Download
| Alert*
|
oval:org.secpod.oval:def:1801346
Alpine Linux 3.9 is installed oval:org.secpod.oval:def:1801350 Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. Fixed In Version:¶ Irssi 1.1.2 oval:org.secpod.oval:def:1801407 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801447 The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters . oval:org.secpod.oval:def:1801354 CVE-2018-20363: LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. oval:org.secpod.oval:def:1801427 CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection vulnerability in gem owner CVE-2019-8323: Escape sequence injection vulnerability in API response handling CVE-2019-8324: In ... oval:org.secpod.oval:def:1801359 A pointer overflow, with code execution, was discovered in ZeroMQ libzmq 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to ... oval:org.secpod.oval:def:1801353 spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2 oval:org.secpod.oval:def:1801607 A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5 oval:org.secpod.oval:def:1802046 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service . oval:org.secpod.oval:def:1802026 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact argument type match. For example, length('foo'::varchar) and len ... oval:org.secpod.oval:def:1802019 jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. oval:org.secpod.oval:def:1801634 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. oval:org.secpod.oval:def:1801680 openjdk8 vulnerability oval:org.secpod.oval:def:1801446 A flaw was found in Exim versions 4.87 to 4.91 . Improper validation of recipient address in deliver_message function in /src/deliver.c may lead to remote command execution. Fixed In Version:¶ exim 4.92 oval:org.secpod.oval:def:1801355 CVE-2019-6798: SQL injection in Designer feature Affected Versions:¶ phpMyAdmin versions from 4.5.0 through 4.8.4 are affected. Fixed In Version:¶ phpMyAdmin 4.8.5 oval:org.secpod.oval:def:1801437 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:1801439 S4U2Self is an extension to Kerberos used in Active Directory to allow a service to request a kerberos ticket to itself from the Kerberos Key Distribution Center for a non-Kerberos authenticated user . This is useful to allow internal code paths to be standardized around Kerberos. S4U2Proxy is an ... oval:org.secpod.oval:def:1801863 A security issue was found in PostgreSQL 11 to 13 before version 13.2. A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to e ... oval:org.secpod.oval:def:1801352 In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. oval:org.secpod.oval:def:1801751 Fixed In Version: postgresql 12.4, postgresql 11.9, postgresql 10.14 oval:org.secpod.oval:def:1801397 CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. Fixed In Version:¶ ClamAV 0.100.3 oval:org.secpod.oval:def:1801417 Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. oval:org.secpod.oval:def:1802050 Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.added Normal tag:security type:bug + 1 deleted l ... oval:org.secpod.oval:def:1802023 The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN function. oval:org.secpod.oval:def:1801786 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-logi ... oval:org.secpod.oval:def:1801742 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak oval:org.secpod.oval:def:1802016 All Xen versions back to at least 3.2 are vulnerable. oval:org.secpod.oval:def:1802035 qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service . oval:org.secpod.oval:def:1801768 A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.If samba is set with "log level = 3" then the string obtained from the client, after a failed character conversion, is printed. Such strings ... oval:org.secpod.oval:def:1801999 Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. oval:org.secpod.oval:def:1801623 Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration. Refe ... oval:org.secpod.oval:def:1802048 This is another instance of a highly priviledged operator being accessible by specially crafted Postscript code, that can be used to break out of the -dSAFER limitations. It was found that .forceput operator was present and unprotected in the .charkeys method and could be retrieved via manipulation ... oval:org.secpod.oval:def:1802025 Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "3.1.1.3.4.1.3 LDAP_SERVER_DIRSYNC_OID". oval:org.secpod.oval:def:1801410 CVE-2018-5743: Limiting simultaneous TCP clients is ineffective¶ By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. U ... oval:org.secpod.oval:def:1801605 empty oval:org.secpod.oval:def:1802011 CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem. CVE-2018-10103: Fixed a mishandling of the printing of SMB data. CVE-2018-10105: Fixed a mishandling of the printing of SMB data. CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print. CVE-2 ... oval:org.secpod.oval:def:1801613 empty oval:org.secpod.oval:def:1801618 nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely . oval:org.secpod.oval:def:1801609 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. oval:org.secpod.oval:def:1801603 SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. oval:org.secpod.oval:def:1801349 CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18501: Memory safety bugs CVE-2018-18505: Privilege escalation through IPC channel messages Fixed In Version:¶ Firefox ESR 60.5 oval:org.secpod.oval:def:1801444 CVE-2019-5435: Integer overflows in curl_url_set¶ libcurl contains two integer overflows in the curl_url_set function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. Affected versions: libcurl 7.62.0 to and including 7.64.1 Not affected versio ... oval:org.secpod.oval:def:1801435 It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14 Fixed versions: 3.0.2, 2.6.9, 2.4.15 oval:org.secpod.oval:def:1801434 The PharStreamWrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. Fixed In Version:¶ drupal 7.67 oval:org.secpod.oval:def:1801430 CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting. This can lead to denial-of-service attack by persistent attacker. Vulnerable version: 2.3.0 - 2.3.5.2 Fixed version: 2.3.6 oval:org.secpod.oval:def:1801471 JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters. Attacker can repeatedly crash Dovecot authentication process by logging in using invalid UTF-8 sequence in username. Crash can also occur if OX push notification driver is enabled and an email is delive ... oval:org.secpod.oval:def:1801441 CVE-2019-11454: cross-site scripting in Persistent cross-site scripting in in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is ... oval:org.secpod.oval:def:1801385 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801391 Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within ... oval:org.secpod.oval:def:1801408 CVE-2019-10894: GSS-API dissector crash¶ Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13 Fixed versions: 3.0.1, 2.6.8, 2.4.14 oval:org.secpod.oval:def:1801419 ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service via invalid encoding. oval:org.secpod.oval:def:1801361 CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2 oval:org.secpod.oval:def:1801347 An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode , allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of serv ... oval:org.secpod.oval:def:1801357 CVE-2019-9209: ASN.1 BER and related dissectors crash Affected versions: 2.6.0 to 2.6.6, 2.4.0 to 2.4.12 Fixed versions: 2.6.7, 2.4.13 oval:org.secpod.oval:def:1801363 A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could ... oval:org.secpod.oval:def:1801345 CVE-2018-16890: NTLM type-2 out-of-bounds buffer read¶ The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad l ... oval:org.secpod.oval:def:1801362 Subversion 1.10.0 introduced server-side support for recursive directory listing operations. The implementation in mod_dav_svn failed to validate the root path of the directory listing provided by the client. If the client omits the root path, mod_dav_svn will deference an uninitialized pointer vari ... oval:org.secpod.oval:def:1801356 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. oval:org.secpod.oval:def:1801360 Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, ... oval:org.secpod.oval:def:1801358 commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. oval:org.secpod.oval:def:1801351 CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. oval:org.secpod.oval:def:1801394 CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update and results in a memory corruption and probably even a remote code execution. oval:org.secpod.oval:def:1801608 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:1802044 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. oval:org.secpod.oval:def:1801877 empty oval:org.secpod.oval:def:1801366 CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ... oval:org.secpod.oval:def:1801627 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." oval:org.secpod.oval:def:1801749 In PolicyKit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:1801752 Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning. Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTT ... oval:org.secpod.oval:def:1801778 A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user. oval:org.secpod.oval:def:1802030 General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported . Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. oval:org.secpod.oval:def:1801508 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. oval:org.secpod.oval:def:1801864 A specially crafted value for the "Cache-Digest" header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Versions Affected: 2.4.20 to 2.4.43mod_proxy_uwsgi info disclosure and possible RCE. Versions Affected: 2.4.32 to 2.4.44When trace/ ... oval:org.secpod.oval:def:1801348 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801416 A vulnerability was found in libpng 1.6.36. The function png_image_free in png.c has a use-after-free because png_image_free_function is called under png_safe_execute. This flaw is in the PNG Simplified API, which was introduced upstream in libpng-1.6.0. Previous versions of libpng are not affected. oval:org.secpod.oval:def:1802036 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character ... oval:org.secpod.oval:def:1802021 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... |
