Download
| Alert*
oval:org.secpod.oval:def:108125
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library. oval:org.secpod.oval:def:1600161 Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs "locked" to the 2014.03 repositories, openssl-1.0.1i-1.79.amzn1 also addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs ... oval:org.secpod.oval:def:107878 Claws Mail is an email client , based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility. oval:org.secpod.oval:def:1000882 The remote host is missing a patch 153101-01 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2100343 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Sudo). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of ... oval:org.secpod.oval:def:601802 Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol extension data. A remote attacker could send multiple specially crafted handshake messa ... oval:org.secpod.oval:def:501486 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:501489 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:108280 Additional plugins for Claws Mail. oval:org.secpod.oval:def:501405 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ... oval:org.secpod.oval:def:1500884 Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:89045266 This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at start ... oval:org.secpod.oval:def:1500883 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500886 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500888 Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:23618 The host is missing a patch containing a security fixes, which affects the following package(s): Java oval:org.secpod.oval:def:1500889 Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:21752 The host is installed with Xcode before 7.0 on Apple Mac OS X 10.10.4 or later, Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 or 10.10.x before 10.10.2 and is prone to a man-in-the-middle vulnerability. A flaw is present in the application, which fails to properly handle a padding-orac ... oval:org.secpod.oval:def:501491 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:501490 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ... oval:org.secpod.oval:def:1600038 A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim applic ... oval:org.secpod.oval:def:52399 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:505617 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:1500891 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500892 Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:108196 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:505619 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:400675 - Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option "tls_versions" to ... oval:org.secpod.oval:def:1200135 Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permi ... oval:org.secpod.oval:def:108269 Claws Mail is an email client , based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility. oval:org.secpod.oval:def:21746 The host is missing a security update according to Apple advisory, APPLE-SA-2014-10-16-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to determine all the network add ... oval:org.secpod.oval:def:107898 A small library for communicating with the REST interface of a Red Hat Unified Entitlement Platform. This interface is used for the management of system entitlements, certificates, and access to content. oval:org.secpod.oval:def:601940 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:108506 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:505660 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Se ... oval:org.secpod.oval:def:203465 OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ... oval:org.secpod.oval:def:203540 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ... oval:org.secpod.oval:def:1200041 A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ... oval:org.secpod.oval:def:203546 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:89045322 This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option "tls_versions" to remedy that issue. Note that users who upg ... oval:org.secpod.oval:def:203545 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:203543 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:1500862 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:203548 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:203547 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:1200086 A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ... oval:org.secpod.oval:def:108462 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:107890 The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes. oval:org.secpod.oval:def:108187 Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. oval:org.secpod.oval:def:109595 Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface. oval:org.secpod.oval:def:203508 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:21591 The host is missing a patch containing a security fixes, which affects the following package(s): Java oval:org.secpod.oval:def:108267 The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes. oval:org.secpod.oval:def:108059 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:109589 Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface. oval:org.secpod.oval:def:702395 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:107888 A small library for communicating with the REST interface of a Red Hat Unified Entitlement Platform. This interface is used for the management of system entitlements, certificates, and access to content. oval:org.secpod.oval:def:21535 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:702397 openjdk-6: Open Source Java implementation Several security issues were fixed in OpenJDK 6. oval:org.secpod.oval:def:1100536 The remote host is missing a patch containing a security fix, which affects the following packages: bos.net.tcp.client and bos.net.tcp.server. For more information please visit vendor advisory link. oval:org.secpod.oval:def:601937 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:505551 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505556 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime E ... oval:org.secpod.oval:def:28657 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-16-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to obtain sensitive i ... oval:org.secpod.oval:def:203539 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ... oval:org.secpod.oval:def:108052 libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library. oval:org.secpod.oval:def:108053 libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library. oval:org.secpod.oval:def:108055 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:602383 lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default. oval:org.secpod.oval:def:107880 Additional plugins for Claws Mail. oval:org.secpod.oval:def:1000888 The remote host is missing a patch 153100-01 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:107882 The Subscription Manager package provides programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. oval:org.secpod.oval:def:23401 The host is missing a security update according to Apple advisory, APPLE-SA-2015-01-27-4. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle crafted data. Successful exploitation allows attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:602094 Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer protocol. For Debian 7 this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default . TLS compression is dis ... oval:org.secpod.oval:def:21398 The host is installed with OpenSSL 1.0.1 before 1.0.1j, 1.0.0 before 1.0.0o or 0.9.8 before 0.9.8zc or Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail ... oval:org.secpod.oval:def:107915 The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no ... oval:org.secpod.oval:def:108520 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:108232 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:1500775 Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport ... oval:org.secpod.oval:def:107894 The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no ... oval:org.secpod.oval:def:108229 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:107815 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:107818 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:108338 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. |