Stefan Cornelius

**Name of the Vulnerable Software and Affected Versions** mholt/archiver (affected versions not specified) **Description** A flaw was discovered in the mholt/archiver package, allowing an attacker to create a specially crafted tar file. When unpacked, this file may allow access to restricted files or directories. The issue can enable the creation or overwriting of files with the user's or application's privileges using the library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.6.36 PHP versions 7.0.x prior to 7.0.30 PHP versions 7.1.x prior to 7.1.17 PHP versions 7.2.x prior to 7.2.5 **Description** The issue is related to Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. This occurs due to an incomplete fix for a previous issue, allowing a remote attacker to perform cross-site scripting attacks. **Recommendations** For PHP versions prior to 5.6.36, update to version 5.6.36 or later. For PHP versions 7.0.x prior to 7.0.30, update to version 7.0.30 or later. For PHP versions 7.1.x prior to 7.1.17, update to version 7.1.17 or later. For PHP versions 7.2.x prior to 7.2.5, update to version 7.2.5 or later.

Name of the Vulnerable Software and Affected Versions: httpd version 2.2.15-60 Description: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. This issue is related to the use of memory after it has been freed when processing comments in the Allow and Deny lines of the Limit directive in the .htaccess configuration file. Exploitation of this issue may allow a remote attacker to cause a crash of the httpd child process or gain access to restricted HTTP resources. Recommendations: For httpd version 2.2.15-60, consider updating to a newer version that includes a fix for this issue, as the current version may allow unintended access to restricted HTTP resources due to incorrect parsing of comments in configuration lines.

**Name of the Vulnerable Software and Affected Versions** Pygments versions 1.2.2 through 2.0.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a font name, specifically in the FontManager. get nix font path function in formatters/img.py. **Recommendations** For Pygments versions 1.2.2 through 2.0.2, consider disabling the `FontManager. get nix font path` function until a patch is available to prevent the execution of arbitrary commands. Restrict access to the `formatters/img.py` module to minimize the risk of exploitation. Avoid using font names that contain shell metacharacters in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7 **Description** The issue allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted multiboot or multiboot2 module in the configuration file. Physically proximate attackers can also bypass intended Secure Boot restrictions and execute non-verified code via the boot menu. The vulnerability is related to insufficient access control to files. **Recommendations** For grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, update to a version 2.02-0.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file and the boot menu to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pixman versions prior to 0.32.8 **Description** An integer overflow issue has been reported in the `general composite rect()` function. This issue could be exploited by an attacker to cause an application using pixman to crash or potentially execute arbitrary code. **Recommendations** For versions prior to 0.32.8, update to version 0.32.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `general composite rect()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** cups-filters versions prior to 1.0.71 **Description** The issue is related to an integer overflow in the texttopdf function of the cups-filters package, which can cause a heap-based buffer overflow. This can lead to a denial of service or possibly allow remote attackers to execute arbitrary code via a crafted line size in a print job. **Recommendations** For versions prior to 1.0.71, update to version 1.0.71 or later to resolve the issue. As a temporary workaround, consider restricting access to the texttopdf function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libwmf version 0.2.8.4 **Description** The issue is related to a heap-based buffer overflow in the DecodeImage function, which can be triggered by a crafted "run-length count" in an image in a WMF file. This can cause a denial of service (crash) or possibly allow remote attackers to execute arbitrary code. **Recommendations** For libwmf version 0.2.8.4, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

**Name of the Vulnerable Software and Affected Versions** libwmf version 0.2.8.4 **Description** A heap-based buffer overflow issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP image. **Recommendations** For libwmf version 0.2.8.4, consider updating to a newer version that addresses this issue, as using a crafted BMP image could lead to a denial of service or code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GIMP versions 2.6.9 and earlier gimp-debuginfo version 2.2.13 **Description** The issue is related to a heap-based buffer overflow in the read xwd cols function in the X Window Dump (XWD) plug-in, which can be exploited by remote attackers using an X Window System (XWD) image dump with more colors than color map entries, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code. Additionally, multiple vulnerabilities in the gimp-debuginfo package may lead to violations of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For GIMP versions 2.6.9 and earlier, update to a version later than 2.6.9 to resolve the issue. For gimp-debuginfo version 2.2.13, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier Oracle Java SE Embedded versions 7u40 and earlier **Description** The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. This is a different vulnerability than the one identified in CVE-2013-5850. It is also related to an Oracle Java ObjectOutputStream Sandbox Bypass Remote Code Execution issue. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For Oracle Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40. As a temporary workaround, consider restricting access to the `ObjectOutputStream` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier Oracle Java SE Embedded versions 7u40 and earlier **Description** The issue allows remote attackers to affect confidentiality, integrity, and availability. It is related to vectors concerning JNDI. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For Oracle Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier JRockit versions R28.2.8 and earlier JRockit versions R27.7.6 and earlier Java SE Embedded versions 7u40 and earlier **Description** The issue affects confidentiality, integrity, and availability. It is related to Libraries, but the exact vectors are unknown. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For JRockit versions R28.2.8 and earlier, update to a version later than R28.2.8. For JRockit versions R27.7.6 and earlier, update to a version later than R27.7.6. For Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier Oracle Java SE Embedded versions 7u40 and earlier **Description** The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For Oracle Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Java SE versions 7u40 and earlier Java SE versions 6u60 and earlier Java SE versions 5.0u51 and earlier Java SE Embedded versions 7u40 and earlier **Description** The issue affects confidentiality and integrity via unknown vectors related to Libraries. It allows remote attackers to exploit the vulnerability. **Recommendations** For Java SE versions 7u40 and earlier, update to a version later than 7u40. For Java SE versions 6u60 and earlier, update to a version later than 6u60. For Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier JRockit versions R28.2.8 and earlier JRockit versions R27.7.6 and earlier Java SE Embedded versions 7u40 and earlier **Description** The issue affects confidentiality, integrity, and availability. It is related to 2D and can be exploited by remote attackers via unknown vectors. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For JRockit versions R28.2.8 and earlier, update to a version later than R28.2.8. For JRockit versions R27.7.6 and earlier, update to a version later than R27.7.6. For Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier JRockit versions R28.2.8 and earlier JRockit versions R27.7.6 and earlier Java SE Embedded versions 7u40 and earlier **Description** The issue allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For JRockit versions R28.2.8 and earlier, update to a version later than R28.2.8. For JRockit versions R27.7.6 and earlier, update to a version later than R27.7.6. For Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier JRockit versions R28.2.8 and earlier JRockit versions R27.7.6 and earlier **Description** The issue affects confidentiality and integrity via unknown vectors related to Javadoc. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For JRockit versions R28.2.8 and earlier, update to a version later than R28.2.8. For JRockit versions R27.7.6 and earlier, update to a version later than R27.7.6.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7u40 and earlier Oracle Java SE versions 6u60 and earlier Oracle Java SE versions 5.0u51 and earlier Oracle Java SE Embedded versions 7u40 and earlier **Description** The issue affects confidentiality, integrity, and availability. It is related to vectors in CORBA. **Recommendations** For Oracle Java SE versions 7u40 and earlier, update to a version later than 7u40. For Oracle Java SE versions 6u60 and earlier, update to a version later than 6u60. For Oracle Java SE versions 5.0u51 and earlier, update to a version later than 5.0u51. For Oracle Java SE Embedded versions 7u40 and earlier, update to a version later than 7u40.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 7 Update 21 and earlier Oracle Java SE versions 6 Update 45 and earlier OpenJDK 7 **Description** The issue affects the Java Runtime Environment component, allowing local users to impact confidentiality, integrity, and availability through unknown vectors related to Networking. There are claims that this issue may be related to improper enforcement of exclusive port binds when running on Windows, potentially allowing attackers to bind to ports that are already in use. **Recommendations** For Oracle Java SE versions 7 Update 21 and earlier, update to a version later than Update 21. For Oracle Java SE versions 6 Update 45 and earlier, update to a version later than Update 45. For OpenJDK 7, consider restricting network access until a patch is available.