Download
| Alert*
|
oval:org.secpod.oval:def:10945
The host is missing an important security update according to Microsoft bulletin, MS13-040. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted XML file. Successful exploitation allows attackers to gain access ... oval:org.secpod.oval:def:10946 The host is installed with .NET Framework 2.0, 3.5, 3.5.1, 4.0 or 4.5 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to check signatures in XML file. Successful exploitation allows attackers to make undetected changes to signed XML documents via unspecified ... oval:org.secpod.oval:def:18533 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to handles TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to exe ... oval:org.secpod.oval:def:18532 The host is missing an important security update according to Microsoft bulletin, MS14-026. The update is required to fix multiple vulnerabilities. The flaw is present in the .NET Remoting implementation, which fails to handle a crafted website. Successful exploitation allows attacker to execute arb ... oval:org.secpod.oval:def:21094 The host is missing a critical security update according to Microsoft bulletin, MS14-053. The update is required to fix a denial of service vulnerability. A flaw are present in the applications, which does not properly use a hash table for request data. Successful exploitation allows for an unauthen ... oval:org.secpod.oval:def:21095 The host is installed with .Net framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to denial of service vulnerability. A flaw are present in the applications, which does not properly use a hash table for request data. Successful exploitation allows for an unauthenti ... oval:org.secpod.oval:def:21373 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly parse specially crafted internationalized resource identifiers resulting in memory corruption. Su ... oval:org.secpod.oval:def:21835 The host is missing a important security update according to Microsoft security advisory, 2905247. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a improper configuration of view state MAC. Successful exploitation al ... oval:org.secpod.oval:def:24110 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handles certain requests on systems that have custom error messages disabled. Successful exploitat ... oval:org.secpod.oval:def:24111 The host is missing an important security update according to Microsoft bulletin, MS15-041. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly handles certain requests on systems that have custom error messages disabled. Succ ... oval:org.secpod.oval:def:24339 The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 and is prone to an opentype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted OpenType font. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:21565 The host is missing an important security update according to Microsoft bulletin, MS14-072. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle TypeFilterLevel checks for some malformed objects. Successful exploitation al ... oval:org.secpod.oval:def:21564 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to execute ... oval:org.secpod.oval:def:25853 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 or 4.6 and is prone to an Onetype font parsing vulnerability. A flaw ... oval:org.secpod.oval:def:24303 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Forms, which improperly handle objects in memory. Successful exploitation allows attackers to take complete contr ... oval:org.secpod.oval:def:21374 The host is installed with .Net framework 2.0 SP2 or 3.5.1 and is prone to a ASLR execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted content. Successful exploitation allows attacker to bypass the ASLR security feature. oval:org.secpod.oval:def:21375 The host is missing a critical security update according to Microsoft bulletin, MS14-057. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted URI request containing international characters. Successful exploitati ... oval:org.secpod.oval:def:21372 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which inadvertently processes data prior to verification. Successful exploitation allows attacker to take complete cont ... oval:org.secpod.oval:def:20814 The host is installed with .Net framework 2.0, 3.0 or 3.5.1 and is prone to an security feature bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow an attacker to bypass the Address Space Layout Randomization (ASLR ... oval:org.secpod.oval:def:20815 The host is missing an important security update according to Microsoft bulletin, MS14-046. The update is required to fix a security feature bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow an attacker to bypass ... oval:org.secpod.oval:def:24304 The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handle crafted XML data. Successful exploitation allows attackers to degrade the performance of a .NET-ena ... oval:org.secpod.oval:def:24305 The host is missing an important security update according to Microsoft bulletin, MS15-048. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted vectors. Successful exploitation could allow attackers to t ... oval:org.secpod.oval:def:5586 The host is missing a critical security update according to Microsoft security bulletin, MS12-035. The update is required to fix a remote code execution vulnerability. The flaws are present in .NET Framework, which fail to handle a specially crafted webpage. Successful exploitation could allow remot ... oval:org.secpod.oval:def:5589 The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input through partially trus ... oval:org.secpod.oval:def:5588 The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input. Successful exploitati ... oval:org.secpod.oval:def:1383 The host is missing a critical security update according to Microsoft security bulletin, MS10-041. The update is required to fix data tampering vulnerability. A flaw is present in the Microsoft .NET Framework, which allows data tampering of signed XML content without being detected. Successful explo ... oval:org.secpod.oval:def:5130 The host is missing an important security update according to Microsoft security bulletin, MS12-025. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful expl ... oval:org.secpod.oval:def:5129 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:63120 An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. oval:org.secpod.oval:def:2047 The host is missing a critical security update according to Microsoft security bulletin, MS10-070. The update is required to fix information disclosure vulnerability. A flaw is present in ASP.NET (.Net Framework) encryption implementation in IIS, which fails to evaluate generated error codes during ... oval:org.mitre.oval:def:7158 The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10. ... oval:org.secpod.oval:def:49766 The host is missing a critical security update 4470602 oval:org.secpod.oval:def:49761 The host is missing a critical security update 4470600 oval:org.secpod.oval:def:49762 The host is missing a critical security update 4470601 oval:org.secpod.oval:def:49769 The host is missing a critical security update 4470630 oval:org.secpod.oval:def:49770 The host is missing a critical security update 4470629 oval:org.secpod.oval:def:49775 The host is missing a critical security update 4470641 oval:org.mitre.oval:def:12542 Microsoft .NET Framework 3.5 SP1 is installed oval:org.secpod.oval:def:14325 Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 on 64-bit platforms and is prone to array allocation vulnerability. A flaw is present in the application, which fails to properly allocate arrays of structures. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:14326 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to anonymous method injection vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows attackers to execu ... oval:org.secpod.oval:def:14324 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate serialization vulnerability. A flaw is present in the application, which fails to properly check the permissions of delegate objects. Successful exploitation allows attackers to execute arbitrary co ... oval:org.secpod.oval:def:40473 The host is missing security update for KB4019112. This security update resolves vulnerabilities in Microsoft .NET Framework that could allow to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. oval:org.secpod.oval:def:40474 The host is missing an important security update KB4019113 oval:org.secpod.oval:def:40475 The host is missing an important security update KB4019114 oval:org.secpod.oval:def:2585 The host is missing a critical security update according to Microsoft security bulletin, MS10-060. The update is required to fix code execution vulnerability. A flaw is present in the CLR Virtual Method (CLR) in Microsoft .NET Framework, which fails to handle interfaces and delegations to virtual me ... oval:org.secpod.oval:def:16786 The host is missing a important security update according to Microsoft bulletin, MS14-009. The update is required to fix multiple vulnerabilities. The flaws are present in microsoft graphic component, which fails to handle a crafted website. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:16789 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to type traversal vulnerability. A flaw is present in the application, which improperly verifies that a method is safe for execution. Successful exploitation allows attacker to take complete contro ... oval:org.secpod.oval:def:16788 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to post request denial of service vulnerability. A flaw is present in the application, which improperly identifies stale or closed HTTP client connections. Successful exploitation allows attackers ... oval:org.secpod.oval:def:15663 The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to an entity expansion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15664 The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to a JSON parsing vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15661 The host is missing a critical security update, according to Microsoft bulletin MS13-082. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to handle crafted OpenType font (OTF) file. Successful exploitation could allo ... oval:org.secpod.oval:def:15662 The host is installed with .Net framework 3.0, 3.5.1, 4.0 or 4.5 and is prone to an openType font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted OTF file. Successful exploitation could allow attackers to take complete control of an affected system. oval:org.mitre.oval:def:12033 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote att ... oval:org.secpod.oval:def:14327 The host is installed with Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate reflection bypass vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows ... oval:org.mitre.oval:def:12365 Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) ... oval:org.secpod.oval:def:16790 The host is installed with .NET Framework 2.0 SP2 or 3.5.1 and is prone to address space layout randomization vulnerability. A flaw is present in the application, which fails to handle ASLR security feature. Successful exploitation allows attacker to bypass the ASLR security feature. oval:org.secpod.oval:def:57320 The host is missing an important security update for KB4507413 oval:org.secpod.oval:def:57318 The host is missing an important security update for KB4507411 oval:org.secpod.oval:def:57315 The host is missing an important security update for KB4507422 oval:org.secpod.oval:def:57319 The host is missing an important security update for KB4507412 oval:org.secpod.oval:def:57314 The host is missing an important security update for KB4507421 oval:org.secpod.oval:def:57313 The host is missing an important security update for KB4507420 oval:org.secpod.oval:def:57311 The host is missing an important security update for KB4506991 oval:org.secpod.oval:def:64256 The host is missing a critical security update for KB4566519 oval:org.secpod.oval:def:64259 The host is missing a critical security update for KB4566466 oval:org.secpod.oval:def:64260 The host is missing a critical security update for KB4566467 oval:org.secpod.oval:def:64261 The host is missing a critical security update for KB4566468 oval:org.secpod.oval:def:64249 The host is missing a critical security update for KB4565627 oval:org.secpod.oval:def:64252 The host is missing a critical security update for KB4565633 oval:org.secpod.oval:def:64254 The host is missing a critical security update for KB4566517 oval:org.secpod.oval:def:64255 The host is missing a critical security update for KB4566518 oval:org.secpod.oval:def:42069 The host is missing an important security update KB4040979 oval:org.secpod.oval:def:42075 The host is missing an important security update KB4040967 oval:org.secpod.oval:def:42074 The host is missing an important security update 4040966 oval:org.secpod.oval:def:42073 The host is missing a security update 4040965 oval:org.secpod.oval:def:42060 The host is missing an important security update 4040980 oval:org.secpod.oval:def:42061 The host is missing an important security update KB4040981 oval:org.secpod.oval:def:60702 The host is missing a critical security update for KB4535104 oval:org.secpod.oval:def:60700 The host is missing a critical security update for KB4535102 oval:org.secpod.oval:def:60701 The host is missing a critical security update for KB4535103 oval:org.secpod.oval:def:60696 The host is missing a critical security update for KB4534977 oval:org.secpod.oval:def:60697 The host is missing a critical security update for KB4534978 oval:org.secpod.oval:def:60695 The host is missing a critical security update for KB4534976 oval:org.secpod.oval:def:60693 The host is missing a critical security update for KB4532938 oval:org.secpod.oval:def:54860 The host is missing an important security update for KB4498961 oval:org.secpod.oval:def:54861 The host is missing an important security update for KB4498962 oval:org.secpod.oval:def:54865 The host is missing an important security update for KB4499406 oval:org.secpod.oval:def:54862 The host is missing an important security update for KB4498963 oval:org.secpod.oval:def:54866 The host is missing an important security update for KB4499407 oval:org.secpod.oval:def:54867 The host is missing an important security update for KB4499408 oval:org.secpod.oval:def:45417 The host is missing an important security update for KB4095874 oval:org.secpod.oval:def:45428 The host is missing an important security update 4095515 oval:org.secpod.oval:def:45433 The host is missing an important security update for KB4095872 oval:org.secpod.oval:def:45430 The host is missing an important security update 4095512 oval:org.secpod.oval:def:45443 The host is missing an important security update 4095514 oval:org.secpod.oval:def:45411 The host is missing an important security update for KB4095875 oval:org.secpod.oval:def:46402 The host is missing an important security update for KB4338610 oval:org.secpod.oval:def:46404 The host is missing an important security update for KB4338612 oval:org.secpod.oval:def:46405 The host is missing an important security update for KB4338613 oval:org.secpod.oval:def:46392 The host is missing an important security update for KB4338421 oval:org.secpod.oval:def:46394 The host is missing an important security update for KB4338423 oval:org.secpod.oval:def:46395 The host is missing an important security update for KB4338424 oval:org.secpod.oval:def:47183 The host is missing an important security update for KB4344153 oval:org.secpod.oval:def:47180 The host is missing an important security update for KB4344150 oval:org.secpod.oval:def:47182 The host is missing an important security update for KB4344152 oval:org.secpod.oval:def:47190 The host is missing an important security update for KB4344175 oval:org.secpod.oval:def:47193 The host is missing an important security update for KB4344178 oval:org.secpod.oval:def:47192 The host is missing an important security update for KB4344177 oval:org.secpod.oval:def:47500 The host is missing a critical security update for KB4457042 oval:org.secpod.oval:def:47502 The host is missing a critical security update for KB4457044 oval:org.secpod.oval:def:47501 The host is missing a critical security update for KB4457045 oval:org.secpod.oval:def:47507 The host is missing a critical security update 4457053 oval:org.secpod.oval:def:47511 The host is missing a critical security update 4457055 oval:org.secpod.oval:def:47512 The host is missing a critical security update 4457056 oval:org.secpod.oval:def:50150 The host is missing an important security update 4480063 oval:org.secpod.oval:def:50151 The host is missing an important security update 4480064 oval:org.secpod.oval:def:50148 The host is missing an important security update 4480061 oval:org.secpod.oval:def:50160 The host is missing an important security update 4480085 oval:org.secpod.oval:def:50161 The host is missing an important security update 4480086 oval:org.secpod.oval:def:50158 The host is missing an important security update 4480083 oval:org.secpod.oval:def:50762 The host is missing an important security update 4483456 oval:org.secpod.oval:def:50764 The host is missing an important security update 4483458 oval:org.secpod.oval:def:50765 The host is missing an important security update 4483459 oval:org.secpod.oval:def:50772 The host is missing an important security update 4483481 oval:org.secpod.oval:def:50774 The host is missing an important security update 4483483 oval:org.secpod.oval:def:50775 The host is missing an important security update 4483484 oval:org.secpod.oval:def:58550 The host is missing an important security update for KB4514599 oval:org.secpod.oval:def:58552 The host is missing an important security update for KB4514603 oval:org.secpod.oval:def:58553 The host is missing an important security update for KB4514604 oval:org.secpod.oval:def:58547 The host is missing an important security update for KB4514359 oval:org.secpod.oval:def:58549 The host is missing an important security update for KB4514598 oval:org.secpod.oval:def:63249 The host is missing an important security update for KB4552931 oval:org.secpod.oval:def:63251 The host is missing an important security update for KB4556399 oval:org.secpod.oval:def:63252 The host is missing an important security update for KB4556400 oval:org.secpod.oval:def:63253 The host is missing an important security update for KB4556401 oval:org.secpod.oval:def:63256 The host is missing an important security update for KB4556403 oval:org.secpod.oval:def:63257 The host is missing an important security update for KB4556404 oval:org.secpod.oval:def:63258 The host is missing an important security update for KB4556405 oval:org.secpod.oval:def:49765 The host is missing a critical security update 4470601 oval:org.secpod.oval:def:9280 The host is missing an important security update according to Microsoft bulletin, MS13-015. The update is required to fix privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a web browser that can run XAML Browser Applications. Successful exploita ... oval:org.secpod.oval:def:9281 The host is installed with .NET Framework 2.0 or 3.5 or 3.5.1 or 4.0 or 4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle permissions of a callback function. Successful exploitation allows attackers to take complete control o ... oval:org.secpod.oval:def:8344 The host is missing an important security update according Microsoft bulletin MS13-007. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:8340 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to double construction vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install programs, v ... oval:org.secpod.oval:def:8341 The host is missing an important security update according to Microsoft security bulletin, MS13-004. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the vectors related to memory. Successful exploitation allows remote a ... oval:org.secpod.oval:def:8342 The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ... oval:org.secpod.oval:def:8339 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to S.DS.P buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle System.DirectoryServices.Protocols (S.DS.P) namespace method. Successful exploitation allows re ... oval:org.secpod.oval:def:8337 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 or 4.5 and is prone to WinForms buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a Windows Forms method. Successful exploitation allows remote attackers to install ... oval:org.secpod.oval:def:7927 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ... oval:org.secpod.oval:def:7929 The host is missing a critical security update according to Microsoft Security Bulletin, MS12-074. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and properly perform validations. Successful exploitation allows ... oval:org.secpod.oval:def:7924 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ... oval:org.secpod.oval:def:7925 The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ... oval:org.secpod.oval:def:7926 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ... oval:org.secpod.oval:def:6026 The host is installed with Microsoft .Net framework 2.0 Sp2 or 3.5.1 or 4.0 or 4.5 Beta and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take complete control of ... oval:org.secpod.oval:def:6024 The host is missing a critical security update according to Microsoft bulletin, MS12-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take comp ... oval:org.secpod.oval:def:4156 The host is missing a critical security update according to Microsoft security bulletin, MS12-016. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft .NET Framework and Microsoft Silverlight, which fails to handle a specially crafted web page usin ... oval:org.secpod.oval:def:4157 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4.0 or Silverlight and is prone unmanaged objects vulnerability. A flaw is present in the applications, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:4158 The host is installed with Microsoft .NET Framework 2.0 SP2, and 3.5.1 and is prone heap corruption vulnerability. A flaw is present in the Microsoft .NET Framework, which fails to handle calculation of buffer length while processing specially crafted input. Successful exploitation could allow remot ... oval:org.secpod.oval:def:3631 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to correctly authenticate specially crafted usernames. Successful exploitation allows remote authenticated ... oval:org.secpod.oval:def:3632 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle cached content when Forms Authentication is used with sliding expiry. Successful exploit ... oval:org.secpod.oval:def:3630 The host is installed with Microsoft .Net Framework 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to open redirect vulnerability. A flaw is present in the applications, which fail to properly verify return URLs during the forms authentication process. Successful exploitation allows remote attackers to red ... oval:org.secpod.oval:def:3633 The host is missing a critical security update according to Microsoft security bulletin, MS11-100. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the applications, which fail to properly handle the Forms Authentication feature in ASP.NET subsy ... oval:org.secpod.oval:def:3629 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to denial of service vulnerability. A flaw is present in the applications, where ASP.NET fails to properly hash specially crafted requests and inserts that data into a hash table causing a hash collisi ... oval:org.secpod.oval:def:1755 The host is missing a moderatesecurity update according to Microsoft security bulletin, MS11-069. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Suc ... oval:org.secpod.oval:def:1754 The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 SP1 or 4.0 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Successful exploitation allows attacke ... oval:org.secpod.oval:def:1183 The host is missing a Critical security update according to Microsoft security bulletin, MS11-044. The update is required to fix remote code execution vulnerability in Microsoft .NET Framework on Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. The flaw is pres ... oval:org.secpod.oval:def:1182 The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in the JIT compiler when IsJITOptimizerDisabled is false, which fails to handle expressions related to null strings. Successful exploitation allows an attacker to install progra ... oval:org.secpod.oval:def:820 The host is missing a Critical security update according to Microsoft security bulletin, MS11-028. The update is required to fix a remote code execution vulnerability in Microsoft .NET Framework. A flaw is present in the JIT compiler, which fails to compile certain function calls. Successful ex ... oval:org.secpod.oval:def:714 The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in x86 JIT compiler, which fails to compiling certain function calls. Successful exploitation could allow remote attackers to corrupt the stack and execute remote code. oval:org.mitre.oval:def:6510 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight applicat ... oval:org.secpod.oval:def:2640 The host is missing a critical security update according to Microsoft security bulletin, MS09-061. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft .NET Common Language Runtime (CLR), which fails to handle interfaces and verify the rules of ... oval:org.mitre.oval:def:5716 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) ... oval:org.mitre.oval:def:6451 Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Fra ... oval:org.secpod.oval:def:78831 The host is missing an important security update for KB5012329 oval:org.secpod.oval:def:78832 The host is missing an important security update for KB5012324 oval:org.secpod.oval:def:78834 The host is missing an important security update for KB5012330 oval:org.secpod.oval:def:78835 The host is missing an important security update for KB5012325 oval:org.secpod.oval:def:78838 The host is missing an important security update for KB5012120 oval:org.secpod.oval:def:78839 The host is missing an important security update for KB5012123 oval:org.secpod.oval:def:78830 The host is missing an important security update for KB5012331 oval:org.secpod.oval:def:78829 The host is missing an important security update for KB5012326 oval:org.secpod.oval:def:66152 The host is missing an important security update for KB4580330 oval:org.secpod.oval:def:66151 The host is missing an important security update for KB4580328 oval:org.secpod.oval:def:66116 The host is missing an important security update for KB4579977 oval:org.secpod.oval:def:66118 The host is missing an important security update for KB4579979 oval:org.secpod.oval:def:66117 The host is missing an important security update for KB4579978 oval:org.secpod.oval:def:66121 The host is missing an important security update for KB4580467 oval:org.secpod.oval:def:66123 The host is missing an important security update for KB4580469 oval:org.secpod.oval:def:66122 The host is missing an important security update for KB4580468 oval:org.secpod.oval:def:66111 The host is missing an important security update for KB4578968 oval:org.secpod.oval:def:66114 The host is missing an important security update for KB4578974 oval:org.secpod.oval:def:40496 The host is missing an important security update KB4019473 oval:org.secpod.oval:def:40497 The host is missing an important security update KB4016871 oval:org.secpod.oval:def:47162 The host is missing an important security update for KB4343885 oval:org.secpod.oval:def:47167 The host is missing an important security update for KB4343897 oval:org.secpod.oval:def:47172 The host is missing an important security update for KB4343909 oval:org.secpod.oval:def:46413 The host is missing an important security update for KB4338825 oval:org.secpod.oval:def:46414 The host is missing an important security update for KB4338826 oval:org.secpod.oval:def:47484 The host is missing an important security update for KB4457142 oval:org.secpod.oval:def:49748 The host is missing an important security update for KB4471324 oval:org.secpod.oval:def:49753 The host is missing an important security update for KB4471329 oval:org.secpod.oval:def:49751 The host is missing an important security update for KB4471327 oval:org.secpod.oval:def:50745 The host is missing an important security update for KB4486996 oval:org.secpod.oval:def:50747 The host is missing an important security update for KB4487017 oval:org.secpod.oval:def:50750 The host is missing an important security update for KB4487020 oval:org.secpod.oval:def:47516 The host is missing a critical security update for KB4457128 oval:org.secpod.oval:def:50141 The host is missing an important security update for KB4480978 oval:org.secpod.oval:def:50135 The host is missing an important security update for KB4480966 oval:org.secpod.oval:def:50139 The host is missing an important security update for KB4480973 oval:org.secpod.oval:def:47495 The host is missing a critical security update for KB4457138 oval:org.secpod.oval:def:63192 The host is missing a critical security update for KB4556812 oval:org.secpod.oval:def:63193 The host is missing a critical security update for KB4556807 oval:org.secpod.oval:def:78837 The host is missing an important security update for KB5012121 oval:org.secpod.oval:def:78826 The host is missing an important security update for KB5012117 oval:org.secpod.oval:def:33262 The host is installed with .NET Framework 2.0 SP2, 3.0, 3.5, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a security feature bypass vulnerability. A flaw is present in the .NET Framework component, which does not properly validate certain elements of a signed XML document. Successful exploitation allo ... oval:org.secpod.oval:def:33261 The host is missing a important security update according to Microsoft security bulletin, MS16-035. The update is required to fix a security feature bypass vulnerability. The flaw is present in the .NET Framework, which does not properly validate certain elements of a signed XML document. Successful ... oval:org.secpod.oval:def:25855 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, or 4.6 and is prone to an Onetype font parsing vulnerabilit ... oval:org.secpod.oval:def:31010 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle specially crafted XML files. An attacker who successfully exploited this vulnerability could ... oval:org.secpod.oval:def:31012 The host is installed with .Net framework 2.0 SP2, 3.5.1 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not properly implement the Address Space Layout Randomization (ASLR) security feature. An attacker who successfully exploited this vulnerability cou ... oval:org.secpod.oval:def:31013 The host is missing an important security update according to Microsoft bulletin, MS15-118. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors. An attacker who successfully exploited this vulnerability could take co ... oval:org.secpod.oval:def:26552 The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate the number of objects in memory before copying those objects into an array. An attacker ... oval:org.secpod.oval:def:26554 The host is missing an important security update according to Microsoft bulletin, MS15-101. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which improperly optimizes certain parameters resulting in a code generation error. An ... oval:org.secpod.oval:def:34330 The host is missing an critical security update according to Microsoft security bulletin, MS16-065. The update is required to fix a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure ... oval:org.secpod.oval:def:34329 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure channel and then man-in-the-middle ... oval:org.secpod.oval:def:35946 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful exploitation allows attackers to rea ... oval:org.secpod.oval:def:35947 The host is missing an important security update according to Microsoft security bulletin, MS16-091. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful ... oval:org.secpod.oval:def:40494 The host is missing an important security update KB4019474 oval:org.secpod.oval:def:46415 The host is missing an important security update for KB4338829 oval:org.secpod.oval:def:47165 The host is missing an important security update for KB4343892 oval:org.secpod.oval:def:47490 The host is missing a critical security update for KB4457132 oval:org.secpod.oval:def:50132 The host is missing an important security update for KB4480962 oval:org.secpod.oval:def:50748 The host is missing an important security update for KB4487018 oval:org.secpod.oval:def:63188 The host is missing a critical security update for KB4556826 oval:org.secpod.oval:def:64351 The host is missing a critical security update for KB4565513 oval:org.secpod.oval:def:66150 The host is missing an important security update for KB4580327 oval:org.secpod.oval:def:38333 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6, 4.6.1 or 4.6.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly uses a developer-supplied key. Successful exploitation allows attackers to access information that shou ... oval:org.secpod.oval:def:38335 The host is missing an important security update according to Microsoft bulletin, MS16-155. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly uses a developer-supplied key. Successful exploitation allows attackers to access ... oval:org.secpod.oval:def:40495 The host is missing an important security update KB4019472 oval:org.secpod.oval:def:40471 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6, 4.7, 4.6.1 or 4.6.2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate certificates. Successful exploitation allows attackers to present a certificate th ... oval:org.secpod.oval:def:42081 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:43459 A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing spe ... oval:org.secpod.oval:def:43461 A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the E ... oval:org.secpod.oval:def:46373 An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correct ... oval:org.secpod.oval:def:46375 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:46406 The host is missing an important security update for KB4338814 oval:org.secpod.oval:def:45407 A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would f ... oval:org.secpod.oval:def:45408 A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing speci ... oval:org.secpod.oval:def:47463 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:47163 The host is missing an important security update for KB4343887 oval:org.secpod.oval:def:47494 The host is missing a critical security update for KB4457131 oval:org.secpod.oval:def:47153 An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend in ... oval:org.secpod.oval:def:49745 The host is missing an important security update for KB4471321 oval:org.secpod.oval:def:50753 The host is missing an important security update for KB4487026 oval:org.secpod.oval:def:63185 The host is missing a critical security update for KB4556813 oval:org.secpod.oval:def:64350 The host is missing a critical severity security update for KB4565511 oval:org.secpod.oval:def:66154 The host is missing an important security update for KB4580346 oval:org.secpod.oval:def:50070 An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. oval:org.secpod.oval:def:49760 The host is missing a critical security update 4470502 oval:org.secpod.oval:def:49716 A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authenticati ... oval:org.secpod.oval:def:49717 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:50709 A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged ... oval:org.secpod.oval:def:50710 A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hos ... oval:org.secpod.oval:def:50795 The host is missing an important security update 4483452 oval:org.secpod.oval:def:54864 The host is missing an important security update for KB4499405 oval:org.secpod.oval:def:57317 The host is missing an important security update for KB4507419 oval:org.secpod.oval:def:57307 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:57306 A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application. A remote unauthenticated attacker could exploit this vulner ... oval:org.secpod.oval:def:58551 The host is missing an important security update for KB4514601 oval:org.secpod.oval:def:58502 An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. ... oval:org.secpod.oval:def:60629 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:60627 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:60628 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:60699 The host is missing a critical security update for KB4535101 oval:org.secpod.oval:def:63119 A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, wit ... oval:org.secpod.oval:def:63255 The host is missing an important security update for KB4556441 oval:org.secpod.oval:def:63181 The host is missing a critical security update for KB4551853 oval:org.secpod.oval:def:64214 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible fo ... oval:org.secpod.oval:def:64258 The host is missing a critical security update for KB4566516 oval:org.secpod.oval:def:66070 An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a sp ... oval:org.secpod.oval:def:66120 The host is missing an important security update for KB4579976 oval:org.secpod.oval:def:77180 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:78757 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:78833 The host is missing an important security update for KB5012328 oval:org.secpod.oval:def:79936 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:85497 .NET Framework Information Disclosure Vulnerability oval:org.secpod.oval:def:87536 .NET Framework Denial of service Vulnerability. An authenticated attacker could exploit this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:87537 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker or victim must execute code on the victim's machine. oval:org.secpod.oval:def:87534 .NET Framework Denial of service Vulnerability. An authenticated attacker could exploit this vulnerability. It does not require admin or other elevated privileges. oval:org.secpod.oval:def:87535 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker or victim must execute code on the victim's machine. oval:org.secpod.oval:def:93038 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that a user trigger the payload in the application. oval:org.secpod.oval:def:93039 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:93041 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:93042 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:93040 Remote Code Execution Vulnerability. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. oval:org.secpod.oval:def:46374 A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validat ... oval:org.secpod.oval:def:90395 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker convinces a victim to download and open a specially crafted file from a w ... oval:org.secpod.oval:def:90396 .NET Framework Denial of Service Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to cause a denial of service vulnerability. oval:org.secpod.oval:def:90397 .NET Framework Remote Code Execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker convinces a victim to download and open a specially crafted file from a w ... oval:org.secpod.oval:def:90398 .NET Framework Elevation of Privilege Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to gain administrator privileges. oval:org.secpod.oval:def:90399 .NET Framework Remote code execution Vulnerability. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. In order to exploit this vulnerability, an attacker convinces a victim to download and open a specially crafted file from a w ... oval:org.secpod.oval:def:90400 .NET Framework Remote code execution Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to cause a denial of service vulnerability. oval:org.secpod.oval:def:93106 The host is missing an important security update for KB5030220 oval:org.secpod.oval:def:93101 The host is missing an important security update for KB5030213 oval:org.secpod.oval:def:5624 The host is missing an important security update according to Microsoft security bulletin, MS12-034. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Office, Windows, .NET Framework, and Silverlight, which fail to handle a specially crafted document or a ... oval:org.secpod.oval:def:14317 The host is installed with Microsoft Office 2003 SP3 /2007 SP3 /2010 SP1, Windows, Visual Studio .NET 2003 SP1, Lync 2010, Lync Basic 2013 or Lync 2010 Attendee, and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly process crafted TrueTyp ... oval:org.secpod.oval:def:14328 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 or Silverlight 5 before 5.1.20513.0 and is prone to array access violation vulnerability. A flaw is present in the applications, which fail to properly prevent changes to data in multidimensional arrays of structures. Succe ... oval:org.secpod.oval:def:24338 The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight 5 or Silverlight 5 Developer Runtime and is prone to a truetype f ... oval:org.secpod.oval:def:25849 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ... oval:org.secpod.oval:def:25850 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ... oval:org.secpod.oval:def:25856 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, ... oval:org.secpod.oval:def:25857 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 ... oval:org.secpod.oval:def:5627 The host is installed with Microsoft Office, Windows, .NET Framework, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install ... oval:org.secpod.oval:def:1171 The host is installed with Microsoft .Net framework 2.0 SP1 or 2.0 SP2 or 3.5 or 3.5 SP1 or 4.0 or Microsoft Silverlight 4 and is prone to remote code execution vulnerability. A flaw is present in the applications which is caused when the .NET Framework or Microsoft Silverlight improperly validate a ... oval:org.secpod.oval:def:1172 The host is missing an critical security update according to Microsoft security bulletin, MS11-039. The update is required to fix remote code execution vulnerability in Microsoft .Net framework and Microsoft Silverlight. A flaw is present in the applications which is caused when the .NET Framework a ... oval:org.secpod.oval:def:25859 The host is missing a critical security update according to Microsoft security bulletin, MS15-080. The update is required fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a crafted TrueType fonts or OneType fonts. Successful exploitation could allow attac ... oval:org.secpod.oval:def:2548 The host is installed with Microsoft .NET Framework or Microsoft Silverlight and is prone to a remote code execution vulnerability. Flaws are present in the Microsoft ASP.NET and Microsoft Silverlight, which fails to handle specially crafted web pages. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:2547 The host is missing a critical security update according to Microsoft security bulletin, MS11-078. The update is required to fix a remote code execution vulnerability. Flaws are present in the Microsoft .NET Framework and Microsoft Silverlight, which fails to handle specially crafted web pages by a ... oval:org.secpod.oval:def:14322 The host is missing a critical security update according to Microsoft bulletin, ms13-052. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle certain vectors and improper validations. Successful exploitation allows attacker ... oval:org.secpod.oval:def:24340 The host is missing a critical security update according to Microsoft security bulletin, MS15-044. The update is required fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle a crafted TrueType or OpenType font. Successful exploitation c ... oval:org.secpod.oval:def:64347 The host is missing a critical security update for KB4565489 oval:org.secpod.oval:def:64349 The host is missing a critical security update for KB4565508 oval:org.secpod.oval:def:64908 An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send a ... oval:org.secpod.oval:def:64909 A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ... oval:org.secpod.oval:def:64950 The host is missing an important security update for KB4570506 oval:org.secpod.oval:def:64951 The host is missing an important security update for KB4570507 oval:org.secpod.oval:def:64952 The host is missing an important security update for KB4570508 oval:org.secpod.oval:def:64940 The host is missing an important security update for KB4569745 oval:org.secpod.oval:def:64943 The host is missing an important security update for KB4569751 oval:org.secpod.oval:def:64945 The host is missing an important security update for KB4570500 oval:org.secpod.oval:def:64946 The host is missing an important security update for KB4570501 oval:org.secpod.oval:def:64947 The host is missing an important security update for KB4570502 oval:org.secpod.oval:def:64949 The host is missing an important security update for KB4570505 oval:org.secpod.oval:def:45418 The host is missing an important security update for KB4103731 oval:org.secpod.oval:def:45422 The host is missing an important security update for KB4103716 oval:org.secpod.oval:def:45423 The host is missing an important security update for KB4103721 oval:org.secpod.oval:def:45435 The host is missing an important security update for KB4103723 oval:org.secpod.oval:def:45438 The host is missing an important security update for KB4103727 oval:org.secpod.oval:def:94440 ASP.NET Security Feature Bypass Vulnerability. The attacker would be able to bypass the security checks that prevents an attacker from accessing internal applications in a website. oval:org.secpod.oval:def:94441 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. To exploit this vulnerability an attacker would have to inject arbitrary commands to the FTP server. The type of information that could be disclosed if an attacker successfully exploited this vulnerability would be access ... oval:org.secpod.oval:def:90381 The host is missing a critical security update for KB5027219 oval:org.secpod.oval:def:90385 The host is missing a critical security update for KB5027230 oval:org.secpod.oval:def:65075 The host is missing a critical security update for KB4571692 oval:org.secpod.oval:def:65076 The host is missing a critical security update for KB4571694 oval:org.secpod.oval:def:65079 The host is missing an important security update for KB4571709 oval:org.secpod.oval:def:65085 The host is missing a critical security update for KB4571741 oval:org.secpod.oval:def:91822 .NET Framework Spoofing Vulnerability. Successful exploitation of this vulnerability requires an attacker to create a crafted certificate in order to validate themselves as a trusted source. oval:org.secpod.oval:def:91821 ASP.NET Elevation of Privilege Vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to gain the rights of the user that is running the affected application. oval:org.secpod.oval:def:31753 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010, .NET Fra ... oval:org.secpod.oval:def:31757 The host is missing a critical security update according to Microsoft security bulletin, MS15-128. The update is required to fix graphics memory corruption vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. An attacker who s ... oval:org.secpod.oval:def:33963 The host is missing a critical security update according to Microsoft security bulletin, MS16-039. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. An attacker who successfully exploi ... oval:org.secpod.oval:def:33964 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, .NET Framework 3.0 SP2, 3.5, 3.5.1, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2 ... oval:org.secpod.oval:def:37489 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .net framework 3.0, 4.6, 4.5 SP2, 3.5.1, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, ... oval:org.secpod.oval:def:37496 The host is missing an critical security update according to Microsoft bulletin, MS16-120. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which improperly handles GDI components. An attacker who successfully exploited these vulnerabilities could ob ... |
