[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:39515
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving use of the srand function. Successful exploitation could allow context-dependent attackers to defeat cryptograph ...

oval:org.secpod.oval:def:603085
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:602607
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.

oval:org.secpod.oval:def:602560
It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin"s add/change related popup.

oval:org.secpod.oval:def:602586
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using cra ...

oval:org.secpod.oval:def:703211
python-django: High-level Python web development framework A security issue was fixed in Django.

oval:org.secpod.oval:def:703241
fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:602485
Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in ...

oval:org.secpod.oval:def:602706
It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.

oval:org.secpod.oval:def:703814
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:38512
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:602494
Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki"s use of imagemagick in the img plugin.

oval:org.secpod.oval:def:603039
Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ...

oval:org.secpod.oval:def:603164
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:43225
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:602554
Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to ...

oval:org.secpod.oval:def:703383
c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname.

oval:org.secpod.oval:def:602633
Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution.

oval:org.secpod.oval:def:602578
Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS ...

oval:org.secpod.oval:def:36755
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:38510
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:703223
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:602588
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan ...

oval:org.secpod.oval:def:703239
postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:38511
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:602569
Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application ...

oval:org.secpod.oval:def:602873
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

oval:org.secpod.oval:def:703599
git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:603190
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:113645
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:602853
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution ...

oval:org.secpod.oval:def:703583
icu: International Components for Unicode library Several security issues were fixed in ICU.

oval:org.secpod.oval:def:603238
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

oval:org.secpod.oval:def:501821
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:39504
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle vectors involving use of the srand function. Successful exploitation allows attackers to defeat cryptographic protection mechanisms.

oval:org.secpod.oval:def:113941
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113917
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113907
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:603162
Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.

oval:org.secpod.oval:def:703880
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:603176
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603175
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603218
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ...

oval:org.secpod.oval:def:1600832
Transmission relies on X-Transmission-Session-Id for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack

oval:org.secpod.oval:def:603237
Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/se ...

oval:org.secpod.oval:def:603184
Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.

oval:org.secpod.oval:def:603244
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ...

oval:org.secpod.oval:def:34616
The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ...

oval:org.secpod.oval:def:33646
The host is missing a security update according to Apple advisory, APPLE-SA-2016-03-21-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:36326
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ...

oval:org.secpod.oval:def:40418
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:40417
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:603215
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system.

oval:org.secpod.oval:def:113954
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:113943
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:603233
Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

oval:org.secpod.oval:def:603132
Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603160
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

oval:org.secpod.oval:def:703861
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:603186
Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603171
Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes.

oval:org.secpod.oval:def:113576
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113609
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113607
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:603216
Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:113735
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:113751
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:602379
Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.

oval:org.secpod.oval:def:602090
Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash.

oval:org.secpod.oval:def:39507
The host is missing a critical security update according to Apple advisory, APPLE-SA-2017-03-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:39508
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-22-2. The update is required to fix multiple vulnerabilities in Apple iTunes. The flaws are present in SQLite and expat which fails to handle vectors related to iTunes, crafted xml files. Successful exploitation coul ...

oval:org.secpod.oval:def:602320
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ...

oval:org.secpod.oval:def:43036
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:603265
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ...

oval:org.secpod.oval:def:1600840
Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ...

oval:org.secpod.oval:def:44095
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:114082
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114077
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:603272
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:703986
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:703988
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:113871
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:603227
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened.

oval:org.secpod.oval:def:114056
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:34398
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34397
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34763
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a CSP bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34756
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34757
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34753
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34774
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34775
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34773
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34030
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation of this vulnerability allow remote attackers to inject arbitrary web script or HT ...

oval:org.secpod.oval:def:34036
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation allows remote attackers to bypass the same origin policy and obtain sensitive ...

oval:org.secpod.oval:def:38110
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38109
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:38102
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:38103
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:602678
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.

oval:org.secpod.oval:def:703585
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703614
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:603207
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:603143
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.

oval:org.secpod.oval:def:113578
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:113501
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:703874
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:43223
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:1800369
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

oval:org.secpod.oval:def:703913
libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files.

oval:org.secpod.oval:def:114084
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114081
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114093
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:114092
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:1800458
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. ...

oval:org.secpod.oval:def:1800162
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:603214
Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

oval:org.secpod.oval:def:1800665
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800354
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800776
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:36985
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:36975
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:602619
Multiple vulnerabilities were discovered in the dissectors for H.225, Catapult DCT2000, UMTS FP and IPMI, which could result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:36983
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36982
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:36973
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36972
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:603195
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.

oval:org.secpod.oval:def:113785
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:113786
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:114110
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:603296
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ...

oval:org.secpod.oval:def:704003
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:114228
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:603167
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

oval:org.secpod.oval:def:114245
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:114255
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:1800148
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:703910
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:603205
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:114106
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:114102
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:1800465
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:602087
It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection .

oval:org.secpod.oval:def:601852
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthen ...

oval:org.secpod.oval:def:108164
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:107977
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:107987
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress-4.0.1/README.fedora

oval:org.secpod.oval:def:602258
The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5622 The robustness of the ...

oval:org.secpod.oval:def:602263
Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ...

oval:org.secpod.oval:def:602199
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your ...

oval:org.secpod.oval:def:602189
Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been im ...

oval:org.secpod.oval:def:602186
The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem.

oval:org.secpod.oval:def:602427
Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. The oldstable distribution will be updated in a separate DSA.

oval:org.secpod.oval:def:1800383
x86: inconsistent cachability flags on guest mappings. Multiple mappings of the same physical page with different cachability setting can cause problems. While one category affects only guests themselves , the other category being Machine Check exceptions can be fatal to entire hosts.

oval:org.secpod.oval:def:703258
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:110343
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:602482
Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector if i ...

oval:org.secpod.oval:def:36988
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:602480
Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads and unre ...

oval:org.secpod.oval:def:602532
Marcin "Icewall" Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitra ...

oval:org.secpod.oval:def:703226
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602707
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.

oval:org.secpod.oval:def:39003
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:38789
The host is missing a security update according to Apple advisory, APPLE-SA-2017-01-23-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:602864
Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:703526
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:112363
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:703618
jbig2dec: JBIG2 decoder library Several security issues were fixed in jbig2dec.

oval:org.secpod.oval:def:112423
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:112256
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:602827
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition.

oval:org.secpod.oval:def:112227
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1800766
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ...

oval:org.secpod.oval:def:703577
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:703533
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:603354
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:603327
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603356
Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.

oval:org.secpod.oval:def:1800564
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800558
CVE-2017-7867: Heap-buffer overflow in utext_setNativeIndex function

oval:org.secpod.oval:def:1800609
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800337
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ...

oval:org.secpod.oval:def:1800505
CVE-2016-5419: TLS session resumption client cert bypass. Fixed In Version: curl 7.50.1 CVE-2016-5420: Re-using connection with wrong client cert. Fixed In Version: curl 7.50.1 CVE-2016-5421: Use of connection struct after free. Fixed In Version: curl 7.50.1

oval:org.secpod.oval:def:1800637
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba uses the real path system call to ensure when a client requests access to a pathname that it ...

oval:org.secpod.oval:def:1800264
CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ...

oval:org.secpod.oval:def:1800374
Incorrect SASL authentication in the CharybdisIRC server may lead to users impersonating other users. Fixed In Version: 3.5.3.

oval:org.secpod.oval:def:1800407
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800496
It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead.

oval:org.secpod.oval:def:603351
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ...

oval:org.secpod.oval:def:45196
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:601999
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

oval:org.secpod.oval:def:1502146
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:110885
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110874
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110869
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:704051
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:111576
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ...

oval:org.secpod.oval:def:111570
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ...

oval:org.secpod.oval:def:501999
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:703802
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:602648
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ...

oval:org.secpod.oval:def:1501866
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602096
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ...

oval:org.secpod.oval:def:602115
The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ...

oval:org.secpod.oval:def:703640
puppet: Centralized configuration management Several security issues were fixed in Puppet.

oval:org.secpod.oval:def:602575
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, secur ...

oval:org.secpod.oval:def:1800464
A heap overflow in collectd"s network plugin which can be triggered remotely and is potentially exploitable. Fixed In Version: collectd 5.5.2, collectd 5.4.3

oval:org.secpod.oval:def:602713
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based sh ...

oval:org.secpod.oval:def:1600711
Escape out of git-shellA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command laun ...

oval:org.secpod.oval:def:113491
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:1800681
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1800488
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1600848
Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely

oval:org.secpod.oval:def:603267
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:114047
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:114046
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:703980
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1800474
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.

oval:org.secpod.oval:def:43639
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:602469
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.

oval:org.secpod.oval:def:602380
Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ...

oval:org.secpod.oval:def:1800748
A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output, can trivially predict the following 20 bytes. Fixed In Version: libgcrypt 1.7.3, libgcrypt 1.6.6, libgcrypt 1.5.6, gnupg 1.4.21

oval:org.secpod.oval:def:602593
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for ...

oval:org.secpod.oval:def:602592
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ...

oval:org.secpod.oval:def:703240
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers.

oval:org.secpod.oval:def:703238
gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers.

oval:org.secpod.oval:def:602683
Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

oval:org.secpod.oval:def:602682
Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecure ...

oval:org.secpod.oval:def:501952
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:602715
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can ...

oval:org.secpod.oval:def:703456
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:501969
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ...

oval:org.secpod.oval:def:602166
It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

oval:org.secpod.oval:def:1800913
CVE-2016-10195: dns remote stack over read vulnerability; Fixed in libevent 2.1.6

oval:org.secpod.oval:def:602775
Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution.

oval:org.secpod.oval:def:1800361
CVE-2016-10195: dns remote stack overread vulnerability. Fixed in libevent 2.1.6

oval:org.secpod.oval:def:703516
libevent: Asynchronous event notification library Several security issues were fixed in libevent.

oval:org.secpod.oval:def:1502070
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1800581
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:603183
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:1600822
Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ...

oval:org.secpod.oval:def:113525
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:703891
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:502200
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:113679
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1800460
CVE-2017-14746: Use-after-free vulnerability. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1800466
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:108574
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ...

oval:org.secpod.oval:def:108705
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ...

oval:org.secpod.oval:def:602177
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the ...

oval:org.secpod.oval:def:113435
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1502044
Several security issues were fixed in wget.

oval:org.secpod.oval:def:603140
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.

oval:org.secpod.oval:def:113524
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1600796
Heap-based buffer overflow in HTTP protocol handlingA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ...

oval:org.secpod.oval:def:703872
wget: retrieves files from the web Several security issues were fixed in Wget.

oval:org.secpod.oval:def:113393
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:703918
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:603348
It was discovered that a race condition in beep allows local privilege escalation.

oval:org.secpod.oval:def:602739
Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vu ...

oval:org.secpod.oval:def:111946
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins.

oval:org.secpod.oval:def:111945
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins.

oval:org.secpod.oval:def:602760
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

oval:org.secpod.oval:def:703446
ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to load kernel modules as an administrator.

oval:org.secpod.oval:def:1502141
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114313
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114310
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:114477
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:45091
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:45092
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:603362
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:114296
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114298
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:44840
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle bounds checking. Successful exploitation leads to integer overflow.

oval:org.secpod.oval:def:1800914
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0

oval:org.secpod.oval:def:113957
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1600843
Out-of-bounds read in code handling HTTP/2 trailers:libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTT ...

oval:org.secpod.oval:def:1600831
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service or possibly have unspecified other impact via vectors involving long user and password fields. The FTP wildcard function in curl and libcurl before 7.57.0 allows remot ...

oval:org.secpod.oval:def:1800178
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:113962
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1800161
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read. Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:603139
Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.

oval:org.secpod.oval:def:603189
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ...

oval:org.secpod.oval:def:703912
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:43626
The host is installed with Apple Mac OS X 10.13.2 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:1600808
IMAP FETCH response out of bounds read:A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application

oval:org.secpod.oval:def:113611
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1800697
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read; Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:603251
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:703862
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1800208
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions libcurl 7.36.0 to and including 7.56.1 Not affected versions libcurl = 7.57.0

oval:org.secpod.oval:def:43228
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:1800705
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read¶ Affected versions:¶ libcurl 7.49.0 to and including 7.57.0 Not affected versions:¶ libcurl = 7.58.0

oval:org.secpod.oval:def:114544
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1700004
HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response ...

oval:org.secpod.oval:def:113718
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1800391
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions:¶ libcurl 7.20.0 to and including 7.56.0 Not aff ...

oval:org.secpod.oval:def:1800794
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:1800316
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read Affected versions libcurl 7.49.0 to and including 7.57.0 Not affected versions libcurl = 7.58.0

oval:org.secpod.oval:def:1800848
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions libcurl 7.20.0 to and including 7.56.0 Not affected v ...

oval:org.secpod.oval:def:113387
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1800813
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0

oval:org.secpod.oval:def:113749
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114006
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:114011
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:113993
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:113980
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:603258
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ...

oval:org.secpod.oval:def:45297
The host is installed with 7 zip before 18.0 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted ZIP archive. Successful exploitation could allow remote attackers to crash the service.

oval:org.secpod.oval:def:1600721
Unsafe YAML deserialization:Versions of Puppet prior to 4.10.1 will deserialize data off the wire with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire ...

oval:org.secpod.oval:def:602901
It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way t ...

oval:org.secpod.oval:def:112428
Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ...

oval:org.secpod.oval:def:602209
It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.

oval:org.secpod.oval:def:109880
With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking ...

oval:org.secpod.oval:def:109855
With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking ...

oval:org.secpod.oval:def:114326
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:45313
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2001 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the se ...

oval:org.secpod.oval:def:45314
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:603372
Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:603040
Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies.

oval:org.secpod.oval:def:114552
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:41754
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:703743
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:112979
The xfreerdp Remote Desktop Protocol client from the FreeRDP project. xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:112990
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:112963
The xfreerdp Remote Desktop Protocol client from the FreeRDP project. xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:112965
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:603033
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side.

oval:org.secpod.oval:def:502281
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:1700023
Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c:rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacke ...

oval:org.secpod.oval:def:704030
librelp: Reliable Event Logging Protocol library librelp could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:603330
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ...

oval:org.secpod.oval:def:114252
Librelp is an easy to use library for the RELP protocol. RELP is a general-purpose, extensible logging protocol.

oval:org.secpod.oval:def:114250
Librelp is an easy to use library for the RELP protocol. RELP is a general-purpose, extensible logging protocol.

oval:org.secpod.oval:def:1502188
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502187
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602829
Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file is opened.

oval:org.secpod.oval:def:45861
The host is installed with Artifex Ghostscript before 9.21 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly decode halftone segments in a JBIG2 image. Successful exploitation could allow attackers to trigger a segmentation faul ...

oval:org.secpod.oval:def:111956
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:111948
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:45875
The host is installed with Ghostscript 9.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted postscript file. Successful exploitation could allow attackers to read data via a crafted postscript file.

oval:org.secpod.oval:def:602111
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602109
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602124
The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional ...

oval:org.secpod.oval:def:602468
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ...

oval:org.secpod.oval:def:34035
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation allows remote attackers to spoof the address bar.

oval:org.secpod.oval:def:34029
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted data. Successful exploitation allow an attacker to execute arbitrary code in t ...

oval:org.secpod.oval:def:34032
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 data in a PDF document. Successful exploitation of this vulnerability allow remote attackers to obtain sensitiv ...

oval:org.secpod.oval:def:34762
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34755
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34777
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34771
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34767
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34768
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34766
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:602520
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ...

oval:org.secpod.oval:def:602479
Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an ...

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:34663
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:114362
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:1800939
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800945
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions 2.4.1 to 2.4.29 Fixed in Apache 2.4.30

oval:org.secpod.oval:def:1800946
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800950
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1600879
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ...

oval:org.secpod.oval:def:704065
apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:704052
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:603350
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:114244
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:114319
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:114242
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:603147
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:703328
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1800397
CVE-2016-7440: mariadb 5.5.53, mariadb 10.1.19 CVE-2016-5584: mariadb 5.5.53, mariadb 10.1.19 Reference:

oval:org.secpod.oval:def:602667
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

oval:org.secpod.oval:def:602662
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:702725
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:26405
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602088
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ...

oval:org.secpod.oval:def:703172
xmlrpc-c: Lightweight RPC library based on XML and HTTP Several security issues were fixed in XML-RPC for C and C++.

oval:org.secpod.oval:def:602606
It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Upd ...

oval:org.secpod.oval:def:602596
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources. Affected applications need to be rebuild. bogofilter will be rebuild against ...

oval:org.secpod.oval:def:703098
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:502019
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:40422
The host is installed with LibreOffice before 5.1.6002 or 5.2.x before 5.2.2002 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle embedded object. Successful exploitation could allow remote attackers to expose details of the envir ...

oval:org.secpod.oval:def:602784
Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information.

oval:org.secpod.oval:def:703487
libreoffice: Office productivity suite LibreOffice could be made to disclose files if it opened a specially crafted file.

oval:org.secpod.oval:def:1501833
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501838
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:42585
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:703385
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file.

oval:org.secpod.oval:def:1600492
It was found that the ghostscript functions getenv, file name for all and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie ...

oval:org.secpod.oval:def:111458
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:111465
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:501955
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:602643
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed.

oval:org.secpod.oval:def:1501720
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:1501721
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:43011
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43014
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:603375
It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.

oval:org.secpod.oval:def:38111
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:38101
The host is installed with Wireshark 2.0.x before 2.0.7 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38104
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:38108
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:1800642
CVE-2017-17083: NetBIOS dissector crash¶ Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:36986
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36984
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:36976
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36974
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:43222
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43221
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43220
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:113856
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:43029
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43028
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43027
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP Safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:1800441
CVE-2017-17083: NetBIOS dissector crash Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:603336
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002

oval:org.secpod.oval:def:114600
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:114363
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:114364
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1600893
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

oval:org.secpod.oval:def:114432
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:603395
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ...

oval:org.secpod.oval:def:1800982
CVE-2018-1000178: A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

oval:org.secpod.oval:def:603385
Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the "quasselcore" service after upgrading the Quassel packages.

oval:org.secpod.oval:def:113043
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:113044
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1800103
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:703752
libsoup2.4: HTTP client/server library for GNOME Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic.

oval:org.secpod.oval:def:113078
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:113083
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1800201
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:1800406
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:603049
Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ...

oval:org.secpod.oval:def:1800434
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:114365
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:114402
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:1502213
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603310
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:1800916
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options" values are then used in Vim"s scripts to build a command string that"s evaluated by : ...

oval:org.secpod.oval:def:602680
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

oval:org.secpod.oval:def:703368
vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703329
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:38800
The host is installed with Apple Mac OS X or Server 10.12.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle certain modeline options. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:602646
It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.

oval:org.secpod.oval:def:1600851
Mishandling of client certificates can allow for OCSP check bypass:When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the ...

oval:org.secpod.oval:def:603275
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ...

oval:org.secpod.oval:def:114553
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:114529
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:114528
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:603409
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ...

oval:org.secpod.oval:def:602327
David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ...

oval:org.secpod.oval:def:602353
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47

oval:org.secpod.oval:def:602384
Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ...

oval:org.secpod.oval:def:37854
The host is missing a security update according to Apple advisory, APPLE-SA-2016-10-27-1. The update is required to fix multiple arbitrary code execution vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to caus ...

oval:org.secpod.oval:def:602639
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data ...

oval:org.secpod.oval:def:43822
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:33739
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:602438
Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ...

oval:org.secpod.oval:def:1800429
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a ...

oval:org.secpod.oval:def:602365
Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.

oval:org.secpod.oval:def:602351
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/

oval:org.secpod.oval:def:602488
It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened.

oval:org.secpod.oval:def:34037
The host is installed with Google Chrome before 50.0.2661.75 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allow attackers to cause a denial service or possibly have other impact.

oval:org.secpod.oval:def:34033
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (invalid read operation).

oval:org.secpod.oval:def:34034
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation of this vulnerability allows remote attackers to cause a denial of service (use-after ...

oval:org.secpod.oval:def:34031
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JavaScript code that triggers an out-of-bounds write operation. Successful exploitation of this vulnerability allow remot ...

oval:org.secpod.oval:def:34611
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:110577
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:110542
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:602497
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ...

oval:org.secpod.oval:def:502000
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:37844
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:34399
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code. Successful exploitation allows remote attackers to cause a denial of service (buffer overflow) or poss ...

oval:org.secpod.oval:def:602539
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more i ...

oval:org.secpod.oval:def:110483
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:1600762
Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.Integer overflow in hcreate and hcreate_rAn integer overflow ...

oval:org.secpod.oval:def:602376
Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries , ...

oval:org.secpod.oval:def:602373
Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lo ...

oval:org.secpod.oval:def:400783
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ...

oval:org.secpod.oval:def:703131
glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library.

oval:org.secpod.oval:def:703136
glibc: GNU C Library - eglibc: GNU C Library Details: USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-201 ...

oval:org.secpod.oval:def:1501806
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:400632
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ...

oval:org.secpod.oval:def:502002
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:34764
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bound vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34761
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34760
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34758
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34759
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34754
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34776
The host is installed with Google Chrome before 51.0.2704.63 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34772
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based buffer-overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34770
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34769
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:602541
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library.

oval:org.secpod.oval:def:34666
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34667
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34664
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34665
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34662
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34660
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34661
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34290
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:602524
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:36314
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:33674
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a malicious crafted XML. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:33634
The host is installed with Apple Safari before 9.1 and is prone to a memory corruption vulnerability. A flaw is present in the libxml2, which fails to properly handle a crafted XML file. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:602546
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ...

oval:org.secpod.oval:def:602531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ...

oval:org.secpod.oval:def:1800125
Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. Fixed In: libreoffice 5.1.4, libreoffice 5.2.0

oval:org.secpod.oval:def:602547
Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

oval:org.secpod.oval:def:36105
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:36104
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602557
Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library , or potentially to execute arbitrary code with the privi ...

oval:org.secpod.oval:def:602558
Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service , overwrite files, information disclosure, or potentially to execute arbit ...

oval:org.secpod.oval:def:602589
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:1800990
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1800998
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1801002
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1801006
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:114554
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:603393
Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed. The oldstable distribution is not affected.

oval:org.secpod.oval:def:1801007
CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2.

oval:org.secpod.oval:def:603379
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:603371
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:703816
emacs24: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703813
emacs25: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1800584
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ...

oval:org.secpod.oval:def:113169
K-3D is a complete 3D modeling, animation and rendering system. K-3D features a robust, object oriented plugin architecture, designed to scale to the needs of professional artists. It is designed from the ground up to generate motion picture quality animation using RenderMan compliant render engines ...

oval:org.secpod.oval:def:113613
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows.

oval:org.secpod.oval:def:1600787
Command injection flaw within "enriched mode" handling:A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary ...

oval:org.secpod.oval:def:113196
pfstools is a set of command line programs for reading, writing, manipulating and viewing high-dynamic range images and video frames. All programs in the package exchange data using unix pipes and a simple generic HDR image format . The concept of the pfstools is similar to netpbm package for low-d ...

oval:org.secpod.oval:def:113198
Synfig is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening, preve ...

oval:org.secpod.oval:def:113192
Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced applications, ...

oval:org.secpod.oval:def:113194
Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need fo ...

oval:org.secpod.oval:def:113190
A command line tool for generating timing diagrams from ASCII input files. The input files use a structured language to represent signal state transitions and interdependencies. Raster image output support is provided by ImageMagick. It can be used for VHDL or verilog presentations.

oval:org.secpod.oval:def:113185
Window Maker is an X11 window manager designed to give additional integration support to the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP GUI. It is fast, feature rich, easy to configure, and easy to use. In addition, Window Maker works ...

oval:org.secpod.oval:def:113182
RMagick is an interface between Ruby and ImageMagick.

oval:org.secpod.oval:def:113180
KXStitch can be used to create cross stitch patterns from scratch. It is also possible to convert existing images to a cross stitch pattern or scan one with a Sane supported scanner.

oval:org.secpod.oval:def:113234
Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of arrays. For example, you can add components to array elements, merge separate arrays into combined arrays ...

oval:org.secpod.oval:def:113235
Converseen is a batch image conversion tool and resizer written in C++ with Qt5 and Magick++. Converseen allows you to convert images in more than 100 different formats!

oval:org.secpod.oval:def:113231
ImageInfo computes and displays selected image attributes. It is similar in function to the ImageMagick "identify" utility, but provides a few additional attributes , and allows command line selection of the attributes to be computed, avoiding unnecessary computation and and allowing easie ...

oval:org.secpod.oval:def:113226
A port of the Really Slick Screensavers to GLX. Provides several visually impressive and graphically intensive screensavers. Note that this package contains only the display hacks themselves; you will need to install the appropriate subpackage for your desktop environment in order to use them as scr ...

oval:org.secpod.oval:def:113228
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows.

oval:org.secpod.oval:def:113229
imagick is a native php extension to create and modify images using the ImageMagick API.

oval:org.secpod.oval:def:113224
Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series metad ...

oval:org.secpod.oval:def:113244
VIPS is an image processing library. It is good for very large images , and for working with color. This package should be installed if you want to use a program compiled against VIPS.

oval:org.secpod.oval:def:113240
Techne is a general purpose, programmable physical simulator and renderer. It reads in a set of scripts wherein every aspect of a physical system is specified and then proceeds to simulate and render the system onscreen.

oval:org.secpod.oval:def:113242
Perl module to aide in locating a sub-image within an image.

oval:org.secpod.oval:def:113219
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work i ...

oval:org.secpod.oval:def:113215
A conversion utility for the Psion files

oval:org.secpod.oval:def:113216
AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others.

oval:org.secpod.oval:def:113218
Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many advance ...

oval:org.secpod.oval:def:113213
RipRight is a minimal CD ripper modeled on autorip. It can run as a daemon and will automatically start ripping any CD found in the drive after which the disc will be ejected. Ripping is always to FLAC lossless audio format with tags taken from the community-maintained MusicBrainz lookup service and ...

oval:org.secpod.oval:def:1800827
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ...

oval:org.secpod.oval:def:114304
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114274
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114273
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:703141
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:34930
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602529
Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. ...

oval:org.secpod.oval:def:501720
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:502319
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:113977
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:1800289
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service. Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:603278
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:1800667
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:1800399
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:703974
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:1800865
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service¶ Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering ce ...

oval:org.secpod.oval:def:45214
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server : Security : Privileges. Successful exploitation allows attackers to affect Availability ...

oval:org.secpod.oval:def:703800
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703801
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502030
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:1502256
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603413
It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ...

oval:org.secpod.oval:def:110422
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:110559
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:602467
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" i ...

oval:org.secpod.oval:def:501995
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:1600702
A remote code execution flaw was found in Samba. A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Sa ...

oval:org.secpod.oval:def:603389
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ...

oval:org.secpod.oval:def:1800661
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:1800653
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:602907
It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.

oval:org.secpod.oval:def:1800859
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:112445
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ...

oval:org.secpod.oval:def:112441
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ...

oval:org.secpod.oval:def:1700054
Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.Curl version cu ...

oval:org.secpod.oval:def:704079
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:114538
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:603399
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

oval:org.secpod.oval:def:45660
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:1800928
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800930
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800931
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800947
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions curl 7.12.3 to and including curl 7.58.0 Not affected versions curl = 7.59.0

oval:org.secpod.oval:def:1600871
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:1700024
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:704012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:603309
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:114167
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114152
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1600357
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:111284
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:111287
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1600439
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long.

oval:org.secpod.oval:def:703196
tomcat8: Servlet and JSP engine Tomcat could be made to hang if it received specially crafted network traffic.

oval:org.secpod.oval:def:703188
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:602553
The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ...

oval:org.secpod.oval:def:602549
The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ...

oval:org.secpod.oval:def:703323
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703321
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703320
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703325
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703316
linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703315
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703314
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703319
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703318
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703317
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:39517
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted identifiers. Successful exploitation could allows context-dependent attackers to cause a denial of service (CPU consumpt ...

oval:org.secpod.oval:def:39506
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted identifiers in an XML document. Successful exploitation allows attackers to cause a denial of service (CPU consumption).

oval:org.secpod.oval:def:43012
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:43056
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an out-of-bounds read vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue, which existed in X.509 IPAddressFamily parsing. Successful exploitation all ...

oval:org.secpod.oval:def:703803
apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1502033
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603112
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

oval:org.secpod.oval:def:113556
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:1600776
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. ...

oval:org.secpod.oval:def:113262
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:43037
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation could allow attackers to obtain sensitive information that ...

oval:org.secpod.oval:def:1501600
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:602436
Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.

oval:org.secpod.oval:def:1600343
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:1600351
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:33125
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65 or 8.x before 8.0.27 and is prone to a directory traversal vulnerability. A flaw is present in RequestUtil.java, which fails to handle a /.. (slash dot dot) in a pathname used by a web application in a getResource, getReso ...

oval:org.secpod.oval:def:602093
Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:602142
Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:400782
This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ...

oval:org.secpod.oval:def:1600336
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600384
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:602545
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

oval:org.secpod.oval:def:400638
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent dire ...

oval:org.secpod.oval:def:1501655
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:35820
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:35819
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:114623
Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation.

oval:org.secpod.oval:def:114622
Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation.

oval:org.secpod.oval:def:603415
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

oval:org.secpod.oval:def:1800993
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800995
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800999
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:114754
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114750
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:1600894
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:114590
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:114589
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:1700048
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:46090
The host is installed with Apple Mac OS X 10.13.2 or later and is prone to an arbitary code execution vulnerability. A flaw is present in the application, which fails to handle crafted files. Successful exploitation could allow an attacker to cause arbitrary code execution.

oval:org.secpod.oval:def:603412
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

oval:org.secpod.oval:def:704107
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:1800943
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800949
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800951
CVE-2018-7490: uwsgi before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Fixed In Version:¶ uwsgi 2.0.17

oval:org.secpod.oval:def:1800923
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:114826
uWSGI is a fast , self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the uwsgi pr ...

oval:org.secpod.oval:def:114824
uWSGI is a fast , self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the uwsgi pr ...

oval:org.secpod.oval:def:603316
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ...

oval:org.secpod.oval:def:602530
Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.

oval:org.secpod.oval:def:1800393
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted QuickTime IMA file.

oval:org.secpod.oval:def:1700060
An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service via a large QEMU reply.An industry-wide issue was found in the way many modern micr ...

oval:org.secpod.oval:def:1502240
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502241
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704118
libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt.

oval:org.secpod.oval:def:704032
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:603337
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:114263
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:114262
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:114224
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:114223
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:44771
The host is installed with OpenSSL 1.1.0 before 1.1.0h or OpenSSL 1.0.2b before 1.0.2n or MySQL Server prior to 5.6.40, 5.7.22 or 8.0.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful expl ...

oval:org.secpod.oval:def:1502232
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114550
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:1700050
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run ...

oval:org.secpod.oval:def:1502237
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114539
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:502311
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:204048
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:204096
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501671
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501673
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501674
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501686
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:1501687
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:38056
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large amounts of incoming data. Successful exploitation allows remote attacke ...

oval:org.secpod.oval:def:38054
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle argument length checking in JavaScript. Successful exploitation allows remote ...

oval:org.secpod.oval:def:38052
The host is installed with Mozilla Firefox before 50.0 or Firefox ESR before 45.5 and is prone to an arbitrary local file write vulnerability. A flaw is present in the applications, which fail to handle Updater's log file in the working directory points to a hardlink. Successful exploitation allows ...

oval:org.secpod.oval:def:38051
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a heap-buffer-overflow vulnerability. A flaw is present in the applications, which fail to properly process SVG content. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:38059
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a memory corruption vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:38057
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle local HTML file and saved shortcut file. Successful exploitation allo ...

oval:org.secpod.oval:def:112585
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:112591
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:602951
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ...

oval:org.secpod.oval:def:112829
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:38070
The host is installed with Mozilla Firefox before 50.0 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow.

oval:org.secpod.oval:def:38090
The host is installed with Mozilla Firefox before 50.0 or Apple Mac OS 10.8 before 10.13 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow.

oval:org.secpod.oval:def:41711
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.

oval:org.secpod.oval:def:39139
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read ...

oval:org.secpod.oval:def:38439
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to determine whether an atom is used by another compartment/zone in specific contexts. ...

oval:org.secpod.oval:def:38434
The host is installed with Mozilla Firefox before 50.1, Firefox ESR before 45.6 or Mozilla Thunderbird before 45.6 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle a vector constructor with a varying array within libGLES. Success ...

oval:org.secpod.oval:def:42262
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ...

oval:org.secpod.oval:def:39143
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effo ...

oval:org.secpod.oval:def:42783
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ...

oval:org.secpod.oval:def:41699
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, ...

oval:org.secpod.oval:def:704113
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114752
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:1600900
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ...

oval:org.secpod.oval:def:1801011
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1801014
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1801009
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1502272
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502273
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502334
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:114639
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:114669
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:114666
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as describe ...

oval:org.secpod.oval:def:114660
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as describe ...

oval:org.secpod.oval:def:114662
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future.

oval:org.secpod.oval:def:114657
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future.

oval:org.secpod.oval:def:704124
gnupg2: GNU privacy guard - a free PGP replacement Details: USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory GnuPG 2 could be made to present validi ...

oval:org.secpod.oval:def:603424
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603423
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603420
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:704111
gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG.

oval:org.secpod.oval:def:603442
Several vulnerabilites have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.

oval:org.secpod.oval:def:42214
The host is missing a security update according to Apple advisory, APPLE-SA-2017-09-25-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:1501759
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501761
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204104
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:38830
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.

oval:org.secpod.oval:def:38825
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's ...

oval:org.secpod.oval:def:38827
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.

oval:org.secpod.oval:def:38829
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.

oval:org.secpod.oval:def:38822
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that ...

oval:org.secpod.oval:def:38823
Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird before 45.x before 45.7 :- JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

oval:org.secpod.oval:def:38871
The host is missing a critical security update according to Mozilla advisory, MFSA2017-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:38874
The host is missing a critical security update according to Mozilla advisory, MFSA2017-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:703826
nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:603127
Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, re ...

oval:org.secpod.oval:def:42261
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current b ...

oval:org.secpod.oval:def:42781
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations.

oval:org.secpod.oval:def:1600790
Potential use-after-free in TLS 1.2 server when verifying client authentication:A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, poten ...

oval:org.secpod.oval:def:41702
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41701
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41706
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41705
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.

oval:org.secpod.oval:def:41704
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.

oval:org.secpod.oval:def:41703
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41709
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41708
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.

oval:org.secpod.oval:def:41707
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41713
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.

oval:org.secpod.oval:def:41710
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur ...

oval:org.secpod.oval:def:703794
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:41828
The host is missing a critical security update according to Mozilla advisory, MFSA2017-20. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41080
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ...

oval:org.secpod.oval:def:41081
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41084
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ...

oval:org.secpod.oval:def:41085
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.

oval:org.secpod.oval:def:41082
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41083
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.

oval:org.secpod.oval:def:41090
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.

oval:org.secpod.oval:def:41100
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia ...

oval:org.secpod.oval:def:41698
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.

oval:org.secpod.oval:def:603094
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:43588
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43593
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ...

oval:org.secpod.oval:def:43592
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43591
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ...

oval:org.secpod.oval:def:43590
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43597
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:43596
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43595
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43594
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:45488
Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

oval:org.secpod.oval:def:45489
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable b ...

oval:org.secpod.oval:def:45490
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could co ...

oval:org.secpod.oval:def:45492
Mozilla Firefox ESR or Thunderbird before 52.8 :A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur.

oval:org.secpod.oval:def:45493
Mozilla Firefox ESR or Thunderbird before 52.8 : Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations.

oval:org.secpod.oval:def:44700
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.

oval:org.secpod.oval:def:44701
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:45669
Mozilla Thunderbird before 52.8 : Using remote content in encrypted messages can lead to the disclosure of plaintext.

oval:org.secpod.oval:def:45675
Mozilla Thunderbird before 52.8 : Using remote content in encrypted messages can lead to the disclosure of plaintext.

oval:org.secpod.oval:def:44697
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:41727
The host is missing a critical security update according to Mozilla advisory, MFSA2017-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41827
The host is missing a critical security update according to Mozilla advisory, MFSA2017-20. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:1502074
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502075
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502077
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502080
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603174
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

oval:org.secpod.oval:def:42263
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ...

oval:org.secpod.oval:def:42796
The host is missing a critical security update according to Mozilla advisory, MFSA2017-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42795
The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:703916
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703907
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ...

oval:org.secpod.oval:def:42782
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.

oval:org.secpod.oval:def:603208
It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

oval:org.secpod.oval:def:603209
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:703888
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:42836
The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1800476
CVE-2017-7826: Memory safety bugs CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API Fixed In:¶ Firefox ESR 52.5

oval:org.secpod.oval:def:43032
The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ...

oval:org.secpod.oval:def:43030
Mozilla Firefox before 57.0.1 and Mozilla Firefox ESR before 52.5.2 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persi ...

oval:org.secpod.oval:def:43035
The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ...

oval:org.secpod.oval:def:43033
Mozilla Firefox before 57.0.1 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mo ...

oval:org.secpod.oval:def:39135
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

oval:org.secpod.oval:def:602813
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service.

oval:org.secpod.oval:def:39163
The host is missing a critical security update according to Mozilla advisory, MFSA2017-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:39140
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.

oval:org.secpod.oval:def:39141
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.

oval:org.secpod.oval:def:39142
Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before before 45.8 :- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.

oval:org.secpod.oval:def:602856
Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed bac ...

oval:org.secpod.oval:def:204456
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204465
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:39191
The host is missing a critical security update according to Mozilla advisory, MFSA2017-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:1501792
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501793
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501796
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501794
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501799
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:43359
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body.

oval:org.secpod.oval:def:43357
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted CSS. Successful exploitation could allow attackers to leak and reveal local path strings, which may contain user n ...

oval:org.secpod.oval:def:43356
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a javascript execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute JavaScript in the parsed RSS feed.

oval:org.secpod.oval:def:703535
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703502
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:43351
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a javascript execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute JavaScript in the parsed RSS feed.

oval:org.secpod.oval:def:43354
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body.

oval:org.secpod.oval:def:43352
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted CSS. Successful exploitation could allow attackers to leak and reveal local path strings, which may contain user n ...

oval:org.secpod.oval:def:43598
Mozilla Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:45486
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:45485
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : Mozilla developers and community members Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, and Jason Kratzer reported memory safety bugs present in Firefox and Firefox ESR. Som ...

oval:org.secpod.oval:def:45491
Mozilla Firefox ESR before 52.8 or Thunderbird before 52.8: A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43779
The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43778
The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1502130
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502131
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:44695
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:40055
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in F ...

oval:org.secpod.oval:def:40058
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:40059
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as ...

oval:org.secpod.oval:def:40056
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:40057
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.

oval:org.secpod.oval:def:40063
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. ...

oval:org.secpod.oval:def:40068
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.

oval:org.secpod.oval:def:40073
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:40077
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash.

oval:org.secpod.oval:def:40078
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then ...

oval:org.secpod.oval:def:40080
Mozilla Firefox before 53.0, Thunderbird before 52.1 and Firefox ESR before 45.9 or 52.x before 52.1 :- A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a po ...

oval:org.secpod.oval:def:40076
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over.

oval:org.secpod.oval:def:1600872
Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk function allows denial of service:An error in the "_sctp_make_chunk" function when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. Mishandling mutex with ...

oval:org.secpod.oval:def:114124
The kernel meta package

oval:org.secpod.oval:def:704090
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments Several security issues were addressed in the Linux kernel.

oval:org.secpod.oval:def:704089
linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704085
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were addressed in the Linux kernel.

oval:org.secpod.oval:def:502317
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defi ...

oval:org.secpod.oval:def:703357
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:41088
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41087
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.

oval:org.secpod.oval:def:114823
A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground up ...

oval:org.secpod.oval:def:114814
A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground up ...

oval:org.secpod.oval:def:704198
rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync.

oval:org.secpod.oval:def:704196
transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code.

oval:org.secpod.oval:def:704197
gimp: The GNU Image Manipulation Program Several security issues were fixed in GIMP.

oval:org.secpod.oval:def:704177
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704233
sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:704171
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPackXXX-APP-XXX.

oval:org.secpod.oval:def:704216
wget: retrieves files from the web Wget could be made to inject arbitrary cookie values.

oval:org.secpod.oval:def:704199
xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:704222
batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML.

oval:org.secpod.oval:def:704181
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:1700066
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ...

oval:org.secpod.oval:def:603452
This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising could result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:703399
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:602696
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information leaks.

oval:org.secpod.oval:def:204056
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204061
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1800382
CVE-2016-9893: Memory safety bugs CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9900: Restricted e ...

oval:org.secpod.oval:def:38444
The host is missing a critical security update according to Mozilla advisory, MFSA2016-94. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:38445
The host is missing a critical security update according to Mozilla advisory, MFSA2016-95. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38430
The host is missing a critical security update according to Mozilla advisory, MFSA2016-94. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1501701
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501706
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501703
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501717
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1600864
Vorbis audio processing out of bounds write:An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code

oval:org.secpod.oval:def:43589
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43673
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43619
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43620
The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:603248
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:603255
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:502250
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502258
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:502259
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:502261
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:1700015
Vorbis audio processing out of bounds write :An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code

oval:org.secpod.oval:def:704031
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704034
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704024
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704009
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:603317
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603312
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603313
Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603335
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603333
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.

oval:org.secpod.oval:def:44694
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44696
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:114165
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis.

oval:org.secpod.oval:def:703982
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:114186
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis.

oval:org.secpod.oval:def:703965
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:44734
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44713
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44712
The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1502181
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704128
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:1502149
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502151
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502152
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502153
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502159
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502162
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502160
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502166
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502179
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:44769
The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44766
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44767
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:44774
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44770
The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44775
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:38137
The host is missing a critical security update according to Mozilla advisory, MFSA2016-93. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to execute remote code or caus ...

oval:org.secpod.oval:def:38133
The host is missing a critical security update according to Mozilla advisory, MFSA2016-93. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to execute remote code or caus ...

oval:org.secpod.oval:def:602692
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:703375
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:38613
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:703416
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:38074
The host is missing a critical security update according to Mozilla advisory, MFSA2016-90. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38073
The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38058
The host is installed with Mozilla Firefox before 50.0, Firefox ESR before 45.5 or Thunderbird 45.x before 45.5 and is prone to a unspecified vulnerability. A flaw is present in the applications, which is due to an existing mitigation of timing side-channel attacks is insufficient in some circumstan ...

oval:org.secpod.oval:def:602673
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism ...

oval:org.secpod.oval:def:38093
The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:602734
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy.

oval:org.secpod.oval:def:38600
The host is missing a critical security update according to Mozilla advisory, MFSA2016-96. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38601
The host is missing a critical security update according to Mozilla advisory, MFSA2016-96. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:703439
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:38443
The host is installed with Mozilla Firefox ESR before 45.6 or Thunderbird before 45.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle add or remove of sub-documents. Successful exploitation allows remote attackers to crash the s ...

oval:org.secpod.oval:def:502022
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:602753
Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.

oval:org.secpod.oval:def:204090
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:39161
The host is missing a critical security update according to Mozilla advisory, MFSA2017-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:39162
The host is missing a critical security update according to Mozilla advisory, MFSA2017-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:204440
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:703459
firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ...

oval:org.secpod.oval:def:703440
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1800216
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP CVE-2017-5376: Use-after-free in XSL CVE-2017-5378: Pointer and frame data leakage of Javascript objects CVE-2017-5380: Potential use-after-free durin ...

oval:org.secpod.oval:def:39189
The host is missing a critical security update according to Mozilla advisory, MFSA2017-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1800704
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP CVE-2017-5376: Use-after-free in XSL CVE-2017-5378: Pointer and frame data leakage of Javascript objects CVE-2017-5380: Potential use-after-free durin ...

oval:org.secpod.oval:def:1501749
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501750
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501751
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:38843
The host is missing a critical security update according to Mozilla advisory, MFSA2017-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:38844
The host is missing a critical security update according to Mozilla advisory, MFSA2017-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:38828
Mozilla Firefox before 51.0 or Mozilla Firefox ESR before 45.7 :- WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.

oval:org.secpod.oval:def:38869
The host is missing a critical security update according to Mozilla advisory, MFSA2017-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1501845
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501852
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501850
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501843
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703825
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:41752
The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41714
Mozilla Firefox before 55.0 or Firefox ESR before 52.3 :- The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor ...

oval:org.secpod.oval:def:41726
The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:1502035
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502036
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603119
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ...

oval:org.secpod.oval:def:42267
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ...

oval:org.secpod.oval:def:603148
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:42277
The host is missing a critical security update according to Mozilla advisory, MFSA2017-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42276
The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42295
The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43141
The host is missing a critical security update according to Mozilla advisory, MFSA2017-28. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to bypass security.

oval:org.secpod.oval:def:703762
ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55.

oval:org.secpod.oval:def:703765
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1800541
CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7779: Memory safety bugs CVE-2017-7784: Use-after-free with image observers CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2 ...

oval:org.secpod.oval:def:1800537
CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generat ...

oval:org.secpod.oval:def:42260
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:42266
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ...

oval:org.secpod.oval:def:42265
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42264
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:603225
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses.

oval:org.secpod.oval:def:703855
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:42422
The host is missing a critical security update according to Mozilla advisory, MFSA2017-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42421
The host is missing a critical security update according to Mozilla advisory, MFSA2017-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43358
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject new lines into the created email structure.

oval:org.secpod.oval:def:43360
The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:1800363
CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data Fixed In Version:¶ Firefox ESR 52.5.2

oval:org.secpod.oval:def:703970
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:43355
The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:43353
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject new lines into the created email structure.

oval:org.secpod.oval:def:1800886
CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7779: Memory safety bugs CVE-2017-7784: Use-after-free with image observers CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2 ...

oval:org.secpod.oval:def:1502100
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502101
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603043
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ...

oval:org.secpod.oval:def:1800557
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800719
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800390
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800364
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800469
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:109335
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ...

oval:org.secpod.oval:def:109321
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ...

oval:org.secpod.oval:def:602133
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code.

oval:org.secpod.oval:def:1801021
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801019
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:114663
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:114655
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:704129
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information.

oval:org.secpod.oval:def:603433
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

oval:org.secpod.oval:def:603437
Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.

oval:org.secpod.oval:def:112606
Graphite2 is a project within SILs Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With respe ...

oval:org.secpod.oval:def:1800108
CVE-2017-5470: Memory safety bugs CVE-2017-5472: Use-after-free using destroyed node when regenerating trees CVE-2017-7749: Use-after-free during docshell reloading CVE-2017-7750: Use-after-free with track elements CVE-2017-7751: Use-after-free with content viewer listeners CVE-2017-7752: Use-after- ...

oval:org.secpod.oval:def:703773
graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font.

oval:org.secpod.oval:def:1501895
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501896
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501933
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:41089
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ...

oval:org.secpod.oval:def:41094
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing ...

oval:org.secpod.oval:def:1501904
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501905
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:41103
The host is missing a critical security update according to Mozilla advisory, MFSA2017-17. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41101
The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41102
The host is missing a critical security update according to Mozilla advisory, MFSA2017-16. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41129
The host is missing a critical security update according to Mozilla advisory, MFSA2017-17. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41127
The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:602935
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases ...

oval:org.secpod.oval:def:602958
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.

oval:org.secpod.oval:def:1800381
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. Reference:

oval:org.secpod.oval:def:1800881
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.

oval:org.secpod.oval:def:112505
Graphite2 is a project within SILs Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With respe ...

oval:org.secpod.oval:def:703693
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:603028
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases.

oval:org.secpod.oval:def:703656
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1501599
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:501881
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ...

oval:org.secpod.oval:def:1800980
CVE-2018-5150: Memory safety bugs CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF ...

oval:org.secpod.oval:def:45487
Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party ...

oval:org.secpod.oval:def:502293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:704095
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704071
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1502234
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502235
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700046
The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2 ...

oval:org.secpod.oval:def:603408
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:1502211
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502212
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603314
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.

oval:org.secpod.oval:def:45541
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:603394
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:502307
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:45512
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:45513
The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:45668
The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:45674
Mozilla Thunderbird before 52.8 : Plaintext of decrypted emails can leak through by user submitting an embedded form.

oval:org.secpod.oval:def:45676
Mozilla Thunderbird before 52.8 : Crafted message headers can cause a Thunderbird process to hang on receiving the message.

oval:org.secpod.oval:def:45670
Mozilla Thunderbird before 52.8 : Crafted message headers can cause a Thunderbird process to hang on receiving the message.

oval:org.secpod.oval:def:45671
Mozilla Thunderbird before 52.8 : Plaintext of decrypted emails can leak through the src attribute of remote images, or links.

oval:org.secpod.oval:def:45672
Mozilla Thunderbird before 52.8 : It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected.

oval:org.secpod.oval:def:45677
Mozilla Thunderbird before 52.8 : Plaintext of decrypted emails can leak through the src attribute of remote images, or links.

oval:org.secpod.oval:def:45678
Mozilla Thunderbird before 52.8 : Using remote content in encrypted messages can lead to the disclosure of plaintext.

oval:org.secpod.oval:def:45679
Mozilla Thunderbird before 52.8 : Plaintext of decrypted emails can leak through by user submitting an embedded form.

oval:org.secpod.oval:def:45680
The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42580
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:40419
The host is installed with LibreOffice before 5.1.6 or 5.2.x before 5.2.2 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle embedded object. Successful exploitation could allow remote attackers to expose details of the environment ...

oval:org.secpod.oval:def:33119
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the session-persistence implementation, which mishandles session attributes. Successful exploitation allows re ...

oval:org.secpod.oval:def:1502252
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704091
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:603404
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ...

oval:org.secpod.oval:def:114798
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:114801
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:603459
A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.

oval:org.secpod.oval:def:33120
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catal ...

oval:org.secpod.oval:def:33121
The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M3 and is prone to a security bypass vulnerability. A flaw is present in the setGlobalContext method, which does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized. Success ...

oval:org.secpod.oval:def:33122
The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the Manager and Host Manager applications, which establish sessions and send CSRF tokens for arbitrary new requests. Successful e ...

oval:org.secpod.oval:def:33123
The host is installed with Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to a session fixation vulnerability. A flaw is present in the session-persistence implementation, which fails to handle different session settings used for deployments of multiple versio ...

oval:org.secpod.oval:def:33124
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to an information disclosure vulnerability. A flaw is present in the Mapper component, which processes redirects before considering security constraints and Filters. S ...

oval:org.secpod.oval:def:35821
The host is installed with Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3 or 9.x before 9.0.0.M7 and is prone to a denial of service vulnerability. A flaw is present in the MultipartStream class in Apache Commons Fileupload, which fails to handle a long boundary string. Succe ...

oval:org.secpod.oval:def:602847
It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand to perform %variable expansion. Sending specially crafted %v ...

oval:org.secpod.oval:def:112324
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:112322
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:703562
dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:1600918
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security cl ...

oval:org.secpod.oval:def:114765
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ...

oval:org.secpod.oval:def:114771
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ...

oval:org.secpod.oval:def:704141
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704140
linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502269
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502267
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704114
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704115
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502061
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502067
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502065
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501968
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501970
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502026
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502021
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502016
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502017
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502008
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502011
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502029
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502009
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502006
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502007
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114328
The kernel meta package

oval:org.secpod.oval:def:114559
The kernel meta package

oval:org.secpod.oval:def:114572
The kernel meta package

oval:org.secpod.oval:def:114570
The kernel meta package

oval:org.secpod.oval:def:114549
The kernel meta package

oval:org.secpod.oval:def:114545
The kernel meta package

oval:org.secpod.oval:def:603384
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:1600896
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to w ...

oval:org.secpod.oval:def:1700051
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to w ...

oval:org.secpod.oval:def:114788
The kernel meta package

oval:org.secpod.oval:def:114783
The kernel meta package

oval:org.secpod.oval:def:114770
The kernel meta package

oval:org.secpod.oval:def:114725
The kernel meta package

oval:org.secpod.oval:def:114740
The kernel meta package

oval:org.secpod.oval:def:114734
The kernel meta package

oval:org.secpod.oval:def:114886
The kernel meta package

oval:org.secpod.oval:def:114881
The kernel meta package

oval:org.secpod.oval:def:114915
The kernel meta package

oval:org.secpod.oval:def:114905
The kernel meta package

oval:org.secpod.oval:def:114599
The kernel meta package

oval:org.secpod.oval:def:114593
The kernel meta package

oval:org.secpod.oval:def:114968
The kernel meta package

oval:org.secpod.oval:def:114971
The kernel meta package

oval:org.secpod.oval:def:115019
The kernel meta package

oval:org.secpod.oval:def:115020
The kernel meta package

oval:org.secpod.oval:def:114687
The kernel meta package

oval:org.secpod.oval:def:114699
The kernel meta package

oval:org.secpod.oval:def:114632
The kernel meta package

oval:org.secpod.oval:def:114668
The kernel meta package

oval:org.secpod.oval:def:114653
The kernel meta package

oval:org.secpod.oval:def:603390
An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.

oval:org.secpod.oval:def:603443
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.

oval:org.secpod.oval:def:114753
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:114748
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:704225
libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input.

oval:org.secpod.oval:def:603444
It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.

oval:org.secpod.oval:def:704155
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:1502013
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502014
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1800926
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Version Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800962
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800963
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800964
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:114138
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114134
An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases.

oval:org.secpod.oval:def:1502259
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603308
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:704008
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:114150
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:502318
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ...

oval:org.secpod.oval:def:502320
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ...

oval:org.secpod.oval:def:114990
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114988
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114796
Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2. The underlying technology is forked from Gnome Shell. The emphasis is put on making users feel at home and providing them with an easy to use and comfo ...

oval:org.secpod.oval:def:114762
Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2. The underlying technology is forked from Gnome Shell. The emphasis is put on making users feel at home and providing them with an easy to use and comfo ...

oval:org.secpod.oval:def:1501949
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501982
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501997
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501983
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501995
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501965
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501996
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501959
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501973
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501985
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114819
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114817
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114919
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114981
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114898
A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata ...

oval:org.secpod.oval:def:114916
A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata ...

oval:org.secpod.oval:def:603505
Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list. ...

oval:org.secpod.oval:def:47394
The host is installed with oracle fusion middleware mapViewer 12.2.1.2 or 12.2.1.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle the install (Apache Batik) component issue. Successful exploitation allows an attacker to gain acces ...

oval:org.secpod.oval:def:114809
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114787
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.

oval:org.secpod.oval:def:114864
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.

oval:org.secpod.oval:def:46457
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:704161
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:704238
clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We a ...

oval:org.secpod.oval:def:704164
clamav: Anti-virus utility for Unix ClamAV could be made to hang if it opened a specially crafted file.

oval:org.secpod.oval:def:603511
Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.

oval:org.secpod.oval:def:704246
bouncycastle: Java implementation of cryptographic algorithms Several security issues were fixed in Bouncy Castle.

oval:org.secpod.oval:def:110561
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:400709
xen was updated to fix 44 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm ima ...

oval:org.secpod.oval:def:110505
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:400737
xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ...

oval:org.secpod.oval:def:400672
qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ...

oval:org.secpod.oval:def:1800190
CVE-2016-4962, XSA-175: Unsanitised guest input in libxl device handling code. CVE-2016-4480, XSA-176: x86 software guest page walk PS bit handling flaw. CVE-2016-4963, XSA-178: Unsanitised driver domain input in libxl device handling. CVE-2016-3710 CVE-2016-3712, XSA-179: QEMU: Banked access to VGA ...

oval:org.secpod.oval:def:703876
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703875
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:1600794
stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel , an unauthenticated atta ...

oval:org.secpod.oval:def:44451
The host is installed with PostgreSQL 10.x before 10.1, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a memory disclosure vulnerability. The flaw present in the application fails to handle the json function call issue. Successful exploitation all ...

oval:org.secpod.oval:def:603166
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ...

oval:org.secpod.oval:def:603163
A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions.

oval:org.secpod.oval:def:1600811
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ...

oval:org.secpod.oval:def:1600812
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the inv ...

oval:org.secpod.oval:def:1800286
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:703885
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:43226
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:1800769
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:1800777
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:603383
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer . On a system with a driver using blk-mq , a local user might be able to us ...

oval:org.secpod.oval:def:703806
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703805
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:114768
Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many places ...

oval:org.secpod.oval:def:114772
Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many places ...

oval:org.secpod.oval:def:113157
The kernel meta package

oval:org.secpod.oval:def:703895
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:113249
The kernel meta package

oval:org.secpod.oval:def:703996
linux: Linux kernel Details: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It wa ...

oval:org.secpod.oval:def:115102
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:115071
The kernel meta package

oval:org.secpod.oval:def:115117
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1600930
The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an ...

oval:org.secpod.oval:def:1502323
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204242
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:24344
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:502322
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:204835
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:704336
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:1502306
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502307
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204852
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defi ...

oval:org.secpod.oval:def:704302
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502233
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502231
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502270
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502332
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defi ...

oval:org.secpod.oval:def:114642
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:603432
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ...

oval:org.secpod.oval:def:114816
The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files. Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings. Members can be added, removed, extracted, replaced, rearrange ...

oval:org.secpod.oval:def:114812
The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files. Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings. Members can be added, removed, extracted, replaced, rearrange ...

oval:org.secpod.oval:def:704173
libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:603526
It was discovered that Archive::Zip, a perl module for manipulation of ZIP archives, is prone to a directory traversal vulnerability. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite arbitrary files during archive extraction.

oval:org.secpod.oval:def:704204
perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.

oval:org.secpod.oval:def:1801090
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801091
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801087
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801089
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:114665
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compresse ...

oval:org.secpod.oval:def:114659
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compresse ...

oval:org.secpod.oval:def:603428
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

oval:org.secpod.oval:def:1600916
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service via a crafted JPEG file.exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free because it closes a stream that it ...

oval:org.secpod.oval:def:46722
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MMSE dissector issue. Successful exploitation allows attackers to cause an application cr ...

oval:org.secpod.oval:def:46733
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MMSE dissector issue. Successful exploitation allows attackers to cause an application cr ...

oval:org.secpod.oval:def:114876
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:114871
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:1801103
CVE-2018-14339: MMSE dissector infinite loop Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15 Fixed versions: 2.6.2, 2.4.8, 2.2.16

oval:org.secpod.oval:def:46726
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the ASN.1 BER dissector issue. Successful exploitation allows attackers to cause an applicati ...

oval:org.secpod.oval:def:46723
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the issues in dissectors that support zlib decompression. Successful exploitation allows atta ...

oval:org.secpod.oval:def:46725
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the BGP protocol dissector issue. Successful exploitation allows attackers to cause an applic ...

oval:org.secpod.oval:def:46724
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the DICOM dissector issue. Successful exploitation allows attackers to cause an application c ...

oval:org.secpod.oval:def:46737
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the ASN.1 BER dissector issue. Successful exploitation allows attackers to cause an applicati ...

oval:org.secpod.oval:def:46734
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the issues in dissectors that support zlib decompression. Successful exploitation allows atta ...

oval:org.secpod.oval:def:46736
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the BGP protocol dissector issue. Successful exploitation allows attackers to cause an applic ...

oval:org.secpod.oval:def:46735
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the DICOM dissector issue. Successful exploitation allows attackers to cause an application c ...

oval:org.secpod.oval:def:114862
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups o ...

oval:org.secpod.oval:def:114859
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups o ...

oval:org.secpod.oval:def:1801080
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801082
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801083
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801084
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:704326
mutt: text-based mailreader supporting MIME, GPG, PGP and threading Details: USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original a ...

oval:org.secpod.oval:def:204869
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:204868
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:1700075
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They ...

oval:org.secpod.oval:def:1502298
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502297
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502352
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:704178
mutt: text-based mailreader supporting MIME, GPG, PGP and threading Several security issues were fixed in Mutt.

oval:org.secpod.oval:def:603493
Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when connecting to a malicious mail/NNTP server.

oval:org.secpod.oval:def:46729
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the Bazaar protocol dissector issue. Successful exploitation allows attackers to cause an app ...

oval:org.secpod.oval:def:46730
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the HTTP2 dissector issue. Successful exploitation allows attackers to cause an application c ...

oval:org.secpod.oval:def:46741
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the HTTP2 dissector issue. Successful exploitation allows attackers to cause an application c ...

oval:org.secpod.oval:def:46740
The host is installed with Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7 or 2.2.0 to 2.2.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the Bazaar protocol dissector issue. Successful exploitation allows attackers to cause an app ...

oval:org.secpod.oval:def:1502319
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204879
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: race condition on reference counter leads to DoS using persistent search * 389- ...

oval:org.secpod.oval:def:502364
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: race condition on reference counter leads to DoS using persistent search * 389- ...

oval:org.secpod.oval:def:1700076
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c ...

oval:org.secpod.oval:def:1502294
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45188
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Confidentiality, Integr ...

oval:org.secpod.oval:def:45191
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:1600915
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ca ...

oval:org.secpod.oval:def:1600912
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can ...

oval:org.secpod.oval:def:45195
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Locking. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45203
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:114336
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114331
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1600889
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600887
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ...

oval:org.secpod.oval:def:1600890
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:114482
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114543
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:704063
mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704053
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:115097
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:115047
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:115041
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:603370
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes

oval:org.secpod.oval:def:115062
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114667
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:114705
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:45211
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:45213
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45215
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:204830
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: FPU state information leakage via lazy FPU restore For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:46333
The host is installed with Apple Mac OS 10.13.5, 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:46330
The host is installed with Apple Mac OS X 10.11.6, 10.12.6 or 10.13.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle issues in systems using Intel Core-based microprocessors. Successful exploitation allows a local process ...

oval:org.secpod.oval:def:1502247
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502248
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502246
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502249
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502250
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502251
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502266
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502268
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:46443
An attacker, via a local process, could cause information stored in FP (Floating Point), MMX, and SSE register state to be disclosed across security boundaries on Intel Core family CPUs through speculative execution. An attacker must be able to execute code locally on a system in order to exploit th ...

oval:org.secpod.oval:def:46442
The host is missing an important security update ADV180016

oval:org.secpod.oval:def:502313
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: FPU state information leakage via lazy FPU restore For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:704142
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704144
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704139
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603435
This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to https://xenbits.xen.org/xsa/adviso ...

oval:org.secpod.oval:def:1801005
A flaw was found in strongSwan VPN"s charon server prior to version 5.6.3. In stroke_socket.c, a missing packet length check could allow a integer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with local user credentials may ...

oval:org.secpod.oval:def:114595
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:114563
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:603479
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets ...

oval:org.secpod.oval:def:603273
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:603298
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth m ...

oval:org.secpod.oval:def:114183
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php [1] https://www.simplesamlphp.org/ ...

oval:org.secpod.oval:def:114182
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_1/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:114185
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_3/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:114184
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_1/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:114180
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php [1] https://www.simplesamlphp.org/ ...

oval:org.secpod.oval:def:114177
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_3/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:1800989
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:114789
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114727
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114729
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45388
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:1600892
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch ope ...

oval:org.secpod.oval:def:1801000
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:1801001
CVE-2018-8897, XSA-260: x86: mishandling of debug exceptions

oval:org.secpod.oval:def:1801004
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:114497
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114424
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45418
The host is missing an important security update for KB4103731

oval:org.secpod.oval:def:45419
The host is missing an important security update for KB4103730

oval:org.secpod.oval:def:45898
The host is installed with Apple Mac OS 10.13.4, 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory or ...

oval:org.secpod.oval:def:45416
The host is missing an important security update for KB4134651

oval:org.secpod.oval:def:45421
The host is missing an important security update 4103715

oval:org.secpod.oval:def:45422
The host is missing an important security update for KB4103716

oval:org.secpod.oval:def:45423
The host is missing an important security update for KB4103721

oval:org.secpod.oval:def:45435
The host is missing an important security update for KB4103723

oval:org.secpod.oval:def:45436
The host is missing an important security update for KB4103725

oval:org.secpod.oval:def:45437
The host is missing an important security update 4103726

oval:org.secpod.oval:def:45438
The host is missing an important security update for KB4103727

oval:org.secpod.oval:def:45440
The host is missing an important security update 4103712

oval:org.secpod.oval:def:114565
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114551
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45915
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle an undocumented instructions issue. Successful exploitation allows attackers to execute arbitrary code with ker ...

oval:org.secpod.oval:def:502286
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:1502222
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700044
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch ope ...

oval:org.secpod.oval:def:1502203
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502204
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502201
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502202
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502207
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502205
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502206
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45543
The host is missing an important security update 4103718

oval:org.secpod.oval:def:603398
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ...

oval:org.secpod.oval:def:603396
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ...

oval:org.secpod.oval:def:115038
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:115029
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114614
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:602757
Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in liblcms2-2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applicati ...

oval:org.secpod.oval:def:704322
lcms2: Little CMS color management library Several security issues were fixed in Little CMS.

oval:org.secpod.oval:def:1800226
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch:

oval:org.secpod.oval:def:42454
The host is installed with Oracle Java SE through 7u151, 8u144 or 9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Little CMS 2). Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:1800773
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch Reference

oval:org.secpod.oval:def:1800877
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch: Reference:

oval:org.secpod.oval:def:111200
This module provides simple ways to query and possibly load any of the modules you have installed on your system during run-time.

oval:org.secpod.oval:def:111239
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:36409
The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

oval:org.secpod.oval:def:1800747
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:1800302
CVE-2016-1238: loading of modules from current directory Fixed In Version: perl 5.22.3, perl 5.24.1

oval:org.secpod.oval:def:111189
This module provides simple ways to query and possibly load any of the modules you have installed on your system during run-time.

oval:org.secpod.oval:def:602570
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many ...

oval:org.secpod.oval:def:1800087
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:1800471
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:115126
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system t ...

oval:org.secpod.oval:def:115157
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system t ...

oval:org.secpod.oval:def:603532
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

oval:org.secpod.oval:def:114976
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:42550
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:113015
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:113007
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1600760
Server: Charsets unspecified vulnerability Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via ...

oval:org.secpod.oval:def:703710
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:603031
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:41376
The host is installed with Oracle MySQL Server through 5.5.56, 5.6.36 or 5.7.18 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Charsets. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:41380
The host is installed with Oracle MySQL Server through 5.5.56, 5.6.36 or 5.7.18 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Confidentiality and Integrity.

oval:org.secpod.oval:def:1600768
Server: Charsets unspecified vulnerability :Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via ...

oval:org.secpod.oval:def:113486
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:113480
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:603154
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603153
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:1800554
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read. If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m, ...

oval:org.secpod.oval:def:113571
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:43224
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:603338
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:42497
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to overflow the heap and crash the service.

oval:org.secpod.oval:def:42561
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42530
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42531
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:113669
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:42543
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds write vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42542
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds write vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42549
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42548
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42567
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds write vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42566
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42570
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42503
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to execute arbitrary code.

oval:org.secpod.oval:def:42502
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to execute arbitrary code.

oval:org.secpod.oval:def:42506
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42541
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42540
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:113859
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:603157
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ...

oval:org.secpod.oval:def:113714
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113704
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113701
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:42545
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42544
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42568
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42504
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:40402
The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40407
The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40091
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40092
The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40093
The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40130
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:602854
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

oval:org.secpod.oval:def:602916
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure.

oval:org.secpod.oval:def:1800751
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP CVE-2017-5401: Memory Corruption when handling ErrorResult CVE-2017-5402: Use-after-free working with events in FontFace objects CVE-2017-5404: Use-after-free working with ranges in selections CVE-2017-5407: Pixel and history stealing via floati ...

oval:org.secpod.oval:def:703594
firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ...

oval:org.secpod.oval:def:703569
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1800455
Mozilla Network Security Services before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect base64 operations.

oval:org.secpod.oval:def:703609
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:113010
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113002
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113412
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:603137
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:603177
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

oval:org.secpod.oval:def:113561
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113994
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113995
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:603388
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.

oval:org.secpod.oval:def:112960
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:114837
Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ...

oval:org.secpod.oval:def:1801111
CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel. Affected Versions:¶ All versions of Mbed TLS from version 1.2 upwards, including all 2.1, 2.7 and later releases. Fixed In Version:¶ Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later ...

oval:org.secpod.oval:def:603517
Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

oval:org.secpod.oval:def:603453
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.

oval:org.secpod.oval:def:704299
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704298
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114842
This package contains software for integrating VPN capabilities with the vpnc server with NetworkManager.

oval:org.secpod.oval:def:114838
This package contains software for integrating VPN capabilities with the vpnc server with NetworkManager.

oval:org.secpod.oval:def:1801098
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:1801100
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:1801101
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:1801102
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:704300
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704301
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603463
Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with p ...

oval:org.secpod.oval:def:603470
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the "user_allow_other" restriction when SELinux is active . A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the "allow_other" mou ...

oval:org.secpod.oval:def:1600913
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service via a crafted JPEG file.An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Ov ...

oval:org.secpod.oval:def:704247
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:704249
clamav: Anti-virus utility for Unix Details: USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:47530
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:114924
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:704318
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:603476
Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when "enable-http-clone=1" is not turned off.

oval:org.secpod.oval:def:603473
Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.

oval:org.secpod.oval:def:114352
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114354
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:1800991
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Rem ...

oval:org.secpod.oval:def:114348
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114433
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114468
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:603374
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004

oval:org.secpod.oval:def:602776
Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the main_channel_alloc_msg_rcv_buf ...

oval:org.secpod.oval:def:703476
spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1501754
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501758
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204106
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:111999
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:111988
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:501974
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:703808
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1800905
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed In: samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:1502015
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502023
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502024
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502039
Several security issues were fixed in httpd.

oval:org.secpod.oval:def:603114
Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ...

oval:org.secpod.oval:def:502139
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:113589
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:502140
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ...

oval:org.secpod.oval:def:502141
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ...

oval:org.secpod.oval:def:502156
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:1600789
Server memory information leak over SMB1:An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be c ...

oval:org.secpod.oval:def:113296
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:113256
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:204560
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ...

oval:org.secpod.oval:def:204558
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ...

oval:org.secpod.oval:def:204559
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:1502253
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1800303
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions samba 3.0.25 to 4.6.7 Fixed in samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:1800860
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions:¶ samba 3.0.25 to 4.6.7 Fixed in:¶ samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:1800862
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed in: samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:502012
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ...

oval:org.secpod.oval:def:112104
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program.

oval:org.secpod.oval:def:1502005
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602779
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing ...

oval:org.secpod.oval:def:602780
Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap ...

oval:org.secpod.oval:def:1502063
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502083
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502084
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502059
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502115
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ...

oval:org.secpod.oval:def:1800545
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XMLentities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version pidgin 2.12.0

oval:org.secpod.oval:def:39116
The host installed with kernel package on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle clearing of SELinux attributes. Successful exploitation could allow attackers to empty (null) write to /proc/pid/attr file that can crash th ...

oval:org.secpod.oval:def:602812
It was discovered a vulnerability in Pidgin, a multi-protocol instant messaging client. A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side.

oval:org.secpod.oval:def:204475
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed t ...

oval:org.secpod.oval:def:204474
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ...

oval:org.secpod.oval:def:703584
shadow: system login tools su could be made to crash or stop programs as an administrator.

oval:org.secpod.oval:def:1501816
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:1501823
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501832
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600694
Sending SIGKILL to other processes with root privileges via su:A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

oval:org.secpod.oval:def:1501835
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703522
pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703711
linux-hwe: Linux hardware enablement kernel - linux-meta-hwe: Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1800857
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XML entities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version: pidgin 2.12.0

oval:org.secpod.oval:def:112080
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program.

oval:org.secpod.oval:def:40397
The host is installed with Pidgin before 2.12.0 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle a invalid xml. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:204666
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ...

oval:org.secpod.oval:def:204659
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:1800451
CVE-2016-6252: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

oval:org.secpod.oval:def:1800486
libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ...

oval:org.secpod.oval:def:502006
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:114358
The kernel meta package

oval:org.secpod.oval:def:1800920
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:704272
- gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information.

oval:org.secpod.oval:def:112559
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:112621
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:1800171
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:1502042
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:1502043
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:603111
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:1800542
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ...

oval:org.secpod.oval:def:1800562
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Refer ...

oval:org.secpod.oval:def:113108
The kernel meta package

oval:org.secpod.oval:def:502159
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel"s IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary ...

oval:org.secpod.oval:def:1600783
A buffer overflow was discovered in tpacket_rcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kerne ...

oval:org.secpod.oval:def:114569
The kernel meta package

oval:org.secpod.oval:def:602975
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ...

oval:org.secpod.oval:def:204579
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel"s IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary ...

oval:org.secpod.oval:def:41167
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:1800802
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:703690
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:114282
The kernel meta package

oval:org.secpod.oval:def:603087
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024.

oval:org.secpod.oval:def:47604
strongswan: IPsec VPN solution Several security issues were fixed in strongSwan.

oval:org.secpod.oval:def:115165
The kernel meta package

oval:org.secpod.oval:def:115162
The kernel meta package

oval:org.secpod.oval:def:115129
The kernel meta package

oval:org.secpod.oval:def:115124
The kernel meta package

oval:org.secpod.oval:def:1502082
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502053
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502056
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502058
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501938
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501940
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501947
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501966
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703671
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703670
linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703660
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703664
linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703663
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703661
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703668
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703667
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703666
linux-gke: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703665
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703669
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703658
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1801170
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ...

oval:org.secpod.oval:def:1801163
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ...

oval:org.secpod.oval:def:603482
Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the build_res_buf_from_sip_req function could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:114309
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:112633
The kernel meta package

oval:org.secpod.oval:def:1502095
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502045
Several security issues were fixed in Linux Kernel and dtrace-modules.

oval:org.secpod.oval:def:1502047
Several security issues were fixed in Linux Kernel.

oval:org.secpod.oval:def:1502048
Several security issues were fixed in Linux Kernel and dtrace-modules.

oval:org.secpod.oval:def:204748
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow vulnerability in ip6_find_1stfragopt function was found. A local attacker that has privileges to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt functi ...

oval:org.secpod.oval:def:703781
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ...

oval:org.secpod.oval:def:703783
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:112659
The kernel meta package

oval:org.secpod.oval:def:112712
The kernel meta package

oval:org.secpod.oval:def:502230
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow vulnerability in ip6_find_1stfragopt function was found. A local attacker that has privileges to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt functi ...

oval:org.secpod.oval:def:703873
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703877
linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703879
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703878
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502258
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:46150
The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2o and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a key agreement issue in a TLS handshake using a DH(E) based ciphersuite. Successful exploit ...

oval:org.secpod.oval:def:704134
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:115169
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:115123
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:603531
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

oval:org.secpod.oval:def:1600877
DOS via regular expression catastrophic backtracking in apop method in pop3libA flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. DOS via regular expression backtracking in diff ...

oval:org.secpod.oval:def:114974
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:114269
The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language.

oval:org.secpod.oval:def:114264
The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language.

oval:org.secpod.oval:def:114260
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".

oval:org.secpod.oval:def:114271
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:114270
It uses mostly the same techniques for finding packages, so packages that were made easy_installable should be pip-installable as well.

oval:org.secpod.oval:def:114272
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readibility. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ...

oval:org.secpod.oval:def:47283
The host is installed with 7-zip before 18.0 and is prone to multiple memory corruption vulnerabilities. A flaw is present in the application, which fails to handle a crafted RAR archive. Successful exploitation could allow remote attackers to crash the service.

oval:org.secpod.oval:def:1600920
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600929
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600927
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:47236
postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:204871
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ...

oval:org.secpod.oval:def:1700079
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:114969
PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ...

oval:org.secpod.oval:def:114956
PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ...

oval:org.secpod.oval:def:47262
The host is installed with PostgreSQL 10.x before 10.5, 9.6.x before 9.6.10, 9.5.x before 9.5.14, 9.4.x before 9.4.19, and 9.3.x before 9.3.24 and is prone to a security bypass vulnerability. The flaw present in the application's libpq component where it fails to properly reset its internal state be ...

oval:org.secpod.oval:def:1502299
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502353
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ...

oval:org.secpod.oval:def:603484
Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. CVE-2018-10925 It was discovered that some "CREATE TABLE" statements could disclose server memory. For add ...

oval:org.secpod.oval:def:1600906
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:1600909
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:603500
Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.

oval:org.secpod.oval:def:704166
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:112189
This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats.

oval:org.secpod.oval:def:112182
This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats.

oval:org.secpod.oval:def:502031
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:602749
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:602771
Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed.

oval:org.secpod.oval:def:111727
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard . * JP2

oval:org.secpod.oval:def:111722
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard . * JP2

oval:org.secpod.oval:def:1501855
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501853
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204498
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:204496
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:204468
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:1600714
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code. Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. Aspecially crafted file could cause an a ...

oval:org.secpod.oval:def:111835
MinGW Windows openjpeg2 library.

oval:org.secpod.oval:def:111834
MinGW Windows openjpeg2 library.

oval:org.secpod.oval:def:1501801
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:38489
The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:502008
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:703615
jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer.

oval:org.secpod.oval:def:1502089
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502088
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502057
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502055
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703741
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703740
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ...

oval:org.secpod.oval:def:703739
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703738
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703737
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502220
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502215
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502217
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502137
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502138
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502136
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502177
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502178
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603038
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioc ...

oval:org.secpod.oval:def:603061
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially escal ...

oval:org.secpod.oval:def:46447
cups: Common UNIX Printing System Several security issues were fixed in CUPS.

oval:org.secpod.oval:def:704156
cups: Common UNIX Printing System Several security issues were fixed in CUPS.

oval:org.secpod.oval:def:603450
Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System. These issues have been identified with the following CVE ids: CVE-2017-15400 Rory McNamara discovered that an attacker is able to execute arbitrary commands by setting a malicious IPP server with a crafted PPD file. C ...

oval:org.secpod.oval:def:115217
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:115212
The kernel meta package

oval:org.secpod.oval:def:115202
The kernel meta package

oval:org.secpod.oval:def:603545
Three vulnerabilities were discovered in the Open Ticket Request System which could result in privilege escalation or denial of service.

CVE    1057
CVE-2016-9119
CVE-2016-3674
CVE-2016-5322
CVE-2016-5315
...
*CPE
cpe:/o:debian:debian_linux:8.0

© SecPod Technologies