Download
| Alert*
oval:org.secpod.oval:def:17245
The host is installed with Apple Safari before 4.0 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long XML entity name. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17284 The host is installed with Apple Safari before 3.2.3 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long XML entity name. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:17287 The host is missing a security update according to Apple advisory, APPLE-SA-2009-05-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:1000371 The remote host is missing a patch 125732-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000410 The remote host is missing a patch 125731-07 containing a security fix. For more information please visit the reference link. oval:org.mitre.oval:def:8076 It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. oval:org.secpod.oval:def:700434 It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. It was discovere ... oval:org.secpod.oval:def:301643 A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code . The updated packages have been patched to prevent this ... |