SB2020122208 - Multiple vulnerabilities in Red Hat OpenShift Container Storage
Published: December 22, 2020 Updated: November 2, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 121 secuirty vulnerabilities.
1) Prototype pollution (CVE-ID: CVE-2020-7720)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the util.setPath function. A remote attacker can inject and execute arbitrary script code.
2) Use-after-free (CVE-ID: CVE-2020-1752)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the glob() function in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username are affected by this issue. A local user can create a specially crafted path that, when processed by the glob() function, would potentially lead to arbitrary code execution.
3) Type Confusion (CVE-ID: CVE-2020-3901)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2020-3900)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2020-3899)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Type Confusion (CVE-ID: CVE-2020-3897)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the object transition cache. A remote attacker can trick a victim to visit a malicisou page or open a specially crafted file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2020-3895)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Race condition (CVE-ID: CVE-2020-3894)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to a race condition. A remote atacker can trick a victim to open a specially crafted file or visit a malicioous page, exploit the race and gain unauthorized access to sensitive information on the target system.
9) Business Logic Errors (CVE-ID: CVE-2020-3885)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to logical errors. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a file URL may be incorrectly processed.
10) Buffer overflow (CVE-ID: CVE-2020-3868)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Univeral cross-site scripting (CVE-ID: CVE-2020-3867)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Origin validation error (CVE-ID: CVE-2020-3865)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logical error that leads to a top-level DOM object context being incorrectly considered secure. A remote attacker can gain unauthorized access to DOM objects from another domain.
13) Origin validation error (CVE-ID: CVE-2020-3864)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an logical error that leads to DOM object not having a unique security origin. A remote attacker can interact with DOM objects from another domain.
14) Buffer overflow (CVE-ID: CVE-2020-3862)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted web page, trick the victim into visiting it and perform a denial of service (DoS) attack.
15) Out-of-bounds write (CVE-ID: CVE-2020-1751)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the "backtrace" function when handling signal trampolines on PowerPC. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
16) Out-of-bounds read (CVE-ID: CVE-2020-6405)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in SQLite. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and read contents of memory on the system.
17) Resource management error (CVE-ID: CVE-2020-1730)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management while cleaning the AES-CTR ciphers when closing the connection. A remote attacker can initiate a connection to the client and server that supports AES-CTR ciphers and close the connection before ciphers are initialized, triggering a denial of service condition (service crash). The vulnerability affects both client and server implementations.
18) Path traversal (CVE-ID: CVE-2019-20916)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences passed via URL to the install command within the _download_http_url() function in _internal/download.py. A remote attacker can send a specially crafted HTTP request with the Content-Disposition header that contains directory traversal characters in the filename and overwrite the /root/.ssh/authorized_keys file.
19) Infinite loop (CVE-ID: CVE-2019-20907)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop In Lib/tarfile.py in Python. A remote attacker can create a specially crafted TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
20) OS Command Injection (CVE-ID: CVE-2019-20807)
The vulnerability allows a local authenticated user to read and manipulate data.
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
21) Out-of-bounds read (CVE-ID: CVE-2019-20454)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the "do_extuni_no_utf in pcre2_jit_compile.c" file when the pattern X is JIT compiled and used to match specially crafted subjects in non-UTF mode. A remote attacker can trigger out-of-bounds read error and crash the affected application.
22) Memory leak (CVE-ID: CVE-2019-20388)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlSchemaPreRun in xmlschemas.c. A remote attacker can trigger a xmlSchemaValidateStream memory leak and perform denial of service attack.
23) Out-of-bounds read (CVE-ID: CVE-2019-20387)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read via a last schema whose length is less than the length of the input schema. A remote attacker can perform a denial of service attack.
24) Memory leak (CVE-ID: CVE-2019-20218)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak within the selectExpander() function in select.c in SQLite, caused by incorrect exception handling, related to stack unwinding. A remote attacker can trigger with ability to modify the WITH SQL query can gain access to potentially sensitive information.
25) Memory leak (CVE-ID: CVE-2019-19956)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. A remote attacker can trigger a memory leak related to newDoc->oldNs and perform denial of service attack.
26) Out-of-bounds write (CVE-ID: CVE-2019-19906)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write error when processing LDAP queries within the _sasl_add_string() function in common.c file in cyrus-sasl. A remote non-authenticated attacker can create a specially LDAP request to the affected server, trigger off-by-one error in OpenLDAP implementation and crash the service.
27) Out-of-bounds read (CVE-ID: CVE-2019-19221)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in "archive_wstring_append_from_mbs" in "archive_string.c" because of an incorrect "mbrtowc" or "mbtowc" call. A remote attacker can create a specially crafted archive file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
28) Integer overflow (CVE-ID: CVE-2019-18609)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in amqp_handle_input() function in librabbitmq/amqp_connection.c in rabbitmq-c when handling the CONNECTION_STATE_HEADER. A remote attacker that controls a malicious server can send a specially crafted response to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Cross-site scripting (CVE-ID: CVE-2020-3902)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
30) Infinite loop (CVE-ID: CVE-2020-7595)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in xmlStringLenDecodeEntities in parser.c. A remote attacker can consume all available system resources and cause denial of service conditions in a certain end-of-file situation.
31) Cross-site scripting (CVE-ID: CVE-2019-16935)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing the server_title field in the XML-RPC server (Lib/DocXMLRPCServer.py) in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
32) Univeral cross-site scripting (CVE-ID: CVE-2020-9925)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
33) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2020-25660)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform replay attacks in Nautilus.
The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.
34) Buffer overflow (CVE-ID: CVE-2020-15503)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in "decoders/unpack_thumb.cpp", "postprocessing/mem_image.cpp" and u"tils/thumb_utils.cpp". A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
35) Resource exhaustion (CVE-ID: CVE-2020-14422)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
36) Cleartext storage of sensitive information (CVE-ID: CVE-2020-14391)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the GNOME Control Center in the way it handles credentials passed from Red Hat Customer Portal. When a user registers a system through the GNOME Settings User Interface, the user's credentials are passed as an argument to gnome-settings-daemon helper, making it readable by an unprivileged local user.
37) Out-of-bounds write (CVE-ID: CVE-2020-14382)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-14019)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions for "/etc/target/saveconfig.json" when "shutil.copyfile" being used, instead of "shutil.copy". A remote attacker can gain elevated privileges on the target system.
39) NULL pointer dereference (CVE-ID: CVE-2020-13632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in ext/fts3/fts3_snippet.c in SQLite. A local user can trigger denial of service conditions via a crafted matchinfo() query.
40) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-13631)
The vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due an error in alter.c and build.c files in SQLite that allows a local user to rename a virtual table into a shadow table. A local user with permissions to create virtual tables can renamed them and gain unauthorized access to the fronted application.
41) Use-after-free (CVE-ID: CVE-2020-13630)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the fts3EvalNextRow() function in ext/fts3/fts3.c. A remote attacker can pass specially crafted data to application, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
42) Use-after-free (CVE-ID: CVE-2020-11793)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
43) Stack-based buffer overflow (CVE-ID: CVE-2020-10029)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.
44) Use-after-free (CVE-ID: CVE-2020-10018)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web conftent. A remote attacker can trick a victim to visit a specially crafted web page, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
45) Security restrictions bypass (CVE-ID: CVE-2020-9915)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose Content Security Policy. A remote attacker can create a specially crafted web page, trick the victim into visiting it and bypass implemented security restrictions. The vulnerability may allow an attacker to perform cross-site scripting attacks or gain access to sensitive information.
46) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2020-8177)
The vulnerability allows a remote attacker to overwrite files on the victim's system.
The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.
47) Use-after-free (CVE-ID: CVE-2020-9895)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
48) Out-of-bounds read (CVE-ID: CVE-2020-9894)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
49) Use-after-free (CVE-ID: CVE-2020-9893)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
50) Command Injection (CVE-ID: CVE-2020-9862)
The vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation in Web
Inspector when copying a URL. A remote attacker can trick the victim into copying a specially crafted URL and execute arbitrary commands on the system with privileges of the current user.
51) Input validation error (CVE-ID: CVE-2020-9850)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
52) Cross-site scripting (CVE-ID: CVE-2020-9843)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
53) Memory corruption (CVE-ID: CVE-2020-9807)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
54) Memory corruption (CVE-ID: CVE-2020-9806)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
55) Universal cross-site scripting (CVE-ID: CVE-2020-9805)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
56) Memory corruption (CVE-ID: CVE-2020-9803)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
57) Input validation error (CVE-ID: CVE-2020-9802)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing web content. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
58) NULL pointer dereference (CVE-ID: CVE-2020-9327)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. A remote attacker can perform a denial of service (DoS) attack.
59) Resource management error (CVE-ID: CVE-2020-8492)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in urllib.request.AbstractBasicAuthHandler when processing HTTP responses. A remote attacker who controls a HTTP server can send a specially crafted HTTP response to the client application and conduct Regular Expression Denial of Service (ReDoS) attack.
60) Buffer overflow (CVE-ID: CVE-2019-18197)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xsltCopyText() function in transform.c in libxslt. A remote attacker can create a specially crafted XML document, pass it to the affected application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
61) Division by zero (CVE-ID: CVE-2019-16168)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.
62) Prototype pollution (CVE-ID: CVE-2020-8237)
The disclosed vulnerability allows a remote attacker to perform a DoS attack.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject arbitrary code and perform a denial of service (DoS) attack.
63) Out-of-bounds read (CVE-ID: CVE-2018-14470)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-babel.c:babel_print_v2() within the Babel parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
64) XML External Entity injection (CVE-ID: CVE-2018-20843)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input including XML names that contain a large number of colons. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
65) Infinite loop (CVE-ID: CVE-2018-16452)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the smbutil.c:smb_fdata() function within the SMB parser. A remote attacker can consume all available system resources and cause denial of service conditions.
66) Out-of-bounds read (CVE-ID: CVE-2018-16451)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-smb.c:print_trans() for MAILSLOTBROWSE and PIPELANMAN within the SMB parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
67) Infinite loop (CVE-ID: CVE-2018-16300)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in print-bgp.c:bgp_attr_print() function in the BPG parser. A remote attacker can pass specially crafted data to the affected application, consume all available system resources and cause denial of service conditions.
68) Out-of-bounds read (CVE-ID: CVE-2018-16230)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-bgp.c:bgp_attr_print() (MP_REACH_NLRI) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
69) Out-of-bounds read (CVE-ID: CVE-2018-16229)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-dccp.c:dccp_print_option() within the DCCP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
70) Out-of-bounds read (CVE-ID: CVE-2018-16228)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-hncp.c:print_prefix() within the HNCP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
71) Out-of-bounds read (CVE-ID: CVE-2018-16227)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-802_11.c for the Mesh Flags subfield within the IEEE 802.11 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
72) Out-of-bounds read (CVE-ID: CVE-2018-14882)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-icmp6.c within the ICMPv6 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
73) Out-of-bounds read (CVE-ID: CVE-2018-14881)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
74) Out-of-bounds read (CVE-ID: CVE-2018-14880)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-ospf6.c:ospf6_print_lshdr() within the OSPFv3 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
75) Buffer overflow (CVE-ID: CVE-2018-14879)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcpdump.c:get_next_file() function in the command-line argument parser. A remote attacker can create a specially crafted file, trick the victim into opening it with the affected software, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
76) Out-of-bounds read (CVE-ID: CVE-2018-14469)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-isakmp.c:ikev1_n_print() within the IKEv1 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
77) Use-after-free (CVE-ID: CVE-2019-5018)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the window function functionality. A remote attacker can send a specially crafted SQL command to the application, trigger user-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
78) Out-of-bounds read (CVE-ID: CVE-2018-14468)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-fr.c:mfr_print() within the FRF.16 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
79) Out-of-bounds read (CVE-ID: CVE-2018-14467)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.
80) Out-of-bounds read (CVE-ID: CVE-2018-14466)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in print-rx.c:rx_cache_find() and rx_cache_insert() functions within the Rx parser. A remote attacker can generate specially crafted RSVP data, trigger out-of-bounds read error and perform denial of service attack.
81) Out-of-bounds read (CVE-ID: CVE-2018-14465)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in print-rsvp.c:rsvp_obj_print() function within the RSVP parser. A remote attacker can generate specially crafted RSVP data, trigger out-of-bounds read error and perform denial of service attack.
82) Out-of-bounds read (CVE-ID: CVE-2018-14464)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in print-lmp.c:lmp_print_data_link_subobjs() function within the LMP parser. A remote attacker can generate specially crafted LMP data, trigger out-of-bounds read error and perform denial of service attack.
83) Out-of-bounds read (CVE-ID: CVE-2018-14463)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in print-vrrp.c:vrrp_print() function within the VRRP parser. A remote attacker can generate specially crafted VRRP data, trigger out-of-bounds read error and perform denial of service attack.
84) Out-of-bounds read (CVE-ID: CVE-2018-14462)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in print-icmp.c:icmp_print() function within the ICMP parser. A remote attacker can generate specially crafted ICMP data, trigger out-of-bounds read error and perform denial of service attack.
85) Out-of-bounds read (CVE-ID: CVE-2018-14461)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in print-ldp.c:ldp_tlv_print() within the LDP parser. A remote attacker can generate specially crafted LDP data, trigger out-of-bounds read error and perform denial of service attack.
86) Out-of-bounds read (CVE-ID: CVE-2018-10105)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when printing SMB data. A remote attacker can generate specially crafted SMB traffic, trigger out-of-bounds read error and perform denial of service attack.
87) Out-of-bounds read (CVE-ID: CVE-2018-10103)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when printing SMB data. A remote attacker can generate specially crafted SMB traffic, trigger out-of-bounds read error and perform denial of service attack.
88) Infinite loop (CVE-ID: CVE-2020-16845)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in "ReadUvarint" and "ReadVarint" in "encoding/binary". A remote attacker can consume all available system resources and cause denial of service conditions.
89) Race condition (CVE-ID: CVE-2020-15586)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler. A remote attacker can exploit the race and cause a denial of service condition on the target system.
90) Infinite loop (CVE-ID: CVE-2020-14040)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
91) Cryptographic issues (CVE-ID: CVE-2019-1551)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an overflow issue within the rsaz_512_sqr(): the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. A remote attacker can perform an attack against DH512 keys.
92) Cross-site scripting (CVE-ID: CVE-2019-8625)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
93) Out-of-bounds read (CVE-ID: CVE-2019-15903)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.
94) Buffer overflow (CVE-ID: CVE-2019-8816)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
95) Buffer overflow (CVE-ID: CVE-2019-15166)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the lmp_print_data_link_subobjs() function in print-lmp.c. A remote attacker can create a specially crafted LMP data, trigger memory corruption and perform a denial of service (DoS) attack.
96) Buffer overflow (CVE-ID: CVE-2019-15165)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the sf-pcapng.c in libpcap when processing the PHB header length before allocating memory. A remote attacker can pass specially crafted data to the application that uses the vulnerable library, trigger memory corruption and perform denial of service (DoS) attack.
97) OS Command Injection (CVE-ID: CVE-2019-14889)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to incorrect handling of the SCP command parameters when initiating the connection within the ssh_scp_new() function. A remote attacker can trick victim into using a specially crafted SCP command to connect to a remote SCP server and execute arbitrary commands on the target server with privileges of the current user.
98) Cryptographic issues (CVE-ID: CVE-2019-13627)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to an error within the libgcrypt20 cryptographic library. A remote attacker can perform ECDSA timing attack.
99) Improper validation of certificate with host mismatch (CVE-ID: CVE-2019-13050)
100) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-11068)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error within the xsltCheckRead() and xsltCheckWrite() functions when processing requests from remote servers. A remote attacker can trick the victim into opening a specially crafted URL that will result in "-1 error" code but the URL itself will be processed by the application later.
Successful exploitation of the vulnerability may allow an attacker to bypass certain security restrictions and perform XXE attacks.101) Use-after-free (CVE-ID: CVE-2019-8846)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the SVG Marker Element feature of Apple Safari's WebKit. A remote attacker can use a specially crafted HTML web page, when opened by a victim, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
102) Buffer overflow (CVE-ID: CVE-2019-8844)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
103) Buffer overflow (CVE-ID: CVE-2019-8835)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
104) Buffer overflow (CVE-ID: CVE-2019-8823)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
105) Buffer overflow (CVE-ID: CVE-2019-8820)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
106) Buffer overflow (CVE-ID: CVE-2019-8819)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
107) Buffer overflow (CVE-ID: CVE-2019-8815)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
108) Buffer overflow (CVE-ID: CVE-2019-8710)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
109) Buffer overflow (CVE-ID: CVE-2019-8814)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
110) Cross-site scripting (CVE-ID: CVE-2019-8813)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
111) Buffer overflow (CVE-ID: CVE-2019-8812)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
112) Buffer overflow (CVE-ID: CVE-2019-8811)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
113) Buffer overflow (CVE-ID: CVE-2019-8808)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
114) Buffer overflow (CVE-ID: CVE-2019-8783)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
115) Buffer overflow (CVE-ID: CVE-2019-8782)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
116) Cross-site scripting (CVE-ID: CVE-2019-8771)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in iframe sandboxing policy. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
117) Information disclosure (CVE-ID: CVE-2019-8769)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation in the drawing of web page elements. A remote attacker can reveal browsing history when a victim visit a maliciously crafted website.
118) Buffer overflow (CVE-ID: CVE-2019-8766)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
119) Cross-site scripting (CVE-ID: CVE-2019-8764)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
120) Buffer overflow (CVE-ID: CVE-2019-8743)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
121) Buffer overflow (CVE-ID: CVE-2019-8720)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.