 Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to m_offsets.size. oval:org.secpod.oval:def:1901796 xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service oval:org.secpod.oval:def:1901799 The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901798 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF file. oval:org.secpod.oval:def:1901896 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. oval:org.secpod.oval:def:1901892 A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs. oval:org.secpod.oval:def:1901897 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. oval:org.secpod.oval:def:1901838 The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. oval:org.secpod.oval:def:1901834 Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. oval:org.secpod.oval:def:1901840 library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1901813 GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. oval:org.secpod.oval:def:1901812 There is a NULL Pointer Dereference in the function ll_insert of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901825 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. oval:org.secpod.oval:def:1901827 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. oval:org.secpod.oval:def:1901826 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. oval:org.secpod.oval:def:1901821 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. oval:org.secpod.oval:def:1901820 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. oval:org.secpod.oval:def:1901823 FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. oval:org.secpod.oval:def:1901818 Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. oval:org.secpod.oval:def:1901876 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:1901875 In GraphicsMagick 1.4 snapshot-20181209 Q8 there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specific ... oval:org.secpod.oval:def:1901877 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11 a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. oval:org.secpod.oval:def:1901882 stb stb_image.h 2.19 as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. oval:org.secpod.oval:def:1901859 WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this ha ... oval:org.secpod.oval:def:1901861 Hard coded domain name in example web service named StockQuoteService.jws leading to remote code execution oval:org.secpod.oval:def:1901860 Prosody before 0.10.0 allows remote attackers to cause a denial of service related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s ... oval:org.secpod.oval:def:1901862 In HDF5 1.10.1 there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901869 In GraphicsMagick 1.3.31 the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:1901865 Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. oval:org.secpod.oval:def:1901864 In HDF5 1.10.1 there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in liblibhdf5-dev.a. For example, h5dump would crash when someone opens a crafted libhdf5-dev file. oval:org.secpod.oval:def:1901802 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function . Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. oval:org.secpod.oval:def:1901801 The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901800 The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901929 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state fro ... oval:org.secpod.oval:def:1901900 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. oval:org.secpod.oval:def:38100 The host is installed with cryptsetup through 2:1.6.6-5ubuntu2 on Ubuntu 16.04, cryptsetup through 2:1.6.1-1ubuntu1 on Ubuntu 14.04, cryptsetup through 2:1.7.2-0ubuntu1 on Ubuntu 16.10 or cryptsetup through 2:1.4.1-2ubuntu4 on Ubuntu 12.04 and is prone to security bypass vulnerability. A flaw is pre ... oval:org.secpod.oval:def:38605 The host is installed with python-html5lib, python-html5lib-whl or python3-html5lib prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle characters. An attacker who successfully exploited these vulnerability could have unspecified impact oval:org.secpod.oval:def:38606 The host is installed with python-html5lib, python-html5lib-whl or python3-html5lib prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle characters. An attacker who successfully exploited these vulnerability could have cross site scripting oval:org.secpod.oval:def:40152 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:37412 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:38739 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:37885 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1901475 The serializer in python-html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting attacks by leveraging mishandling of the < character in attribute values. oval:org.secpod.oval:def:39292 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39290 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39291 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39289 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39281 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:39282 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39286 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39287 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39288 The host is installed with zziplib package on Ubuntu 16.04, Ubuntu 14.04, Ubuntu 16.10 or Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is present in application, which fails to properly handle a crafted zip files. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:39280 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:39279 The host is installed with icoutils through 0:0.31.0-3 on Ubuntu 16.04, 0:0.31.0-2+deb8u2build0.14.04.1 on Ubuntu 14.04, 0:0.31.0-3build1 on Ubuntu 16.10 or 0:0.29.1-2ubuntu0.1 on Ubuntu 12.04 and is prone to a buffer overflow vulnerability. A flaw is present in scripts, which fails to properly hand ... oval:org.secpod.oval:def:40657 libytnef: improved decoder for application/ms-tnef attachments libytnef could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704073 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704051 perl: Practical Extraction and Report Language Several security issues were fixed in Perl. oval:org.secpod.oval:def:1900533 The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. oval:org.secpod.oval:def:1901378 The serializer in python-html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. oval:org.secpod.oval:def:1900095 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messingup terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, . oval:org.secpod.oval:def:42573 The host is installed with RunC on Ubuntu 17.04 or 17.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the container. Successful exploitation could allow attackers to gain access to file-descriptors of new processes duri ... oval:org.secpod.oval:def:42576 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly assign permissions. Successful exploitation could allow attackers to obtain sensitive information, and perform protocol ... oval:org.secpod.oval:def:42575 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an image that allows volumes to override files in /proc. Successful exploitation could allow attackers to set arbitrary ... oval:org.secpod.oval:def:42579 The host is installed with docker.io on Ubuntu 14.04 or 16.04 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors involving unsafe /tmp usage. Successful exploitation could allow local users to have unspecified impact. oval:org.secpod.oval:def:44760 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a M ... oval:org.secpod.oval:def:44761 In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:44762 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. oval:org.secpod.oval:def:38488 apport: automatically generate crash reports for debugging Apport could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:45660 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:1900174 In the cron package through 3.0pl1-128 on Debian, and through3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. oval:org.secpod.oval:def:1900353 libexif-dev through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif-dev/exif-data.c caused by improper length computation of the allocated data of an ExifMnoteentry which can cause denial-of-service or possibly information disclosure. oval:org.secpod.oval:def:1900328 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected.watchOS before 3.2.2 is affected. The issue involves the "SQLite"component. It allows remote attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:1900331 An exploitable code execution vulnerability exists in the trapper command functionality of zabbix-agent Server 2.4.X. A specially crafted set of packet scan cause a command injection result ing in remote code execution. An attacker can make requests from an active zabbix-agent Proxy to trigger this ... oval:org.secpod.oval:def:50269 scp client spoofing via stderr oval:org.secpod.oval:def:50278 irssi: terminal based IRC client Irssi could be made to crash or execute arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:50279 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:1901604 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exis ... oval:org.secpod.oval:def:1900783 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. oval:org.secpod.oval:def:704285 postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:1901612 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ... oval:org.secpod.oval:def:68045 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:68046 libapache2-mod-perl2: Integration of perl with the Apache2 web server mod_perl could be made to run programs contrary to expectations. oval:org.secpod.oval:def:68047 freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:54265 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:1901130 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON. oval:org.secpod.oval:def:1900294 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. oval:org.secpod.oval:def:1900466 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:1901770 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call. oval:org.secpod.oval:def:1900453 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900031 Squid before 4.4, when SNMP is enabled, allows a denial of service via an SNMP packet. oval:org.secpod.oval:def:48010 libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ... oval:org.secpod.oval:def:1901720 get_8bit_row in rdbmp.c in libturbojpeg through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries. oval:org.secpod.oval:def:50337 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a la ... oval:org.secpod.oval:def:703086 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703085 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703071 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703066 libsoup2.4: HTTP client/server library for GNOME Details: USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory This update fixes ... oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:1900408 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function inImfHuf.cpp could cause the application to crash. oval:org.secpod.oval:def:1900404 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function inImfZip.cpp could cause the application to crash. oval:org.secpod.oval:def:704375 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:47604 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:34322 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer. Incorrect banked access bounds checking in vga module. oval:org.secpod.oval:def:1900101 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of tilibming-dev data using crafted packets. oval:org.secpod.oval:def:1901436 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition. oval:org.secpod.oval:def:1901414 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. oval:org.secpod.oval:def:1900122 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of tilibming-dev data using crafted packets. oval:org.secpod.oval:def:1900131 Directory Traversal with ../ sequences occurs in AccountsService before0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb in user.c. oval:org.secpod.oval:def:1901830 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:1900505 Integer overflow in the DHCP client in BusyBox before 1.25.0 allows remote attackers to cause a denial of service via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. oval:org.secpod.oval:def:1901831 NULL pointer dereference using a specially crafted X509 certificate oval:org.secpod.oval:def:1901833 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:1901884 A flaw was found in the way pacemaker"s client-server authentication was implemented. A local attacker could use this flaw and combine it with other IPC weaknesses, to achieve local privilege escalation. oval:org.secpod.oval:def:1901881 A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS oval:org.secpod.oval:def:1900520 A vulnerability was found in libexif-dev. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service and Information Disclosure . oval:org.secpod.oval:def:1901858 Todd Miller"s sudo version 1.8.20p1 and earlier is vulnerable to an input validation in the get_process_ttyname function resulting in information disclosure and command execution. oval:org.secpod.oval:def:1900537 Heap-based buffer overflow in the DHCP client in BusyBox before1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. oval:org.secpod.oval:def:48685 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703113 firefox: Mozilla Open Source web browser Details: USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ... oval:org.secpod.oval:def:703111 libarchive: Library to read/write archive files libarchive could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703118 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703107 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704426 freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:704414 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:1901375 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executio ... oval:org.secpod.oval:def:1900055 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. oval:org.secpod.oval:def:1900223 Use-after-free vulnerability in the clntudp_call function insunrpc/clnt_udp.c in the GNU C Library before 2.26allows remote attackers to have unspecified impact via vectors related to error path. oval:org.secpod.oval:def:1900236 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900214 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution;it may result in denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:53642 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901585 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option in networking/udhcp/common.c that 4-byte options a ... oval:org.secpod.oval:def:49173 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:50590 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:1901528 sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute ... oval:org.secpod.oval:def:50606 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing ... oval:org.secpod.oval:def:50607 An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability ... oval:org.secpod.oval:def:1900198 Vim 8.0 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted source file.NOTE: there might be a limited number of scenarios in which this has security relevance. oval:org.secpod.oval:def:1901499 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. oval:org.secpod.oval:def:1900160 A cache-based side channel in GnuTLS implementation that leads to plaintext recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. oval:org.secpod.oval:def:1901028 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. oval:org.secpod.oval:def:1901072 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming. oval:org.secpod.oval:def:1901058 FasterXML libjackson2-databind-java through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, ... oval:org.secpod.oval:def:1901223 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. oval:org.secpod.oval:def:1900741 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. oval:org.secpod.oval:def:1900791 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:703399 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703398 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703385 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file. oval:org.secpod.oval:def:703384 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703383 c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname. oval:org.secpod.oval:def:703376 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703375 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703370 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins Details: USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Original advisory GStreamer could be made to crash or run programs as your lo ... oval:org.secpod.oval:def:703379 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703361 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins GStreamer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703367 lxc: Linux Containers userspace tools LXC could be made to allow containers to access to the host filesystem. oval:org.secpod.oval:def:703366 moin: Collaborative hypertext environment Several security issues were fixed in MoinMoin. oval:org.secpod.oval:def:34282 ImageMagick allows to process files with external libraries. This feature is called 'delegate'. It is implemented as a system() with command string ('command') from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filteri ... oval:org.secpod.oval:def:34283 ImageMagick allows to make HTTP GET or FTP request. oval:org.secpod.oval:def:34286 ImageMagick allows to get content of the files from the server by using 'label' pseudo protocol. oval:org.secpod.oval:def:34284 ImageMagick allows to delete files by using 'ephemeral' pseudo protocol which deletes files after reading. oval:org.secpod.oval:def:34285 ImageMagick allows to move image files to file with any extension in any folder by using 'msl' pseudo protocol. oval:org.secpod.oval:def:703359 tar: GNU version of the tar archiving utility tar could be made to overwrite files. oval:org.secpod.oval:def:703358 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703343 memcached: high-performance memory object caching system Memcached could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703342 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-367: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to run programs as an administrator. oval:org.secpod.oval:def:703334 mailman: Powerful, web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:703333 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703332 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:703331 nginx: small, powerful, scalable web/proxy server Details: USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3114-1 introduc ... oval:org.secpod.oval:def:703338 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703337 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703339 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703327 nginx: small, powerful, scalable web/proxy server The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703329 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703328 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1901153 Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an ap ... oval:org.secpod.oval:def:703312 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:1901150 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:1901149 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:1901171 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac ... oval:org.secpod.oval:def:1901323 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:1901326 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. oval:org.secpod.oval:def:1901338 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1900840 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interact ... oval:org.secpod.oval:def:1900849 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c ... oval:org.secpod.oval:def:37385 gdk-pixbuf: GDK-Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900890 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:703499 network-manager-applet: GNOME frontend for NetworkManager The system could be made to expose sensitive information. oval:org.secpod.oval:def:703490 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703483 imagemagick: Image manipulation programs and library Details: USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-31 ... oval:org.secpod.oval:def:703487 libreoffice: Office productivity suite LibreOffice could be made to disclose files if it opened a specially crafted file. oval:org.secpod.oval:def:703473 python-crypto: cryptographic algorithms and protocols for Python Details: USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This up ... oval:org.secpod.oval:def:703471 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703470 python-crypto: cryptographic algorithms and protocols for Python Programs using the Python Cryptography Toolkit could be made to crash or run programs if they receive specially crafted network traffic or other input. oval:org.secpod.oval:def:703476 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900825 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. oval:org.secpod.oval:def:703479 tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703460 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:1900834 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit ... oval:org.secpod.oval:def:703467 libgc: Boehm-Demers-Weiser garbage collecting storage allocator library Applications using libgc could be made to crash or run programs as your login. oval:org.secpod.oval:def:703459 firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ... oval:org.secpod.oval:def:703440 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703443 libxpm: X11 pixmap library libXpm could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1901274 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attack ... oval:org.secpod.oval:def:703433 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash under certain conditions. oval:org.secpod.oval:def:703436 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:703435 pcsc-lite: Middleware to access a smart card using PC/SC PCSC-Lite could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:703434 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703439 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703425 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:1901252 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703417 exim4: Exim is a mail transport agent Exim could be made to expose private DKIM signing keys. oval:org.secpod.oval:def:703416 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:1901269 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703400 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:1901264 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901261 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. oval:org.secpod.oval:def:1901292 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. oval:org.secpod.oval:def:1901434 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:1900564 A bug in the error handling of the send file code for the NIO HTTPconnector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant ... oval:org.secpod.oval:def:1900561 Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0,and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypas ... oval:org.secpod.oval:def:1900996 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to comp ... oval:org.secpod.oval:def:1900961 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to com ... oval:org.secpod.oval:def:703190 libimobiledevice: Library for communicating with iPhone and iPod Touch devices libimobiledevice would allow unintended access to devices over the network. oval:org.secpod.oval:def:703187 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703170 wget: retrieves files from the web Wget could be made to overwrite files. oval:org.secpod.oval:def:703165 squid3: Web proxy cache server Several security issues were fixed in Squid. oval:org.secpod.oval:def:703146 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703145 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703130 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ... oval:org.secpod.oval:def:703139 dosfstools: utilities for making and checking MS-DOS FAT filesystems dosfstools could be made to crash or run programs if it processed a specially crafted filesystem. oval:org.secpod.oval:def:1900950 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ... oval:org.secpod.oval:def:703581 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:703579 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703578 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:703566 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703550 samba: SMB/CIFS file, print, and login server for Unix Details: USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory USN-3242-1 introduced a regression in Sam ... oval:org.secpod.oval:def:703554 nagios3: host/service/network monitoring and management system Several security issues were fixed in Nagios. oval:org.secpod.oval:def:1901394 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:703557 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:703547 apparmor: Linux security system AppArmor could remove the confinement from some programs. oval:org.secpod.oval:def:703546 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703545 gst-plugins-base1.0: GStreamer Plugins - gst-plugins-base0.10: GStreamer Plugins GStreamer Base Plugins could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703549 firefox: Mozilla Open Source web browser Details: USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3216-1 introduced a regression in Firefox. oval:org.secpod.oval:def:703548 gst-plugins-good1.0: GStreamer plugins - gst-plugins-good0.10: GStreamer plugins GStreamer Good Plugins could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703531 glibc: GNU C Library - eglibc: GNU C Library Details: USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that lo ... oval:org.secpod.oval:def:703535 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703533 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703525 firefox: Mozilla Open Source web browser An integer overflow was discovered in Firefox. oval:org.secpod.oval:def:703524 nvidia-graphics-drivers-375: NVIDIA binary X.Org driver Details: USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340. This update provides the corresponding update for nvidia-graphics-drivers-375. Original advisory NVIDIA graphics drivers could be made to ... oval:org.secpod.oval:def:703523 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703529 nvidia-graphics-drivers-304: NVIDIA binary X.Org driver - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver - nvidia-graphics-drivers-375: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash under certain conditions. oval:org.secpod.oval:def:703526 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703516 libevent: Asynchronous event notification library Several security issues were fixed in libevent. oval:org.secpod.oval:def:703509 libarchive: Library to read/write archive files libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703508 lxc: Linux Containers userspace tools LXC could be made to create arbitrary virtual network interfaces as an administrator. oval:org.secpod.oval:def:703502 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703506 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1901562 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:38026 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901514 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901520 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. oval:org.secpod.oval:def:703299 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703286 python-django: High-level Python web development framework Django could be made to set arbitrary cookies. oval:org.secpod.oval:def:703285 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703283 openssl: Secure Socket Layer cryptographic library and tools Details: USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-308 ... oval:org.secpod.oval:def:703289 samba: SMB/CIFS file, print, and login server for Unix Samba could be tricked into connecting to impersonated servers. oval:org.secpod.oval:def:1901506 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1901507 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. oval:org.secpod.oval:def:703278 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703270 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703264 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703261 mysql-5.7: MySQL database - mysql-5.5: MySQL database MySQL could be made to run programs as an administrator. oval:org.secpod.oval:def:703257 file-roller: archive manager for GNOME File Roller could be made to delete files. oval:org.secpod.oval:def:703241 fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703240 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers. oval:org.secpod.oval:def:36753 The host is installed with Linux Kernel on Ubuntu 12.04, 14.04 and 16.04 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to hijack TCP sessions. oval:org.secpod.oval:def:703248 eog: Eye of GNOME graphics viewer program Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. oval:org.secpod.oval:def:703235 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:703239 postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703238 gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers. oval:org.secpod.oval:def:703236 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily ... oval:org.secpod.oval:def:703223 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703221 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703210 apache2: Apache HTTP server A security issue was fixed in the Apache HTTP Server. oval:org.secpod.oval:def:703217 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703206 nspr: NetScape Portable Runtime Library NSPR could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:703208 libarchive: Library to read/write archive files libarchive could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:1901038 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1901030 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. oval:org.secpod.oval:def:1901018 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. oval:org.secpod.oval:def:1901017 The C software implementation of AES Encryption and Decryption in wolfSSL before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. oval:org.secpod.oval:def:35816 spice: SPICE protocol client and server library Several security issues were fixed in Spice. oval:org.secpod.oval:def:1901055 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ... oval:org.secpod.oval:def:1900349 A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed.This coul ... oval:org.secpod.oval:def:703837 git: fast, scalable, distributed revision control system Git be made to run programs if it processed a specially crafted file. oval:org.secpod.oval:def:703836 firefox: Mozilla Open Source web browser Details: USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3435-1 caused a regression in Firefox. oval:org.secpod.oval:def:1901202 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703828 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq. oval:org.secpod.oval:def:703827 ca-certificates: Common CA certificates ca-certificates was updated to the 20170717 package. oval:org.secpod.oval:def:703826 nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703825 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703824 libidn: implementation of IETF IDN specifications Libidn could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:703816 emacs24: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703811 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:703814 libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703812 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900339 The error page mechanism of the Java Servlet Specification requires that,when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original H ... oval:org.secpod.oval:def:703808 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703807 qemu: Machine emulator and virtualizer Details: USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory USN ... oval:org.secpod.oval:def:703809 libplist: Library for handling Apple binary and XML property lists Libplist could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703804 bind9: Internet Domain Name Server Details: USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update ad ... oval:org.secpod.oval:def:1901233 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac ... oval:org.secpod.oval:def:1901692 A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. oval:org.secpod.oval:def:1900788 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serv ... oval:org.secpod.oval:def:1900773 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1900775 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703796 tcpdump: command-line network traffic analyzer Several security issues were fixed in tcpdump. oval:org.secpod.oval:def:703794 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703793 bluez: Bluetooth tools and daemons BlueZ could be made to expose sensitive information over bluetooth. oval:org.secpod.oval:def:703784 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:703774 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703773 graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font. oval:org.secpod.oval:def:703772 augeas: Configuration editing tool Augeas could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:703777 texlive-base: TeX Live: Essential programs and files TeX Live could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703775 cvs: Concurrent Versions System cvs could be made run programs as your login if it opened a specially crafted cvs repository. oval:org.secpod.oval:def:703762 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55. oval:org.secpod.oval:def:703760 postgresql-9.6: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703767 firefox: Mozilla Open Source web browser Details: USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3391-1 introduced a regression in Firefox. oval:org.secpod.oval:def:703765 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703769 c-ares: library for asynchronous name resolution c-ares could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703752 libsoup2.4: HTTP client/server library for GNOME Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic. oval:org.secpod.oval:def:703756 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:703753 git: fast, scalable, distributed revision control system Git could be made run programs as your login if it opened a specially crafted git repository. oval:org.secpod.oval:def:703742 shotwell: digital photo organizer Shotwell could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703730 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:703734 imagemagick: Image manipulation programs and library Details: USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the inconvenience. Original ... oval:org.secpod.oval:def:703733 rabbitmq-server: AMQP server written in Erlang RabbitMQ could allow unintended access to network services. oval:org.secpod.oval:def:703729 apache2: Apache HTTP server Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:703725 libiberty: library of utility functions used by GNU programs Several security issues were fixed in libiberty. oval:org.secpod.oval:def:703954 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703957 intel-microcode: Processor microcode for Intel CPUs Details: USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous ... oval:org.secpod.oval:def:703955 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C library. oval:org.secpod.oval:def:1901321 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703946 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:703932 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original adviso ... oval:org.secpod.oval:def:703935 awstats: powerful and featureful web server log analyzer AWStats could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703934 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:703918 linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware. oval:org.secpod.oval:def:703917 evince: Document viewer Evince could be made to run programs if it printed a specially crafted file. oval:org.secpod.oval:def:703916 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703915 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3477-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:703910 libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703913 libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files. oval:org.secpod.oval:def:1901361 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703907 firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ... oval:org.secpod.oval:def:703906 libxml-libxml-perl: Perl interface to the libxml2 library XML::LibXML could be made to crash or run programs if it processed specially crafted input. oval:org.secpod.oval:def:703908 optipng: advanced PNG optimizer OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703901 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703900 ldns: ldns library for DNS programming Several security issues were fixed in ldns. oval:org.secpod.oval:def:1901336 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1901342 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703891 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:1901266 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server ... oval:org.secpod.oval:def:703888 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703887 apport: automatically generate crash reports for debugging Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation. oval:org.secpod.oval:def:1901260 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:703885 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:703889 procmail: Versatile e-mail processor formail could be made to crash or run programs if it processed specially crafted mail. oval:org.secpod.oval:def:703872 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:703871 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:703862 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703861 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:703860 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant. oval:org.secpod.oval:def:703865 nvidia-graphics-drivers-384: Transitional package for libcuda1-384 NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703864 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703867 pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker. oval:org.secpod.oval:def:1901299 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve ... oval:org.secpod.oval:def:703851 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:703855 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703853 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703840 libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library Several security issues were fixed in libXfont. oval:org.secpod.oval:def:1900145 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901462 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac ... oval:org.secpod.oval:def:1900964 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:1901811 There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901879 libc does not account for all the possible return values from the kernel getcwd syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd libary function. oval:org.secpod.oval:def:1901407 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ... oval:org.secpod.oval:def:1900904 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ... oval:org.secpod.oval:def:703594 firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ... oval:org.secpod.oval:def:703599 git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703583 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:703582 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted EMF file. oval:org.secpod.oval:def:703587 rtmpdump: small dumper for media content streamed over the RTMP protocol rtmpdump could be made to crash or run programs as your login if it processed a specially crafted stream. oval:org.secpod.oval:def:703585 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file. oval:org.secpod.oval:def:703584 shadow: system login tools su could be made to crash or stop programs as an administrator. oval:org.secpod.oval:def:1900956 Vulnerability in the MySQL Connectors component of Oracle MySQL . Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulne ... oval:org.secpod.oval:def:703588 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1900935 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit ... oval:org.secpod.oval:def:1900076 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.38 and prior and5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of th ... oval:org.secpod.oval:def:1900041 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901374 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. S ... oval:org.secpod.oval:def:1900050 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior,5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1901381 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ... oval:org.secpod.oval:def:703982 firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ... oval:org.secpod.oval:def:703980 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703986 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703984 advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703971 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:703970 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703976 miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703973 firefox: Mozilla Open Source web browser Firefox could be made to run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703961 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703965 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703710 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703716 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703713 xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:1901567 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve ... oval:org.secpod.oval:def:703706 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703700 evince: Document viewer Evince could be made run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703705 apport: automatically generate crash reports for debugging An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user. oval:org.secpod.oval:def:1900269 Integer overflow in the decode_digit function in puny_decode.c in Libidn2before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:50600 Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. oval:org.secpod.oval:def:703693 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703692 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703694 poppler: PDF rendering library poppler could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703699 nginx: small, powerful, scalable web/proxy server nginx could be made to expose sensitive information over the network. oval:org.secpod.oval:def:703685 bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network. oval:org.secpod.oval:def:703674 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703673 valgrind: instrumentation framework for building dynamic analysis tools Valgrind could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703672 openvpn: virtual private network software Several security issues were fixed in OpenVPN. oval:org.secpod.oval:def:703662 exim4: Exim is a mail transport agent Exim could be made to run programs as an administrator. oval:org.secpod.oval:def:1901044 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of thi ... oval:org.secpod.oval:def:1900163 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:703653 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:703652 irssi: terminal based IRC client Irssi could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703656 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703655 zziplib: library providing read access on ZIP-archives zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703654 libmwaw: import library for some old Mac text documents libmwaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703659 glibc: GNU C Library - eglibc: GNU C Library Gnu C library could be made to run programs as an administrator. oval:org.secpod.oval:def:703642 libnl3: library for dealing with netlink sockets libnl could be made to crash or run programs. oval:org.secpod.oval:def:703647 nagios3: host/service/network monitoring and management system Details: USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3253-1 introduced a r ... oval:org.secpod.oval:def:703631 tiff: Tag Image File Format library Details: USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3 ... oval:org.secpod.oval:def:703639 libtasn1-6: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703638 openldap: OpenLDAP utilities OpenLDAP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703637 libsndfile: Library for reading/writing audio files Several security issues were fixed in libsndfile. oval:org.secpod.oval:def:703636 nvidia-graphics-drivers-375: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:703620 miniupnpc: UPnP IGD client lightweight library MiniUPnP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:703629 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703622 juju-core: next generation service orchestration system The system could be made to run programs as an administrator. oval:org.secpod.oval:def:703621 firefox: Mozilla Open Source web browser Firefox was updated to a new version. oval:org.secpod.oval:def:703628 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703627 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:703619 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as an administrator. oval:org.secpod.oval:def:703618 jbig2dec: JBIG2 decoder library Several security issues were fixed in jbig2dec. oval:org.secpod.oval:def:703612 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:703609 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703607 shadow: system login tools Details: USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory USN-3276-1 introduced a regression in su. oval:org.secpod.oval:def:703603 ghostscript: PostScript and PDF interpreter Details: USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3272-1 introd ... oval:org.secpod.oval:def:1900721 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ... oval:org.secpod.oval:def:1900737 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ... oval:org.secpod.oval:def:1900795 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:704223 irssi: terminal based IRC client Several security issues were fixed in Irssi. oval:org.secpod.oval:def:704211 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information. oval:org.secpod.oval:def:704213 mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code. oval:org.secpod.oval:def:704200 twisted: Event-based framework for internet applications Twisted could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704208 python2.7: An interactive high-level object-oriented language Python could be made to run arbitrary code. oval:org.secpod.oval:def:704209 patch: Apply a diff file to an original Several security issues were fixed in Patch. oval:org.secpod.oval:def:704204 perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file. oval:org.secpod.oval:def:1901165 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t ... oval:org.secpod.oval:def:1901337 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Su ... oval:org.secpod.oval:def:1901277 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1901263 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:1900159 An issue was discovered in libjpeg 9a. The get_text_gray_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900120 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent a ... oval:org.secpod.oval:def:704095 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704096 nvidia-graphics-drivers-384: NVIDIA binary X.Org driver NVIDIA graphics drivers could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:704091 procps: /proc file system utilities Several security issues were fixed in procps-ng. oval:org.secpod.oval:def:704082 firefox: Mozilla Open Source web browser Details: USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3645-1 caused a regression i ... oval:org.secpod.oval:def:704071 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1901839 An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. oval:org.secpod.oval:def:704066 qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF. oval:org.secpod.oval:def:704053 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704046 firefox: Mozilla Open Source web browser Details: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3596-1 ... oval:org.secpod.oval:def:704047 ubuntu-release-upgrader: manage release upgrades ubuntu-release-upgrader incorrectly opened as browser as an administrator. oval:org.secpod.oval:def:704048 wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704036 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:704037 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704031 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704032 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704034 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704039 python-crypto: cryptographic algorithms and protocols for Python Python Crypto could expose sensitive information. oval:org.secpod.oval:def:704024 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704027 screen-resolution-extra: Extension for the GNOME screen resolution applet Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations. oval:org.secpod.oval:def:704020 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704021 paramiko: Python SSH2 library Paramiko could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704029 icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704013 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704015 memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704012 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704002 qemu: Machine emulator and virtualizer Details: USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory USN-3575-1 introd ... oval:org.secpod.oval:def:704003 dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot. oval:org.secpod.oval:def:704004 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:704000 isc-dhcp: DHCP server and client Several security issues were fixed in DHCP. oval:org.secpod.oval:def:704001 memcached: high-performance memory object caching system Several security issues were fixed in Memcached. oval:org.secpod.oval:def:704006 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704008 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704009 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1900953 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:46447 cups: Common UNIX Printing System Several security issues were fixed in CUPS. oval:org.secpod.oval:def:1900934 Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ... oval:org.secpod.oval:def:1900070 An issue was discovered in libjpeg 9a. The get_text_rgb_row function inrdppm.c allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:703990 libreoffice: Office productivity suite LibreOffice would allow unintended access to files over the network. oval:org.secpod.oval:def:703997 sensible-utils: Utilities for sensible alternative selection sensible-utils could be made to run programs as your login if it opened a malicious URL. oval:org.secpod.oval:def:703989 cups: Common UNIX Printing System CUPS could be made to provide access to printers over the network. oval:org.secpod.oval:def:44739 php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704196 transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code. oval:org.secpod.oval:def:704198 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704199 xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704192 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704193 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704194 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704195 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704189 python-werkzeug: collection of utilities for WSGI applications Werkzeug could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704187 python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory Python could be made to run ... oval:org.secpod.oval:def:704188 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704182 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704183 poppler: PDF rendering library poppler could be made to crash if opened a specially crafted file. oval:org.secpod.oval:def:704184 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted PDF. oval:org.secpod.oval:def:704179 dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704174 libvorbis: The Vorbis General Audio Compression Codec Several security issues were fixed in libvorbis. oval:org.secpod.oval:def:704175 icu: International Components for Unicode library ICU could be made to crash or run arbitrary code as your login if it received specially crafted input. oval:org.secpod.oval:def:704177 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704172 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704173 libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:704167 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:704168 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704164 clamav: Anti-virus utility for Unix ClamAV could be made to hang if it opened a specially crafted file. oval:org.secpod.oval:def:704166 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:704158 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704153 firefox: Mozilla Open Source web browser Details: USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3705-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704150 openslp-dfsg: Service Location Protocol library OpenSLP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704145 zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704147 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704133 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:704124 gnupg2: GNU privacy guard - a free PGP replacement Details: USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory GnuPG 2 could be made to present validi ... oval:org.secpod.oval:def:704111 gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG. oval:org.secpod.oval:def:704119 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704101 exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704102 apport: automatically generate crash reports for debugging Details: USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu ... oval:org.secpod.oval:def:704105 elfutils: collection of utilities to handle ELF objects elfutils could be made to crash or consume resources if it opened a specially crafted file. oval:org.secpod.oval:def:704108 unbound: validating, recursive, caching DNS resolver A security issue was fixed in Unbound. oval:org.secpod.oval:def:1901048 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901045 The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. oval:org.secpod.oval:def:1901066 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ... oval:org.secpod.oval:def:1900320 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. oval:org.secpod.oval:def:1900717 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:704288 wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message. oval:org.secpod.oval:def:704280 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704282 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:704277 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:1900319 RubyGems version 2.6.12 and earlier fails to validate specification names,allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. oval:org.secpod.oval:def:704272 - gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information. oval:org.secpod.oval:def:704252 lftp: Sophisticated command-line FTP/HTTP/BitTorrent client programs LFTP could be made to crash if it received specially crafted file. oval:org.secpod.oval:def:704250 libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704244 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704249 clamav: Anti-virus utility for Unix Details: USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704233 sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704235 libtasn1-6: Library to manage ASN.1 structures Several security issues were fixed in Libtasn1. oval:org.secpod.oval:def:704236 gdk-pixbuf: GDK Pixbuf library Several security issues were fixed in GDK-PixBuf. oval:org.secpod.oval:def:704232 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:704237 evolution-data-server: Evolution suite data server Evolution Data Server could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704238 clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We a ... oval:org.secpod.oval:def:704224 wavpack: audio codec - encoder and decoder WavPack could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704225 libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input. oval:org.secpod.oval:def:704227 perl: Practical Extraction and Report Language Perl could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:704229 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704214 spice: SPICE protocol client and server library - spice-protocol: SPICE protocol headers Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704219 libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704216 wget: retrieves files from the web Wget could be made to inject arbitrary cookie values. oval:org.secpod.oval:def:704217 postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code. oval:org.secpod.oval:def:1900037 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:704398 firefox: Mozilla Open Source web browser Details: USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3801-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:704388 clamav: Anti-virus utility for Unix Details: USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704384 gettext: GNU Internationalization utilities gettext could be made to execute arbitrary code if it received a specially crafted message. oval:org.secpod.oval:def:704376 spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin. oval:org.secpod.oval:def:704377 ppp: Point-to-Point Protocol ppp could be made to crash or bypass authentication if it received specially crafted network traffic. oval:org.secpod.oval:def:704372 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704369 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704356 mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:704350 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704351 moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:704352 libssh: A tiny C SSH library libssh could allow unintended access to network services. oval:org.secpod.oval:def:704353 paramiko: Python SSH2 library Paramiko could allow unintended access to network services. oval:org.secpod.oval:def:704358 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704344 tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations. oval:org.secpod.oval:def:704340 libxkbcommon: library interface to the XKB compiler - development files Several security issues were fixed in libxkbcommon. oval:org.secpod.oval:def:704347 clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704348 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704349 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704335 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704337 liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis. oval:org.secpod.oval:def:704339 apparmor: Linux security system Use a more restrictive blacklist in several policy abstractions. oval:org.secpod.oval:def:704323 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704320 glib2.0: GLib Input, Output and Streaming Library Several security issues were fixed in GLib. oval:org.secpod.oval:def:704327 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704328 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704310 transfig: Utilities for converting XFig figure files transfig could be made to execute arbitrary code if it received a specially crafted FIG file. oval:org.secpod.oval:def:704311 zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script. oval:org.secpod.oval:def:704318 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704314 firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory USN-3761-1 caused several ... oval:org.secpod.oval:def:704315 firefox: Mozilla Open Source web browser Details: USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconven ... oval:org.secpod.oval:def:704316 curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to run arbitrary code if it received a specially crafted input. oval:org.secpod.oval:def:704317 clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3722-1 introduced a regressio ... oval:org.secpod.oval:def:704307 libx11: X11 client-side library Several security issues were fixed in libx11. oval:org.secpod.oval:def:704308 libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc. oval:org.secpod.oval:def:704309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704304 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704306 poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file. oval:org.secpod.oval:def:1900116 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1900147 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior,5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise My ... oval:org.secpod.oval:def:1901486 Vulnerability in the MySQL Client component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis ... oval:org.secpod.oval:def:1901004 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ... oval:org.secpod.oval:def:1901807 device_tree: heap buffer overflow while loading device tree blob oval:org.secpod.oval:def:704432 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:704433 python-django: High-level Python web development framework Django could be made to expose spoofed information over the network. oval:org.secpod.oval:def:704421 cups: Common UNIX Printing System CUPS could be made to expose sensitive information. oval:org.secpod.oval:def:704422 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:704423 poppler: PDF rendering library Details: USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3837-1 introduced a regression in poppler. oval:org.secpod.oval:def:704425 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704417 ghostscript: PostScript and PDF interpreter Details: USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory USN-3831-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:704419 wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack. oval:org.secpod.oval:def:704416 libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704400 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:704401 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:1900063 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ... oval:org.secpod.oval:def:1900066 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M ... oval:org.secpod.oval:def:704406 libssh: A tiny C SSH library Details: USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory USN-3795-1 and USN-3795-2 introduced a regression in libssh. oval:org.secpod.oval:def:704407 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:1900096 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ... oval:org.secpod.oval:def:1900222 A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server,could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-client-gtk versions through 0.34are ... oval:org.secpod.oval:def:1900241 In ImageMagick before 6.9.7-10, there is a crash if the image dimensions are too large,as demonstrated by use of the mpc coder. oval:org.secpod.oval:def:704178 mutt: text-based mailreader supporting MIME, GPG, PGP and threading Several security issues were fixed in Mutt. oval:org.secpod.oval:def:704129 libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information. oval:org.secpod.oval:def:1901095 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:1901676 GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may re ... oval:org.secpod.oval:def:1901684 GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:50270 scp client spoofing via stderr oval:org.secpod.oval:def:50267 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. oval:org.secpod.oval:def:50268 scp client missing received object name validation oval:org.secpod.oval:def:1900757 An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. oval:org.secpod.oval:def:1900725 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ... oval:org.secpod.oval:def:704660 libgd2: GD Graphics Library Several security issues were fixed in GD. oval:org.secpod.oval:def:704651 ghostscript: PostScript and PDF interpreter Details: USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory USN-3866-2 introduced a regressi ... oval:org.secpod.oval:def:704652 ldb: LDAP-like embedded database - tools LDB could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704653 gnome-keyring: GNOME keyring services GNOME Keyring could be made to expose sensitive information. oval:org.secpod.oval:def:704654 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704655 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704658 nss: Network Security Service library NSS could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704805 openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete. oval:org.secpod.oval:def:1901787 In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small oval:org.secpod.oval:def:1900026 The GD Graphics Library 2.2.5 has a double free in thegdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE:PHP is unaffected. oval:org.secpod.oval:def:1900007 The libtiff-toolsFdOpen function in tif_unix.c in Liblibtiff-tools 4.0.10 has a memory leak,as demonstrated by pal2rgb. oval:org.secpod.oval:def:1900480 libical-dev 1.0 allows remote attackers to cause a denial of service via a crafted ics file. oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:1901708 XML parser class fails to trap exceptions on malformed XML declaration oval:org.secpod.oval:def:1901728 hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random function call. oval:org.secpod.oval:def:1901700 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. oval:org.secpod.oval:def:1901754 [Escape sequence injection vulnerability in verbose] oval:org.secpod.oval:def:1901756 [Escape sequence injection vulnerability in API response handling] oval:org.secpod.oval:def:1901760 [Delete directory using symlink when decompressing tar] oval:org.secpod.oval:def:1901739 [Escape sequence injection vulnerability in gem owner] oval:org.secpod.oval:def:1901742 [Installing a malicious gem may lead to arbitrary code execution] oval:org.secpod.oval:def:1901745 [Escape sequence injection vulnerability in errors] oval:org.secpod.oval:def:1900823 GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. oval:org.secpod.oval:def:1900827 In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. oval:org.secpod.oval:def:1900117 In Liblibtiff-tools 4.0.9, there is a NULL pointer dereference in the libtiff-toolsWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by libtiff-tools set. oval:org.secpod.oval:def:1900140 NULL pointer dereference in several CMS functions result ing in a denial of service oval:org.secpod.oval:def:1900985 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ... oval:org.secpod.oval:def:1901806 An out-of-bounds heap read condition when scanning PE files oval:org.secpod.oval:def:1901808 Buffer overflow vulnerability oval:org.secpod.oval:def:1900529 An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the libfreeimage-dev library. A specially crafted XMPfile can cause an arbitrary memory overwrite result ing in code execution.An attacker can provide a malicious image to trigger this vulnerability. oval:org.secpod.oval:def:1901854 libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:704494 snapd: Daemon and tooling that enable snap packages snapd could be made to run programs as an administrator. oval:org.secpod.oval:def:704490 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704492 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704486 libreoffice: Office productivity suite Several security issues were fixed in LibreOffice. oval:org.secpod.oval:def:704487 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:704489 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:704485 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:704475 avahi: Avahi IPv4LL network address configuration daemon Several security issues were fixed in Avahi. oval:org.secpod.oval:def:704473 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704474 libvncserver: vnc server library Several security issues were fixed in LibVNCServer. oval:org.secpod.oval:def:704468 spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704450 ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:704452 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704440 libcaca: text mode graphics utilities Several security issues were fixed in libcaca. oval:org.secpod.oval:def:704441 libarchive: Library to read/write archive files Several security issues were fixed in libarchive. oval:org.secpod.oval:def:704447 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704448 poppler: PDF rendering library Several security issues were fixed in poppler. oval:org.secpod.oval:def:704449 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:1901803 An out-of-bounds heap read condition when scanning PDF documents oval:org.secpod.oval:def:1901804 An out-of-bounds heap write condition when scanning OLE2 files oval:org.secpod.oval:def:704899 libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:704882 systemd: system and service manager The systemd PAM module could be used to gain additional PolicyKit privileges. oval:org.secpod.oval:def:704883 wget: retrieves files from the web Several security issues were fixed in Wget. oval:org.secpod.oval:def:704884 wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant and hostapd. oval:org.secpod.oval:def:704881 clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV. oval:org.secpod.oval:def:704888 rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input. oval:org.secpod.oval:def:704889 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:1900077 A NULL pointer dereference in the function _libtiff-tools memcmp at tif_unix.c in Liblibtiff-tools 4.0.9 allows an attacker to cause a denial-of-service through a crafted libtiff-tools file. This vulnerability can be triggered by the executable libtiff-tool scp. oval:org.secpod.oval:def:704877 advancecomp: collection of recompression utilities AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:704878 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations. oval:org.secpod.oval:def:704861 dovecot: IMAP and POP3 email server Dovecot could be made to crash or run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:704852 freeimage: Support library for graphics image formats FreeImage could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704853 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704855 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox. oval:org.secpod.oval:def:704842 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704845 xmltooling: C++ XML parsing library with encryption support xmltooling could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:704836 snapd: Daemon and tooling that enable snap packages An intended access restriction in snapd could be bypassed by strict mode snaps on 64 bit architectures. oval:org.secpod.oval:def:704838 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:704822 walinuxagent: Windows Azure Linux Agent WALinuxAgent could be made to expose sensitive information. oval:org.secpod.oval:def:1900685 An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. oval:org.secpod.oval:def:1901120 0-byte record padding oracle oval:org.secpod.oval:def:1901515 In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. oval:org.secpod.oval:def:704501 ghostscript: PostScript and PDF interpreter Details: USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory USN-3866-1 introduced a regression in Ghostscript. oval:org.secpod.oval:def:704502 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:1901079 GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. oval:org.secpod.oval:def:1900388 In libsndfile1 version 1.0.28, an error in the "aiff_read_chanmap"function can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. oval:org.secpod.oval:def:1900794 In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. oval:org.secpod.oval:def:1900314 The function d2a law_array in a law.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245. oval:org.secpod.oval:def:1901170 The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of ... oval:org.secpod.oval:def:1901355 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. oval:org.secpod.oval:def:1901702 Jann Horn identified a problem in current versions of libseccomp-dev where the library did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators . oval:org.secpod.oval:def:1901755 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find located at Dict.cc, which can be triggered by passing a crafted pdf file to the pdfunite binary. oval:org.secpod.oval:def:1901762 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. oval:org.secpod.oval:def:1901761 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. oval:org.secpod.oval:def:1901744 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. oval:org.secpod.oval:def:1900896 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. oval:org.secpod.oval:def:1901743 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. oval:org.secpod.oval:def:1900414 The function GfxImageColorMap::getGray in GfxState.cc in libpoppler-dev 0.54.0allows remote attackers to cause a denial of service via a crafted PDF document, related to missing color-map validation in Image OutputDev.cc. oval:org.secpod.oval:def:1900114 In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:1900119 A stack-based buffer overflow in psf_memset in common.c in libsndfile11.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.The vulnerability can be triggered by the executable sndfile-deinterleave. oval:org.secpod.oval:def:704902 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3918-1 caused a regression in Firefox ... oval:org.secpod.oval:def:1900144 In libpoppler-dev 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extract PDFSubtype processing. oval:org.secpod.oval:def:1900146 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. oval:org.secpod.oval:def:1900143 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile1 1.0.28 that will cause a denial of service. oval:org.secpod.oval:def:1900149 keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes result ing in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. oval:org.secpod.oval:def:1900154 ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. oval:org.secpod.oval:def:1900123 An issue was discovered in libsndfile1 1.0.28. There is a NULL pointerdereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. oval:org.secpod.oval:def:1900130 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2a law_array in a law.c that will lead to a denial of service. oval:org.secpod.oval:def:1900137 In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file. oval:org.secpod.oval:def:1900501 python-web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. oval:org.secpod.oval:def:1901816 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. oval:org.secpod.oval:def:1901810 Issue related to CVE-2019-10906, str.format vulnerability oval:org.secpod.oval:def:1901824 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. oval:org.secpod.oval:def:1901822 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. oval:org.secpod.oval:def:1901817 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. oval:org.secpod.oval:def:1900541 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service via a crafted bzip2 file,related to block ends set to before the start of the block. oval:org.secpod.oval:def:1900071 An issue was discovered in libpoppler-dev 0.71.0. There is a memory leak inGfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftolibcairo2-dev. oval:org.secpod.oval:def:1900042 In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. oval:org.secpod.oval:def:1900044 An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. oval:org.secpod.oval:def:1900058 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:1900088 In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service via a crafted PNG file. oval:org.secpod.oval:def:704814 poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:1900090 corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. oval:org.secpod.oval:def:1900267 An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900273 An out of bounds read in the function d2a law_array in a law.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. oval:org.secpod.oval:def:1900275 In libsndfile1 1.0.25 , a divide-by-zero error exists in the function wav_w64_read_fmt_chunk in wav_w64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1900256 In libsndfile1 1.0.28, a divide-by-zero error exists in the function double64_init in double64.c, which may lead to DoS when playing a crafted audio file. oval:org.secpod.oval:def:1901107 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. oval:org.secpod.oval:def:1901931 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:1901930 The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure via a crafted vcf file. oval:org.secpod.oval:def:1901927 The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted vcf file. oval:org.secpod.oval:def:1901913 A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. oval:org.secpod.oval:def:1901910 An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds r ... oval:org.secpod.oval:def:1900165 In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImagefunction of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:1900161 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. oval:org.secpod.oval:def:1900358 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly marklookup-plugin results as unsafe. If an attacker could control the results of lookup calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result ing in code execution. By default, the jinja2 templating ... oval:org.secpod.oval:def:1900326 An exploitable integer overflow vulnerability exists when creating a newRGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow result ing in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a special ... oval:org.secpod.oval:def:1901240 A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. oval:org.secpod.oval:def:1900459 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in libgif-dev 5.1.2 allows remote attackers to cause a denial of service via the background color index in a GIF file. oval:org.secpod.oval:def:1900102 The DGifDecompressLine function in dgif_lib.c in libgif-dev , as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->Running Code - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. oval:org.secpod.oval:def:1900989 In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker"s control, allowing to run arbitrary code as a result. oval:org.secpod.oval:def:1900740 Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900748 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage function in coders/pcl.c during writes of monochrome images. oval:org.secpod.oval:def:1900784 In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. oval:org.secpod.oval:def:1900306 In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read inReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. oval:org.secpod.oval:def:1901151 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. oval:org.secpod.oval:def:1901168 ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901163 ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. oval:org.secpod.oval:def:1901141 The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. oval:org.secpod.oval:def:1900297 In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null PointerDereference occurs while transferring JPEG scanlines, related to aPixelPacket pointer. oval:org.secpod.oval:def:1900292 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data someti ... oval:org.secpod.oval:def:1901197 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. oval:org.secpod.oval:def:1901192 The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901194 WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901177 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service . oval:org.secpod.oval:def:1901351 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. oval:org.secpod.oval:def:1901352 GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile informat ... oval:org.secpod.oval:def:1900862 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. oval:org.secpod.oval:def:1900865 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900856 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/libtiff-tools.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and til ... oval:org.secpod.oval:def:1900895 GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache files. oval:org.secpod.oval:def:1901251 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIF ... oval:org.secpod.oval:def:1901265 In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. oval:org.secpod.oval:def:1901440 The QuantumTransferMode function in coders/libtiff-tools.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file. oval:org.secpod.oval:def:1901477 GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. oval:org.secpod.oval:def:1901479 GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage function in coders/cmyk.c when processing multiple frames that have non-identical widths. oval:org.secpod.oval:def:1901470 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. oval:org.secpod.oval:def:1901452 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. oval:org.secpod.oval:def:1901469 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. oval:org.secpod.oval:def:1901814 A vulnerability in the Android media framework related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. oval:org.secpod.oval:def:1900963 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. oval:org.secpod.oval:def:1900962 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service via crafted JPEG files. oval:org.secpod.oval:def:1901408 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external ... oval:org.secpod.oval:def:1900903 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. oval:org.secpod.oval:def:1900909 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900947 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/libtiff-tools.c, in which LocaleNCompare reads heap data beyond the allocated region. oval:org.secpod.oval:def:1900949 ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901384 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. oval:org.secpod.oval:def:1900052 Input validation issue result ing in a denial of service oval:org.secpod.oval:def:1901555 ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901566 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. oval:org.secpod.oval:def:1900200 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26allows remote attackers to cause a denial of service during JNG read ing via a zero-length color_image data structure. oval:org.secpod.oval:def:1901548 There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:1901118 GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. oval:org.secpod.oval:def:1900260 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. oval:org.secpod.oval:def:1901109 The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed WPG image. oval:org.secpod.oval:def:1901928 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. oval:org.secpod.oval:def:1901518 GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage function in coders/rgb.c when processing multiple frames that have non-identical widths. oval:org.secpod.oval:def:1900676 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. oval:org.secpod.oval:def:1900679 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service because of an integer underflow in ReadPICTImage in coders/pict.c. oval:org.secpod.oval:def:50605 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. oval:org.secpod.oval:def:1900181 When GraphicsMagick 1.3.25 processes a DPX image in coders/dpx.c, a denial of service can occur inReadDPXImage. oval:org.secpod.oval:def:1900182 When GraphicsMagick 1.3.25 processes an RGB libtiff-tools picture in coders/libtiff-tools.c, a buffer overflowoccurs, related to QuantumTransferMode. oval:org.secpod.oval:def:1901490 WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1901054 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. oval:org.secpod.oval:def:1901052 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. oval:org.secpod.oval:def:1900454 saned in libsane-dev 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. oval:org.secpod.oval:def:1900401 An issue was discovered in apng2gif 1.7. There is an integer overflow result ing in a heap-based buffer over-read, related to the load_a pngfunction and the imagesize variable. oval:org.secpod.oval:def:1900500 MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza oval:org.secpod.oval:def:1901209 The quicktime_read_dref_table function in dref.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900726 The lqt_frame_duration function in lqt_quicktime.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900728 In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. oval:org.secpod.oval:def:1900305 GNU libextractor-dev 1.6 allows remote attackers to cause a denial of service via a crafted GIF, IT, NSFE, S3M , SID, or XM file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. oval:org.secpod.oval:def:1900288 In GNU libextractor-dev 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. oval:org.secpod.oval:def:1901139 The lqt_frame_duration function in lqt_quicktime.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1901317 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900479 The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. oval:org.secpod.oval:def:1901302 [Unknown description] oval:org.secpod.oval:def:1900483 The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible ... oval:org.secpod.oval:def:1901346 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. oval:org.secpod.oval:def:1901347 In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. oval:org.secpod.oval:def:1900888 The quicktime_video_width function in lqt_quicktime.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900812 The quicktime_match_32 function in util.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1900565 The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a differe ... oval:org.secpod.oval:def:1901898 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl ... oval:org.secpod.oval:def:1901899 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t ... oval:org.secpod.oval:def:1900126 GNU libextractor-dev through 1.8 has an out-of-bounds read vulnerability in the function history_extract in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. oval:org.secpod.oval:def:1900986 An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range arg ... oval:org.secpod.oval:def:1900991 An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when th ... oval:org.secpod.oval:def:1900516 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reachJMX ports. The issue exists because this listener wasn"t updated for consistency with ... oval:org.secpod.oval:def:1900999 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. oval:org.secpod.oval:def:1900514 When a Security Manager is configured, a web application"s ability to readsystem properties should be controlled by the Security Manager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configura ... oval:org.secpod.oval:def:1900966 An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnupl ... oval:org.secpod.oval:def:1900972 The quicktime_read_moov function in moov.c in libquicktime-dev 1.2.4 allows remote attackers to cause a denial of service via a crafted mp4 file. oval:org.secpod.oval:def:1901871 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. oval:org.secpod.oval:def:704044 libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1900555 Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service via a largecompression method value in the central directory file header. oval:org.secpod.oval:def:1900932 mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. oval:org.secpod.oval:def:1900068 GNU libextractor-dev through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata in plugins/ole2_extractor.c. oval:org.secpod.oval:def:1900265 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allow sremote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its filen ... oval:org.secpod.oval:def:1901903 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto ... oval:org.secpod.oval:def:1901033 Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. oval:org.secpod.oval:def:1900172 gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLFSequences in HTTP Headers vulnerability in "process_headers" function in"gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have be enfixed ... oval:org.secpod.oval:def:1901077 In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. oval:org.secpod.oval:def:1901060 In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. oval:org.secpod.oval:def:1900035 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:1900436 A deserialization flaw was discovered in the libjackson2-databind-java, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. oval:org.secpod.oval:def:1900576 Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. oval:org.secpod.oval:def:1901541 A deserialization flaw was discovered in the libjackson2-databind-java in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw C ... oval:org.secpod.oval:def:1900218 Heap-based Buffer Overflow in the psf_binheader_writef function in common.cin libsndfile1 through 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:50591 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system ba ... oval:org.secpod.oval:def:91357 IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively ... oval:org.secpod.oval:def:702675 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP server. oval:org.secpod.oval:def:39468 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:703513 pillow: Python Imaging Library Several security issues were fixed in Pillow. oval:org.secpod.oval:def:703290 pillow: Python Imaging Library compatibility layer Details: USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images. This update temporarily reverts the security fix for CVE-2014-9601 pending further ... oval:org.secpod.oval:def:703284 pillow: Python Imaging Library compatibility layer Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. oval:org.secpod.oval:def:1901880 An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block "/" characters in the gplot rootname argument potentially leading to path traversal and arbitrary file overwrite. oval:org.secpod.oval:def:1901887 Leptonica through 1.75.3 uses hardcoded /tmp pathnames which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. oval:org.secpod.oval:def:1901886 An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes ... oval:org.secpod.oval:def:1901883 An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input can overflow a buffer leading potentially to arbitrary code execution or possibly unspecified other impact. oval:org.secpod.oval:def:1901885 Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. oval:org.secpod.oval:def:1901201 It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. oval:org.secpod.oval:def:1901205 It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. oval:org.secpod.oval:def:1900761 It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703356 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:703768 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:1901185 It was discovered that the Remote Method Invocation component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. oval:org.secpod.oval:def:1901183 It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:1901318 Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703911 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:1901343 Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt discovered that the Security component in OpenJDK did not sufficiently protect password-based encryption keys in key stores. An attacker could use this to expose sensitive information. oval:org.secpod.oval:def:1901253 Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:1901447 It was discovered that the Networking component of OpenJDK did not properly set timeouts on FTP client actions. A remote attacker could use this to cause a denial of service . oval:org.secpod.oval:def:1900690 Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. oval:org.secpod.oval:def:1900180 Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and RiccardoFocardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializingobjects from Java Cryptography Extension KeyStore . An attacker could use this to cause a denial ... oval:org.secpod.oval:def:1901015 It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service . oval:org.secpod.oval:def:703606 openjdk-7: Open Source Java implementation Details: USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Original advisory Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702944 mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1900743 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:34187 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1900731 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous ... oval:org.secpod.oval:def:1900792 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. oval:org.secpod.oval:def:1901162 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. oval:org.secpod.oval:def:1901312 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. oval:org.secpod.oval:def:1900468 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. oval:org.secpod.oval:def:1900474 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901332 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:1900883 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. oval:org.secpod.oval:def:703057 mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703039 pcre3: Perl 5 Compatible Regular Expression Library PCRE could be made to crash or run programs if it processed a specially-crafted regular expression. oval:org.secpod.oval:def:703038 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703489 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900824 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. oval:org.secpod.oval:def:1901284 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. oval:org.secpod.oval:def:1900581 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. oval:org.secpod.oval:def:1900582 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. oval:org.secpod.oval:def:1900562 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. oval:org.secpod.oval:def:1901418 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1900566 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. oval:org.secpod.oval:def:1901428 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. oval:org.secpod.oval:def:1900578 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. oval:org.secpod.oval:def:1901007 Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. oval:org.secpod.oval:def:1900138 libtiff-toolsWriteScanline in tif_write.c in Liblibtiff-tools 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2libtiff-tools. oval:org.secpod.oval:def:1900502 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. oval:org.secpod.oval:def:1900510 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. oval:org.secpod.oval:def:1900518 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; OracleMySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name ... oval:org.secpod.oval:def:704026 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900525 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. oval:org.secpod.oval:def:1900524 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. oval:org.secpod.oval:def:1900519 Heap-based buffer overflow in tif_packbits.c in libtiff-tools 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. oval:org.secpod.oval:def:1900530 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. oval:org.secpod.oval:def:1900924 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. oval:org.secpod.oval:def:702688 pcre3: Perl 5 Compatible Regular Expression Library PCRE could be made to crash or run programs if it processed a specially-crafted regular expression. oval:org.secpod.oval:def:704820 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900689 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. oval:org.secpod.oval:def:1901110 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901121 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. oval:org.secpod.oval:def:702809 mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1900677 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. oval:org.secpod.oval:def:703226 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703213 mysql-5.7: MySQL database - mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:703006 jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer. oval:org.secpod.oval:def:704136 jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer. oval:org.secpod.oval:def:702390 jasper: Library for manipulating JPEG-2000 files JasPer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702324 jasper: Library for manipulating JPEG-2000 files JasPer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703615 jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer. oval:org.secpod.oval:def:704220 w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m. oval:org.secpod.oval:def:703783 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703741 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703712 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703714 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1901573 A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. oval:org.secpod.oval:def:703491 w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m. oval:org.secpod.oval:def:703336 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:33076 cpio: a tool to manage archives of files Several security issues were fixed in GNU cpio. oval:org.secpod.oval:def:702212 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:702312 dbus: simple interprocess messaging system DBus could be made to stop responding under certain conditions. oval:org.secpod.oval:def:702103 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:704222 batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML. oval:org.secpod.oval:def:1901789 In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. oval:org.secpod.oval:def:1901129 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle-dev handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases ... oval:org.secpod.oval:def:703542 eject: ejects CDs and operates CD-Changers under Linux Eject could be made to run programs as an administrator. oval:org.secpod.oval:def:702877 grub2: GRand Unified Bootloader GRUB password protection can be bypassed. oval:org.secpod.oval:def:1901678 When apr_time_exp* or apr_os_exp_time* functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value ... oval:org.secpod.oval:def:1901677 Apache Portable Runtime Utility 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm* functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a ... oval:org.secpod.oval:def:703838 ruby1.9.1: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704215 ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Ruby could be made to execute arbitrary commands if opened a specially crafted file. oval:org.secpod.oval:def:704205 ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby. oval:org.secpod.oval:def:702871 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1901777 mod_auth_digest access control bypass oval:org.secpod.oval:def:1901781 Apache httpd URL normalization inconsistincy oval:org.secpod.oval:def:704052 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:54095 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1900079 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. oval:org.secpod.oval:def:704180 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:704176 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:702977 nss: Network Security Service library NSS could be made to expose sensitive information. oval:org.secpod.oval:def:702976 graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. oval:org.secpod.oval:def:702956 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702943 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702930 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702920 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702921 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702916 openssh: secure shell for secure access to remote machines OpenSSH could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702915 nss: Network Security Service library NSS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702919 gnutls28: GNU TLS library - gnutls26: GNU TLS library GnuTLS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702907 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702881 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:31643 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703084 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:703064 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703067 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703026 graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. oval:org.secpod.oval:def:703011 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703017 nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:703016 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702749 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702724 gdk-pixbuf: GDK Pixbuf library GDK-PixBuf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702723 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702711 ubufox: Ubuntu modifications for Firefox Details: USN-2702-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox. Original advisory This update provides compatible packages for Firefox 40. oval:org.secpod.oval:def:702714 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703157 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703114 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703512 icu: International Components for Unicode library Several security issues were fixed in ICU. oval:org.secpod.oval:def:41173 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:702866 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702850 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702858 openjdk-7: Open Source Java implementation A security issue was fixed in OpenJDK 7. oval:org.secpod.oval:def:702830 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702825 nspr: NetScape Portable Runtime Library NSPR could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:702824 nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:702814 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:702811 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:703298 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:703279 thunderbird: Mozilla Open Source mail and newsgroup client Thunderbird could be made to crash or run programs as your login if it opened a malicious message. oval:org.secpod.oval:def:703212 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703201 nss: Network Security Service library NSS could be made to crash or run programs if it processed specially crafted network traffic. oval:org.secpod.oval:def:702780 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702751 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 41 oval:org.secpod.oval:def:702755 unity-firefox-extension: Unity Integration for Firefox - webaccounts-browser-extension: Ubuntu Online Accounts extension for chromium - webapps-greasemonkey: Firefox extension: Website Integration Details: USN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be ... oval:org.secpod.oval:def:41305 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41306 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41304 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:41307 The host is installed with zlib dependencies through 1:1.2.8.dfsg-2ubuntu4.1 on Ubuntu 16.04, through 1:1.2.8.dfsg-1ubuntu1 on Ubuntu 14.04, through 1:1.2.8.dfsg-2ubuntu5.1 on Ubuntu 16.10 or through 1:1.2.11.dfsg-0ubuntu1 on Ubuntu 12.04 and is prone to a denial of service vulnerability. A flaw is ... oval:org.secpod.oval:def:703357 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703799 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:1901188 Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. oval:org.secpod.oval:def:1900464 inftrees.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. oval:org.secpod.oval:def:1900506 The crc32_big function in crc32.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. oval:org.secpod.oval:def:1900548 inffast.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. oval:org.secpod.oval:def:1900534 The inflateMark function in inflate.c in zlib-bin 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. oval:org.secpod.oval:def:703707 expat: XML parsing C library Expat could be made to hang if it received specially crafted input. oval:org.secpod.oval:def:703701 samba: SMB/CIFS file, print, and login server for Unix Samba could allow unintended access to network services. oval:org.secpod.oval:def:703702 heimdal: Heimdal Kerberos Network Authentication Protocol Heimdal could allow unintended access to network services. oval:org.secpod.oval:def:704170 db5.3: Berkeley v5.3 Database Documentation [html] Berkeley DB could be made to expose sensitive information. oval:org.secpod.oval:def:1900175 The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. oval:org.secpod.oval:def:703806 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:49230 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:704274 openjdk-7: Open Source Java implementation Java applications could be made to use excessive memory. oval:org.secpod.oval:def:704201 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could allow access to sensitive information. oval:org.secpod.oval:def:703782 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703751 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703749 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:45754 Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. oval:org.secpod.oval:def:703737 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703912 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:703097 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703094 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:704395 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:704322 lcms2: Little CMS color management library Several security issues were fixed in Little CMS. oval:org.secpod.oval:def:703457 nettle: low level cryptographic library Nettle could be made to expose sensitive information over the network. oval:org.secpod.oval:def:44101 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:40179 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:1901444 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:703164 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703160 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703158 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:50967 In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. oval:org.secpod.oval:def:703138 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703101 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:46446 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:703104 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703574 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703560 linux-hwe: Linux hardware enablement kernel - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to crash under certain conditions. oval:org.secpod.oval:def:703559 linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-snapdragon: Linux kernel for Snapdragon Processors - linux-ti-omap4: Linux kernel for OMAP4 The system ... oval:org.secpod.oval:def:704874 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:704879 openjdk-7: Open Source Java implementation Java applets or applications could be made to expose sensitive information. oval:org.secpod.oval:def:703988 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:1900085 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:704821 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:704185 libpng1.6: PNG library - development - libpng: PNG file library Several security issues were fixed in libpng. oval:org.secpod.oval:def:704152 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:704151 libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:704134 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:704113 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703683 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703687 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:42125 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703613 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703601 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:703482 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703486 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1900570 An input validation vulnerability was found in Ansible"s mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. oval:org.secpod.oval:def:39001 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:704418 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703527 gnutls26: GNU TLS library Details: USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Original advisory GnuTLS could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:38970 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:702521 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:1901874 Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e in the image path as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. oval:org.secpod.oval:def:45661 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:50662 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacke ... oval:org.secpod.oval:def:1900025 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products,allows attackers to overwrite the host runc binary by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, t ... oval:org.secpod.oval:def:704841 firefox: Mozilla Open Source web browser Details: USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in Firefox. oval:org.secpod.oval:def:703405 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:702663 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:702642 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702649 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704203 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704305 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:704120 qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU. oval:org.secpod.oval:def:704118 libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt. oval:org.secpod.oval:def:703956 linux: Linux kernel Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:703940 nvidia-graphics-drivers-384: NVIDIA binary X.Org driver The system could be made to expose sensitive information. oval:org.secpod.oval:def:703933 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information. oval:org.secpod.oval:def:703962 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablemen ... oval:org.secpod.oval:def:43415 It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ... oval:org.secpod.oval:def:45289 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. oval:org.secpod.oval:def:35820 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:1900352 vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. oval:org.secpod.oval:def:1900382 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when read ing a corrupted undo file, which may lead to resultant buffer overflows. oval:org.secpod.oval:def:703368 vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:1900452 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when read ing a corrupted undo file, which may lead to resultant buffer overflows. oval:org.secpod.oval:def:1900870 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor"s primary group , which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned b ... oval:org.secpod.oval:def:704434 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:704181 exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2. oval:org.secpod.oval:def:702506 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:704299 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1900038 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman keyexchange, ... oval:org.secpod.oval:def:704389 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704329 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704278 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704279 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704806 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ... oval:org.secpod.oval:def:703921 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703925 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704392 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704355 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704491 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704484 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704467 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704458 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704431 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704429 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704870 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704863 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704864 linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ... oval:org.secpod.oval:def:704825 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704110 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704345 git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository. oval:org.secpod.oval:def:704107 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:703802 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704231 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:703948 intel-microcode: Processor microcode for Intel CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:703941 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703939 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704357 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703876 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703854 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703849 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704058 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704043 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704007 linux: Linux kernel Details: USN-3542-1 mitigated CVE-2017-5715 for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory The system could be made to expose sensitive information. oval:org.secpod.oval:def:703994 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement k ... oval:org.secpod.oval:def:703978 libvirt: Libvirt virtualization toolkit Spectre mitigations were added to libvirt. oval:org.secpod.oval:def:703977 qemu: Machine emulator and virtualizer Spectre mitigations were added to QEMU. oval:org.secpod.oval:def:704144 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704131 amd64-microcode: Processor microcode firmware for AMD CPUs The system could be made to expose sensitive information. oval:org.secpod.oval:def:703649 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:1900493 The mailSend function in the is Mail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" in a crafted Sender property. oval:org.secpod.oval:def:1900892 An issue was discovered in PHPMailer before 5.2.22. PHPMailer"s msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base dire ... oval:org.secpod.oval:def:1901127 The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: ... oval:org.secpod.oval:def:702874 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:703087 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703004 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:703151 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703150 oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:703519 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:702960 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702958 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702953 linux-lts-wily: Linux hardware enablement kernel from Wily Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702950 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702897 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702880 linux-lts-wily: Linux hardware enablement kernel from Wily Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702887 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702886 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703024 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703023 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703027 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702690 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702683 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702673 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702643 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702638 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702864 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702862 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702867 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702841 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702840 linux-lts-wily: Linux hardware enablement kernel from Wily The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702832 linux-lts-vivid: Linux hardware enablement kernel from Vivid The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702834 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702827 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702804 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702803 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702801 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702331 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702329 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702509 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:702094 php5: HTML-embedded scripting language interpreter Details: USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager UNIX socket. This update grants socket access to the www-data user and group so installations and docu ... oval:org.secpod.oval:def:702080 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702486 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:703335 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:702469 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:702466 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703764 libgd2: GD Graphics Library The system could be made to expose sensitive information. oval:org.secpod.oval:def:702420 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703748 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703058 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702180 procmail: Versatile e-mail processor formail could be made to crash or run programs if it processed specially crafted mail. oval:org.secpod.oval:def:36105 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703466 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702554 icu: International Components for Unicode library ICU could be made to crash or run programs as your login if it processed specially crafted data. oval:org.secpod.oval:def:702542 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:702513 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702716 net-snmp: SNMP server and applications Net-SNMP could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:702293 ruby2.0: Object-oriented scripting language - ruby2.1: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby1.8: Object-oriented scripting language Ruby could be made to consume resources. oval:org.secpod.oval:def:702276 ruby2.0: Object-oriented scripting language - ruby2.1: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby1.8: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:703129 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702241 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:36684 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702239 bash: GNU Bourne Again SHell Several security issues were fixed in Bash. oval:org.secpod.oval:def:702678 tidy: HTML syntax checker and reformatter HTML Tidy could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:703979 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702631 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704810 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703718 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:702813 php5: HTML-embedded scripting language interpreter PHP could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:34930 libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:703293 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704125 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:702359 unzip: De-archiver for .zip files unzip could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702317 glibc: GNU C Library - eglibc: GNU C Library The GNU C Library could be made to crash or run programs. oval:org.secpod.oval:def:702772 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702044 gnutls26: GNU TLS library GnuTLS could be made to crash or run programs if it connected to a malicious server. oval:org.secpod.oval:def:702460 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702451 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702194 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702155 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:702138 libtasn1-6: Library to manage ASN.1 structures - libtasn1-3: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it processed specially crafted data. oval:org.secpod.oval:def:702127 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702597 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702599 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702598 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702106 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702563 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702538 linux: Linux kernel The system could be made to run programs as an administrator. oval:org.secpod.oval:def:702525 linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to run programs as an administrator. oval:org.secpod.oval:def:702270 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702227 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701930 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:702092 nspr: NetScape Portable Runtime Library NSPR could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:702135 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702134 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702201 nss: Network Security Service library NSS could be made to crash or run programs as your login if it processed a specially crafted certificate. oval:org.secpod.oval:def:701948 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:703803 apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702136 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:703676 apache2: Apache HTTP server Several security issues were fixed in Apache HTTP Server. oval:org.secpod.oval:def:1900805 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. oval:org.secpod.oval:def:1901278 Expat allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. oval:org.secpod.oval:def:702729 expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702701 oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide. oval:org.secpod.oval:def:1901405 os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service , or have unspecified other impact by leveraging use of the current working directory for temporary files. oval:org.secpod.oval:def:703167 expat: XML parsing C library Several security issues were fixed in Expat. oval:org.secpod.oval:def:703112 expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702685 sqlite3: C library that implements an SQL database engine SQLite could be made to crash or run programs if it processed specially crafted queries. oval:org.secpod.oval:def:1901383 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-201 ... oval:org.secpod.oval:def:703220 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:704480 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704045 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703879 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:702436 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702435 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702160 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702530 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702536 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702237 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702686 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702671 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702664 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702657 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703892 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703899 linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:703883 postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator. oval:org.secpod.oval:def:704083 linux: Linux kernel Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:703996 linux: Linux kernel Details: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It wa ... oval:org.secpod.oval:def:703455 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703269 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1901193 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:1901753 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. oval:org.secpod.oval:def:1901766 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. oval:org.secpod.oval:def:704338 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1900108 In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x360x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails.Remote attack ... oval:org.secpod.oval:def:1900084 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1901561 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. oval:org.secpod.oval:def:704155 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:704122 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:1900170 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.cin GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:1901693 ** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happ ... oval:org.secpod.oval:def:704911 php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive informa ... oval:org.secpod.oval:def:1901536 memory-based DoS in libtiff-tools2bw oval:org.secpod.oval:def:1901285 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. oval:org.secpod.oval:def:1900013 An issue was discovered in NumPy 1.16.0 and earlier. It uses the picklePython module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. oval:org.secpod.oval:def:1900150 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:704319 ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript. oval:org.secpod.oval:def:1901241 TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. oval:org.secpod.oval:def:704302 linux: Linux kernel Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704142 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:704085 linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were addressed in the Linux kernel. oval:org.secpod.oval:def:1901123 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900806 swt/motif/browser.c in White_dune 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. oval:org.secpod.oval:def:1900970 ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco3-dev 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a c ... oval:org.secpod.oval:def:702882 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702885 linux-lts-wily: Linux hardware enablement kernel from Wily Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702888 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702879 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702051 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702059 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702304 linux: Linux kernel Several security issues were fixed in the kernel. |