Download
| Alert*
oval:org.secpod.oval:def:14152
The host is installed with OS X Lion 10.7 through 10.7.5, OS X Lion Server 10.7 through 10.7.5, OS X Mountain Lion 10.8 through 10.8.3, Apple Mac OS X Server 10.6.8 or Apple Mac OS X 10.6.8 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to han ... oval:org.secpod.oval:def:600786 Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Te ... oval:org.secpod.oval:def:1000397 The remote host is missing a patch 147159-05 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:20020 The host is installed with OpenSSL 0.9.8v and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted DER data. Successful exploitation allow remote attackers to conduct buffer overflow attacks, and cause a denial of service. oval:org.secpod.oval:def:21274 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:700843 openssl: Secure Socket Layer cryptographic library and tools An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:302866 It was discovered that the fix for CVE-2012-2110 was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue. oval:org.secpod.oval:def:14174 The host is missing an important security update according to Apple advisory, APPLE-SA-2013-06-04-1. The update is required to fix multiple vulnerabilities. The flaw are present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to crash th ... |