Medium: perl-Archive-Tar

Issue Overview: It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl...

Low: advancecomp

Issue Overview: An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function beuint32read located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly ha...

Medium: mercurial

Issue Overview: An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function beuint32read located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly ha...

Low: blktrace

Issue Overview: blktrace aka Block IO Tracing 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the devmapread function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted...

Low: python-requests

Issue Overview: A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-midd...

Low: exempi

Issue Overview: An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file.CVE-2017-18233 An issue was discovered in Exempi...

Important: patch

Issue Overview: doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerab...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1316)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...

Amazon Linux 2 : sudo (ALAS-2019-1315)

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if...

Amazon Linux AMI : sudo (ALAS-2019-1309)

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if...

Amazon Linux 2 : libmspack (ALAS-2019-1310)

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.CVE-2018-18584 chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' a...

Amazon Linux AMI : sssd (ALAS-2019-1307)

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.CVE-2018-16838 A vulnerability was found in sssd where, if a us...

Amazon Linux 2 : optipng (ALAS-2019-1313)

The bmpreadrows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service invalid memory write and crash via a series of delta escapes in a crafted BMP image.CVE-2016-2191 C Tenable Network Security, Inc. The descriptive text and package checks i...

Amazon Linux 2 : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

Amazon Linux 2 : libwpd (ALAS-2019-1311)

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.CVE-2018-19208 C Tenable Network Security, Inc. The descriptive text and package checks in th...

Amazon Linux 2 : golang (ALAS-2019-1309)

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

Amazon Linux 2 : opensc (ALAS-2019-1312)

Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other...

Amazon Linux AMI : libtiff (ALAS-2019-1306)

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service application crash via a crafted GIF file.CVE-2016-3186 An integer overflow has been discovered in libtiff in TIFFSetupStrips:tifwrite.c, which could lead to a heap-bas...

Medium: libmspack

Issue Overview: In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.CVE-2018-18584 chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename...

logrotten 3.15.1 - Privilege Escalation Exploit

Exploit Title: logrotten 3.15.1 - Privilege Escalation Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian GNU/Linux 9.5 stretch...