[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:24535
The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ...

oval:org.secpod.oval:def:39515
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving use of the srand function. Successful exploitation could allow context-dependent attackers to defeat cryptograph ...

oval:org.secpod.oval:def:35695
The host is installed with VideoLAN vlc media player before 2.2.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a QuickTime IMA file. Successful exploitation could allow remote attackers to cause a denial of service (crash) or possibly e ...

oval:org.secpod.oval:def:39517
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted identifiers. Successful exploitation could allows context-dependent attackers to cause a denial of service (CPU consumpt ...

oval:org.secpod.oval:def:602186
The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem.

oval:org.secpod.oval:def:601852
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthen ...

oval:org.secpod.oval:def:602199
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your ...

oval:org.secpod.oval:def:603147
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:602606
It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Upd ...

oval:org.secpod.oval:def:602090
Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash.

oval:org.secpod.oval:def:602142
Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:603085
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:602258
The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5622 The robustness of the ...

oval:org.secpod.oval:def:602320
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ...

oval:org.secpod.oval:def:602547
Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

oval:org.secpod.oval:def:703328
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602088
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ...

oval:org.secpod.oval:def:602093
Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:702725
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602482
Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector if i ...

oval:org.secpod.oval:def:602607
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.

oval:org.secpod.oval:def:602596
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources. Affected applications need to be rebuild. bogofilter will be rebuild against ...

oval:org.secpod.oval:def:602480
Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads and unre ...

oval:org.secpod.oval:def:602560
It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin"s add/change related popup.

oval:org.secpod.oval:def:703258
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:36988
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:602530
Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.

oval:org.secpod.oval:def:26405
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602586
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using cra ...

oval:org.secpod.oval:def:602575
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, secur ...

oval:org.secpod.oval:def:703211
python-django: High-level Python web development framework A security issue was fixed in Django.

oval:org.secpod.oval:def:602379
Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.

oval:org.secpod.oval:def:703241
fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:602263
Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ...

oval:org.secpod.oval:def:602485
Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in ...

oval:org.secpod.oval:def:602662
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:602531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ...

oval:org.secpod.oval:def:602706
It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.

oval:org.secpod.oval:def:602166
It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

oval:org.secpod.oval:def:602327
David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ...

oval:org.secpod.oval:def:602589
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:602427
Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. The oldstable distribution will be updated in a separate DSA.

oval:org.secpod.oval:def:602087
It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection .

oval:org.secpod.oval:def:602189
Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been im ...

oval:org.secpod.oval:def:603143
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.

oval:org.secpod.oval:def:703814
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:38512
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:603163
A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions.

oval:org.secpod.oval:def:602494
Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki"s use of imagemagick in the img plugin.

oval:org.secpod.oval:def:1600811
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ...

oval:org.secpod.oval:def:602541
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library.

oval:org.secpod.oval:def:602384
Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ...

oval:org.secpod.oval:def:602380
Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ...

oval:org.secpod.oval:def:603039
Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ...

oval:org.secpod.oval:def:603164
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:43226
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:703874
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:602707
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.

oval:org.secpod.oval:def:43225
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:113435
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:603140
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.

oval:org.secpod.oval:def:703872
wget: retrieves files from the web Several security issues were fixed in Wget.

oval:org.secpod.oval:def:113393
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:204698
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HT ...

oval:org.secpod.oval:def:602353
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47

oval:org.secpod.oval:def:34942
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:39003
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:602715
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can ...

oval:org.secpod.oval:def:703456
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:602757
Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in liblcms2-2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applicati ...

oval:org.secpod.oval:def:602775
Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution.

oval:org.secpod.oval:def:703516
libevent: Asynchronous event notification library Several security issues were fixed in libevent.

oval:org.secpod.oval:def:33674
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a malicious crafted XML. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:33646
The host is missing a security update according to Apple advisory, APPLE-SA-2016-03-21-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:33634
The host is installed with Apple Safari before 9.1 and is prone to a memory corruption vulnerability. A flaw is present in the libxml2, which fails to properly handle a crafted XML file. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:34662
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34663
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:34660
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34661
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34666
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34667
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34664
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34665
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:602351
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/

oval:org.secpod.oval:def:602438
Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ...

oval:org.secpod.oval:def:34611
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602539
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more i ...

oval:org.secpod.oval:def:602479
Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an ...

oval:org.secpod.oval:def:602497
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ...

oval:org.secpod.oval:def:602554
Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to ...

oval:org.secpod.oval:def:703383
c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname.

oval:org.secpod.oval:def:602633
Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution.

oval:org.secpod.oval:def:703321
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703320
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703325
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703319
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703318
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703317
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:602578
Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS ...

oval:org.secpod.oval:def:36755
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:38510
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:703223
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:602588
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan ...

oval:org.secpod.oval:def:703239
postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:38511
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:602667
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

oval:org.secpod.oval:def:36104
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:36105
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602557
Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library , or potentially to execute arbitrary code with the privi ...

oval:org.secpod.oval:def:602569
Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application ...

oval:org.secpod.oval:def:703226
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602593
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for ...

oval:org.secpod.oval:def:602592
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ...

oval:org.secpod.oval:def:703240
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers.

oval:org.secpod.oval:def:703238
gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers.

oval:org.secpod.oval:def:602648
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ...

oval:org.secpod.oval:def:602683
Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

oval:org.secpod.oval:def:602682
Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecure ...

oval:org.secpod.oval:def:602784
Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information.

oval:org.secpod.oval:def:703487
libreoffice: Office productivity suite LibreOffice could be made to disclose files if it opened a specially crafted file.

oval:org.secpod.oval:def:40418
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:40417
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:43223
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:602873
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

oval:org.secpod.oval:def:703599
git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:602529
Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. ...

oval:org.secpod.oval:def:33739
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703141
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:34930
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:601999
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

oval:org.secpod.oval:def:702519
tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:602111
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602109
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602124
The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional ...

oval:org.secpod.oval:def:24344
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:602365
Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.

oval:org.secpod.oval:def:602488
It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened.

oval:org.secpod.oval:def:113501
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:35553
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35551
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35552
The host is missing a critical security update according to Mozilla advisory, MFSA2016-50. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35550
The host is missing an important security update according to Mozilla advisory, MFSA2016-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35548
The host is missing an important security update according to Mozilla advisory, MFSA2016-52. The update is required to fix an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the tru ...

oval:org.secpod.oval:def:35549
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the true site URL, allowing ...

oval:org.secpod.oval:def:35540
The host is missing an important security update according to Mozilla advisory, MFSA2016-56. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially ...

oval:org.secpod.oval:def:35541
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially exploitable crash w ...

oval:org.secpod.oval:def:35537
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate permissions, spoofing a ...

oval:org.secpod.oval:def:35536
The host is missing an important security update according to Mozilla advisory, MFSA2016-58. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate per ...

oval:org.secpod.oval:def:703913
libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files.

oval:org.secpod.oval:def:603166
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ...

oval:org.secpod.oval:def:603190
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:113735
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:113578
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:113524
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:113645
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:113751
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:703526
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703385
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file.

oval:org.secpod.oval:def:602643
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed.

oval:org.secpod.oval:def:602853
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution ...

oval:org.secpod.oval:def:703583
icu: International Components for Unicode library Several security issues were fixed in ICU.

oval:org.secpod.oval:def:602864
Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:703585
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703614
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:602096
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ...

oval:org.secpod.oval:def:602115
The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ...

oval:org.secpod.oval:def:602376
Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries , ...

oval:org.secpod.oval:def:602373
Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lo ...

oval:org.secpod.oval:def:602639
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data ...

oval:org.secpod.oval:def:603238
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

oval:org.secpod.oval:def:501719
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:501720
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:501776
The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ...

oval:org.secpod.oval:def:501798
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:501815
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:501821
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501846
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501886
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501890
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ...

oval:org.secpod.oval:def:501893
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501904
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s ...

oval:org.secpod.oval:def:501918
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:501924
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ...

oval:org.secpod.oval:def:501931
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ...

oval:org.secpod.oval:def:501952
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:501954
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:501955
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:501957
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX ...

oval:org.secpod.oval:def:501958
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:501969
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ...

oval:org.secpod.oval:def:501970
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ...

oval:org.secpod.oval:def:502000
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:502002
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:502014
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502019
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502083
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump . Security Fix: * Mu ...

oval:org.secpod.oval:def:502084
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:502110
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:502187
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HT ...

oval:org.secpod.oval:def:35555
The host is installed with Mozilla Firefox before 47.0, Mozilla Thunderbird 8.x before 48.2 or Firefox ESR 48.x before 48.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:35554
The host is missing a critical security update according to Mozilla advisory, MFSA2016-49. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:40099
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixe ...

oval:org.secpod.oval:def:35568
The host is installed with RHEL 7 and is prone to an out of bounds read vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:39506
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted identifiers in an XML document. Successful exploitation allows attackers to cause a denial of service (CPU consumption).

oval:org.secpod.oval:def:39504
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle vectors involving use of the srand function. Successful exploitation allows attackers to defeat cryptographic protection mechanisms.

oval:org.secpod.oval:def:703800
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703801
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:502135
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:502137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:603233
Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

oval:org.secpod.oval:def:113941
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113954
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:113917
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113907
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:113943
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:603162
Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.

oval:org.secpod.oval:def:703880
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:603186
Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603171
Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes.

oval:org.secpod.oval:def:113576
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113609
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113607
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:603167
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

oval:org.secpod.oval:def:603214
Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

oval:org.secpod.oval:def:703910
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:603205
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:603176
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603175
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603216
Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603215
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system.

oval:org.secpod.oval:def:603218
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ...

oval:org.secpod.oval:def:603160
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

oval:org.secpod.oval:def:703314
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703315
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703316
linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703323
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703805
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:703806
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1600832
Transmission relies on X-Transmission-Session-Id for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack

oval:org.secpod.oval:def:603132
Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

oval:org.secpod.oval:def:703861
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:703710
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:603031
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:603237
Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/se ...

oval:org.secpod.oval:def:603184
Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.

oval:org.secpod.oval:def:602546
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ...

oval:org.secpod.oval:def:39507
The host is missing a critical security update according to Apple advisory, APPLE-SA-2017-03-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:39508
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-22-2. The update is required to fix multiple vulnerabilities in Apple iTunes. The flaws are present in SQLite and expat which fails to handle vectors related to iTunes, crafted xml files. Successful exploitation coul ...

oval:org.secpod.oval:def:703172
xmlrpc-c: Lightweight RPC library based on XML and HTTP Several security issues were fixed in XML-RPC for C and C++.

oval:org.secpod.oval:def:37854
The host is missing a security update according to Apple advisory, APPLE-SA-2016-10-27-1. The update is required to fix multiple arbitrary code execution vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to caus ...

oval:org.secpod.oval:def:37844
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:602520
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ...

oval:org.secpod.oval:def:603157
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ...

oval:org.secpod.oval:def:113669
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:113714
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113704
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113701
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113859
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:603265
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ...

oval:org.secpod.oval:def:1600840
Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ...

oval:org.secpod.oval:def:44095
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:603272
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:703986
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:603296
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ...

oval:org.secpod.oval:def:704003
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:703988
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:113957
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1600843
Out-of-bounds read in code handling HTTP/2 trailers:libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTT ...

oval:org.secpod.oval:def:113962
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:603251
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:1700004
HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response ...

oval:org.secpod.oval:def:502237
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:204707
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:603139
Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.

oval:org.secpod.oval:def:502197
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:1600808
IMAP FETCH response out of bounds read:A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application

oval:org.secpod.oval:def:113611
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:703862
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:113387
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1600831
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service or possibly have unspecified other impact via vectors involving long user and password fields. The FTP wildcard function in curl and libcurl before 7.57.0 allows remot ...

oval:org.secpod.oval:def:603189
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ...

oval:org.secpod.oval:def:703912
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:43626
The host is installed with Apple Mac OS X 10.13.2 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:43228
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:113718
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113749
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114081
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114102
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:114106
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:114084
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114092
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:114077
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114082
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114093
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:204760
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:603316
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ...

oval:org.secpod.oval:def:602177
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the ...

oval:org.secpod.oval:def:34398
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34399
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code. Successful exploitation allows remote attackers to cause a denial of service (buffer overflow) or poss ...

oval:org.secpod.oval:def:34397
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34763
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a CSP bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34764
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bound vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34761
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34762
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34760
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34758
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34759
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34756
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34757
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34754
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34755
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34753
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34776
The host is installed with Google Chrome before 51.0.2704.63 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34774
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34775
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34772
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based buffer-overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34773
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34770
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34771
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34769
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34767
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34768
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34766
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42550
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34777
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:602468
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ...

oval:org.secpod.oval:def:34030
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation of this vulnerability allow remote attackers to inject arbitrary web script or HT ...

oval:org.secpod.oval:def:34037
The host is installed with Google Chrome before 50.0.2661.75 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allow attackers to cause a denial service or possibly have other impact.

oval:org.secpod.oval:def:34035
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation allows remote attackers to spoof the address bar.

oval:org.secpod.oval:def:34036
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation allows remote attackers to bypass the same origin policy and obtain sensitive ...

oval:org.secpod.oval:def:34033
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (invalid read operation).

oval:org.secpod.oval:def:34034
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation of this vulnerability allows remote attackers to cause a denial of service (use-after ...

oval:org.secpod.oval:def:34031
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JavaScript code that triggers an out-of-bounds write operation. Successful exploitation of this vulnerability allow remot ...

oval:org.secpod.oval:def:34032
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 data in a PDF document. Successful exploitation of this vulnerability allow remote attackers to obtain sensitiv ...

oval:org.secpod.oval:def:34029
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted data. Successful exploitation allow an attacker to execute arbitrary code in t ...

oval:org.secpod.oval:def:1800848
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions libcurl 7.20.0 to and including 7.56.0 Not affected v ...

oval:org.secpod.oval:def:1800208
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions libcurl 7.36.0 to and including 7.56.1 Not affected versions libcurl = 7.57.0

oval:org.secpod.oval:def:1800316
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read Affected versions libcurl 7.49.0 to and including 7.57.0 Not affected versions libcurl = 7.58.0

oval:org.secpod.oval:def:34290
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:602524
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:501844
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:36326
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ...

oval:org.secpod.oval:def:36314
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:602558
Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service , overwrite files, information disclosure, or potentially to execute arbit ...

oval:org.secpod.oval:def:602532
Marcin "Icewall" Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitra ...

oval:org.secpod.oval:def:501913
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ...

oval:org.secpod.oval:def:603195
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.

oval:org.secpod.oval:def:113785
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:113786
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:114110
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:44840
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle bounds checking. Successful exploitation leads to integer overflow.

oval:org.secpod.oval:def:114228
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:114255
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:114245
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:108574
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ...

oval:org.secpod.oval:def:108705
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ...

oval:org.secpod.oval:def:110483
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:110505
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110542
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:110561
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110577
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:111458
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:111465
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:112363
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:112423
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:113007
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:113015
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:113157
The kernel meta package

oval:org.secpod.oval:def:113249
The kernel meta package

oval:org.secpod.oval:def:502035
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ...

oval:org.secpod.oval:def:502139
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:112256
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:602827
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition.

oval:org.secpod.oval:def:112227
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1800766
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ...

oval:org.secpod.oval:def:703577
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:703533
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:113486
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:113480
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:603154
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603153
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:113571
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:43224
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:43056
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an out-of-bounds read vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue, which existed in X.509 IPAddressFamily parsing. Successful exploitation all ...

oval:org.secpod.oval:def:603354
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:603327
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603356
Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.

oval:org.secpod.oval:def:1800951
CVE-2018-7490: uwsgi before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Fixed In Version:¶ uwsgi 2.0.17

oval:org.secpod.oval:def:1800564
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800557
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800705
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read¶ Affected versions:¶ libcurl 7.49.0 to and including 7.57.0 Not affected versions:¶ libcurl = 7.58.0

oval:org.secpod.oval:def:1800391
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions:¶ libcurl 7.20.0 to and including 7.56.0 Not aff ...

oval:org.secpod.oval:def:1800364
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800943
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800914
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0

oval:org.secpod.oval:def:1800913
CVE-2016-10195: dns remote stack over read vulnerability; Fixed in libevent 2.1.6

oval:org.secpod.oval:def:1800178
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:1800162
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800558
CVE-2017-7867: Heap-buffer overflow in utext_setNativeIndex function

oval:org.secpod.oval:def:1800609
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800286
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:1800226
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch:

oval:org.secpod.oval:def:1800697
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read; Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:1800719
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800337
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ...

oval:org.secpod.oval:def:1800465
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1800458
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. ...

oval:org.secpod.oval:def:603244
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ...

oval:org.secpod.oval:def:1800505
CVE-2016-5419: TLS session resumption client cert bypass. Fixed In Version: curl 7.50.1 CVE-2016-5420: Re-using connection with wrong client cert. Fixed In Version: curl 7.50.1 CVE-2016-5421: Use of connection struct after free. Fixed In Version: curl 7.50.1

oval:org.secpod.oval:def:1800949
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800190
CVE-2016-4962, XSA-175: Unsanitised guest input in libxl device handling code. CVE-2016-4480, XSA-176: x86 software guest page walk PS bit handling flaw. CVE-2016-4963, XSA-178: Unsanitised driver domain input in libxl device handling. CVE-2016-3710 CVE-2016-3712, XSA-179: QEMU: Banked access to VGA ...

oval:org.secpod.oval:def:1800148
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1800161
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read. Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:1800125
Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. Fixed In: libreoffice 5.1.4, libreoffice 5.2.0

oval:org.secpod.oval:def:1800554
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read. If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m, ...

oval:org.secpod.oval:def:1800637
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba uses the real path system call to ensure when a client requests access to a pathname that it ...

oval:org.secpod.oval:def:1800264
CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ...

oval:org.secpod.oval:def:1800665
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800748
A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output, can trivially predict the following 20 bytes. Fixed In Version: libgcrypt 1.7.3, libgcrypt 1.6.6, libgcrypt 1.5.6, gnupg 1.4.21

oval:org.secpod.oval:def:1800383
x86: inconsistent cachability flags on guest mappings. Multiple mappings of the same physical page with different cachability setting can cause problems. While one category affects only guests themselves , the other category being Machine Check exceptions can be fatal to entire hosts.

oval:org.secpod.oval:def:1800374
Incorrect SASL authentication in the CharybdisIRC server may lead to users impersonating other users. Fixed In Version: 3.5.3.

oval:org.secpod.oval:def:1800390
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800393
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted QuickTime IMA file.

oval:org.secpod.oval:def:1800397
CVE-2016-7440: mariadb 5.5.53, mariadb 10.1.19 CVE-2016-5584: mariadb 5.5.53, mariadb 10.1.19 Reference:

oval:org.secpod.oval:def:1800361
CVE-2016-10195: dns remote stack overread vulnerability. Fixed in libevent 2.1.6

oval:org.secpod.oval:def:1800369
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

oval:org.secpod.oval:def:1800794
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:1800407
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800813
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0

oval:org.secpod.oval:def:1800496
It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead.

oval:org.secpod.oval:def:1800464
A heap overflow in collectd"s network plugin which can be triggered remotely and is potentially exploitable. Fixed In Version: collectd 5.5.2, collectd 5.4.3

oval:org.secpod.oval:def:1800469
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800486
libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ...

oval:org.secpod.oval:def:1800429
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a ...

oval:org.secpod.oval:def:603351
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ...

oval:org.secpod.oval:def:45196
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45214
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server : Security : Privileges. Successful exploitation allows attackers to affect Availability ...

oval:org.secpod.oval:def:20458400
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump . Security Fix: * Mu ...

oval:org.secpod.oval:def:204635
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:204678
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:204676
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:114310
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:45091
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:603362
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:114298
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110885
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110874
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110869
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:704051
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:45092
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:602570
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many ...

oval:org.secpod.oval:def:1800302
CVE-2016-1238: loading of modules from current directory Fixed In Version: perl 5.22.3, perl 5.24.1

oval:org.secpod.oval:def:1800087
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:113871
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:603227
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened.

oval:org.secpod.oval:def:114056
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:38489
The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:113491
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:1800681
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1800488
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1501720
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:1501721
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:1501866
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502030
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502042
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:1502043
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:1502044
Several security issues were fixed in wget.

oval:org.secpod.oval:def:1600492
It was found that the ghostscript functions getenv, file name for all and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie ...

oval:org.secpod.oval:def:1600794
stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel , an unauthenticated atta ...

oval:org.secpod.oval:def:1600796
Heap-based buffer overflow in HTTP protocol handlingA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ...

oval:org.secpod.oval:def:1600848
Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely

oval:org.secpod.oval:def:603267
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:114047
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:114046
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:703980
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1800474
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.

oval:org.secpod.oval:def:204067
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:204068
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:204242
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:204500
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ...

oval:org.secpod.oval:def:204553
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:204554
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:204559
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:1800926
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Version Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800962
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800963
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800964
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:114138
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114134
An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases.

oval:org.secpod.oval:def:603308
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:704008
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:114150
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1502070
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204711
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:204706
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:1800581
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:603183
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:502196
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:1600822
Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ...

oval:org.secpod.oval:def:113525
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:703891
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:502200
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:113679
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1800466
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1502088
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204598
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:603390
An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.

oval:org.secpod.oval:def:703918
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:43014
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43011
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43012
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:113010
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113002
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113412
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:603137
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:45316
The host is installed with Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unauthenticated network access via HTTP. Successful exploitation allows an attacker to take ov ...

oval:org.secpod.oval:def:603177
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

oval:org.secpod.oval:def:113561
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113994
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113995
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:112960
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:602713
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based sh ...

oval:org.secpod.oval:def:114224
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:114223
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:704032
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:603338
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:603337
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:114263
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:114262
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:44771
The host is installed with OpenSSL 1.1.0 before 1.1.0h or OpenSSL 1.0.2b before 1.0.2n and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful exploitation can allow attackers to crash the applicat ...

oval:org.secpod.oval:def:603348
It was discovered that a race condition in beep allows local privilege escalation.

oval:org.secpod.oval:def:602739
Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vu ...

oval:org.secpod.oval:def:111946
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins.

oval:org.secpod.oval:def:111945
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins.

oval:org.secpod.oval:def:602760
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

oval:org.secpod.oval:def:703446
ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to load kernel modules as an administrator.

oval:org.secpod.oval:def:1502141
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204777
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:502281
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:502280
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:1700023
Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c:rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacke ...

oval:org.secpod.oval:def:704030
librelp: Reliable Event Logging Protocol library librelp could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:603330
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ...

oval:org.secpod.oval:def:114252
Librelp is an easy to use library for the RELP protocol. RELP is a general-purpose, extensible logging protocol.

oval:org.secpod.oval:def:114250
Librelp is an easy to use library for the RELP protocol. RELP is a general-purpose, extensible logging protocol.

oval:org.secpod.oval:def:1502188
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502187
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114006
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:114011
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:113993
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:113980
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:603258
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ...

oval:org.secpod.oval:def:45297
The host is installed with 7 zip before 18.0 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted ZIP archive. Successful exploitation could allow remote attackers to crash the service.

oval:org.secpod.oval:def:1600721
Unsafe YAML deserialization:Versions of Puppet prior to 4.10.1 will deserialize data off the wire with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire ...

oval:org.secpod.oval:def:602901
It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way t ...

oval:org.secpod.oval:def:112428
Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ...

oval:org.secpod.oval:def:703640
puppet: Centralized configuration management Several security issues were fixed in Puppet.

oval:org.secpod.oval:def:1800661
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:1800653
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:602907
It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.

oval:org.secpod.oval:def:1800859
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:112445
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ...

oval:org.secpod.oval:def:112441
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ...

oval:org.secpod.oval:def:602209
It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.

oval:org.secpod.oval:def:109880
With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking ...

oval:org.secpod.oval:def:109855
With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking ...

oval:org.secpod.oval:def:114326
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:45313
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2001 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the se ...

oval:org.secpod.oval:def:45314
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:603372
Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:45294
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2.1 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the ser ...

oval:org.secpod.oval:def:45295
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:603040
Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies.

oval:org.secpod.oval:def:1800928
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800930
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800931
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800947
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions curl 7.12.3 to and including curl 7.58.0 Not affected versions curl = 7.59.0

oval:org.secpod.oval:def:1600871
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:1700024
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:704012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:603309
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:114167
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114152
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:602829
Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file is opened.

oval:org.secpod.oval:def:111956
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:111948
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:703618
jbig2dec: JBIG2 decoder library Several security issues were fixed in jbig2dec.

oval:org.secpod.oval:def:603371
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:41754
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:703743
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:112979
The xfreerdp Remote Desktop Protocol client from the FreeRDP project. xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:112990
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:112963
The xfreerdp Remote Desktop Protocol client from the FreeRDP project. xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:112965
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:603033
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side.

oval:org.secpod.oval:def:603111
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:204816
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:45861
The host is installed with Artifex Ghostscript before 9.21 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly decode halftone segments in a JBIG2 image. Successful exploitation could allow attackers to trigger a segmentation faul ...

oval:org.secpod.oval:def:45875
The host is installed with Ghostscript 9.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted postscript file. Successful exploitation could allow attackers to read data via a crafted postscript file.

oval:org.secpod.oval:def:603389
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ...

oval:org.secpod.oval:def:114362
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:1800939
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800945
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions 2.4.1 to 2.4.29 Fixed in Apache 2.4.30

oval:org.secpod.oval:def:1800946
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:114319
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:1800950
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1600879
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ...

oval:org.secpod.oval:def:704065
apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:704052
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:603350
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:114242
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:114244
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:703803
apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1502033
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502039
Several security issues were fixed in httpd.

oval:org.secpod.oval:def:603112
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

oval:org.secpod.oval:def:502150
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:502156
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:113556
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:1600776
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. ...

oval:org.secpod.oval:def:113262
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:204571
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:204577
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:43037
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation could allow attackers to obtain sensitive information that ...

oval:org.secpod.oval:def:43036
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:603412
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

oval:org.secpod.oval:def:502028
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:40407
The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40131
The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40132
The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40130
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:603375
It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.

oval:org.secpod.oval:def:114313
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114296
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:603379
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:114477
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:38110
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38111
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:38109
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:38101
The host is installed with Wireshark 2.0.x before 2.0.7 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38102
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:38103
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38104
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:38108
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:1800642
CVE-2017-17083: NetBIOS dissector crash¶ Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:603207
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:36986
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36985
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:36984
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:36983
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36982
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:36976
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36975
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:36974
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:36973
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36972
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:43222
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43221
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43220
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:602619
Multiple vulnerabilities were discovered in the dissectors for H.225, Catapult DCT2000, UMTS FP and IPMI, which could result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:602678
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.

oval:org.secpod.oval:def:113856
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:43029
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43028
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43027
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP Safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:1800441
CVE-2017-17083: NetBIOS dissector crash Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:603336
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002

oval:org.secpod.oval:def:114600
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:114363
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:114364
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1600893
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

oval:org.secpod.oval:def:114432
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:603395
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ...

oval:org.secpod.oval:def:1800982
CVE-2018-1000178: A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

oval:org.secpod.oval:def:113043
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:113044
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1800103
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:502120
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix: * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially ...

oval:org.secpod.oval:def:703752
libsoup2.4: HTTP client/server library for GNOME Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic.

oval:org.secpod.oval:def:113078
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:113083
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1800201
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:603385
Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the "quasselcore" service after upgrading the Quassel packages.

oval:org.secpod.oval:def:1800406
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:204645
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix: * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially ...

oval:org.secpod.oval:def:603049
Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ...

oval:org.secpod.oval:def:1800434
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:114365
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:114402
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:114554
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:114552
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:603393
Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed. The oldstable distribution is not affected.

oval:org.secpod.oval:def:114358
The kernel meta package

oval:org.secpod.oval:def:114282
The kernel meta package

oval:org.secpod.oval:def:204817
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:502292
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:1502213
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603310
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:1800916
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options" values are then used in Vim"s scripts to build a command string that"s evaluated by : ...

oval:org.secpod.oval:def:602680
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

oval:org.secpod.oval:def:703368
vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703329
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:38789
The host is missing a security update according to Apple advisory, APPLE-SA-2017-01-23-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:38800
The host is installed with Apple Mac OS X or Server 10.12.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle certain modeline options. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:204692
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:501950
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ...

oval:org.secpod.oval:def:111576
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ...

oval:org.secpod.oval:def:111570
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ...

oval:org.secpod.oval:def:602646
It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.

oval:org.secpod.oval:def:501999
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:1600851
Mishandling of client certificates can allow for OCSP check bypass:When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the ...

oval:org.secpod.oval:def:603275
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ...

oval:org.secpod.oval:def:114553
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:114529
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:114528
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:603409
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ...

oval:org.secpod.oval:def:704118
libvirt: Libvirt virtualization toolkit Side channel execution mitigations were added to libvirt.

oval:org.secpod.oval:def:46090
The host is installed with Apple Mac OS X 10.13.2 or later and is prone to an arbitary code execution vulnerability. A flaw is present in the application, which fails to handle crafted files. Successful exploitation could allow an attacker to cause arbitrary code execution.

oval:org.secpod.oval:def:1801002
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1801006
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1800990
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1800998
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1801007
CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2.

oval:org.secpod.oval:def:704114
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704115
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704090
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments Several security issues were addressed in the Linux kernel.

oval:org.secpod.oval:def:704089
linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704085
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were addressed in the Linux kernel.

oval:org.secpod.oval:def:1502233
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502231
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703816
emacs24: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703813
emacs25: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1800584
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ...

oval:org.secpod.oval:def:502138
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tric ...

oval:org.secpod.oval:def:113613
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows.

oval:org.secpod.oval:def:114352
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114354
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114348
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114309
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114304
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114468
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114274
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114273
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114569
The kernel meta package

oval:org.secpod.oval:def:502318
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ...

oval:org.secpod.oval:def:502319
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:502320
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ...

oval:org.secpod.oval:def:113977
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:1800289
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service. Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:603278
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:1800399
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:703974
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:1800989
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:45388
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:1801000
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:1801001
CVE-2018-8897, XSA-260: x86: mishandling of debug exceptions

oval:org.secpod.oval:def:1801004
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:114497
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114424
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45416
The host is missing an important security update for KB4134651

oval:org.secpod.oval:def:114565
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114551
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45915
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle an undocumented instructions issue. Successful exploitation allows attackers to execute arbitrary code with ker ...

oval:org.secpod.oval:def:1502203
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502204
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502201
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502202
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502205
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603398
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ...

oval:org.secpod.oval:def:603396
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ...

oval:org.secpod.oval:def:114614
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:502322
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:45418
The host is missing an important security update for KB4103731

oval:org.secpod.oval:def:45419
The host is missing an important security update for KB4103730

oval:org.secpod.oval:def:45421
The host is missing an important security update 4103715

oval:org.secpod.oval:def:45422
The host is missing an important security update for KB4103716

oval:org.secpod.oval:def:45423
The host is missing an important security update for KB4103721

oval:org.secpod.oval:def:45435
The host is missing an important security update for KB4103723

oval:org.secpod.oval:def:45436
The host is missing an important security update for KB4103725

oval:org.secpod.oval:def:45437
The host is missing an important security update 4103726

oval:org.secpod.oval:def:45438
The host is missing an important security update for KB4103727

oval:org.secpod.oval:def:45440
The host is missing an important security update 4103712

oval:org.secpod.oval:def:45543
The host is missing an important security update 4103718

oval:org.secpod.oval:def:114727
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:204835
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:1502252
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204833
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:204813
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec * procps-ng, procps: ...

oval:org.secpod.oval:def:114550
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:704091
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:1700050
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run ...

oval:org.secpod.oval:def:1502232
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502237
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114539
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:603404
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ...

oval:org.secpod.oval:def:502306
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec * procps-ng, procps: ...

oval:org.secpod.oval:def:502311
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:1502259
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114623
Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation.

oval:org.secpod.oval:def:114622
Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation.

oval:org.secpod.oval:def:603415
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

oval:org.secpod.oval:def:1600892
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch ope ...

oval:org.secpod.oval:def:204822
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: error in exception handling leads to wrong debug stack value * Kernel: error in exception handling leads to DoS * Kernel: ipsec: xfrm: use-after-free leading to potential privilege es ...

oval:org.secpod.oval:def:502287
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: error in exception handling leads to wrong debug stack value * Kernel: error in exception handling leads to DoS * Kernel: ipsec: xfrm: use-after-free leading to potential privilege es ...

oval:org.secpod.oval:def:1502222
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700044
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch ope ...

oval:org.secpod.oval:def:1502240
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502241
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502247
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502248
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502246
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502207
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603383
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer . On a system with a driver using blk-mq , a local user might be able to us ...

oval:org.secpod.oval:def:603384
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:603413
It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ...

oval:org.secpod.oval:def:45188
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Confidentiality, Integr ...

oval:org.secpod.oval:def:45191
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45195
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Locking. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45203
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:114336
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114331
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1600889
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600887
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ...

oval:org.secpod.oval:def:1600890
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:114482
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114543
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:704063
mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704053
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:603370
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes

oval:org.secpod.oval:def:114667
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:114705
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:45211
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:45215
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45213
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:603388
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.

oval:org.secpod.oval:def:110422
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:34616
The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ...

oval:org.secpod.oval:def:703098
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:110559
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:602467
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" i ...

oval:org.secpod.oval:def:501928
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:501995
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:204626
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:1700054
Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.Curl version cu ...

oval:org.secpod.oval:def:704079
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:114544
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114538
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:603399
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

oval:org.secpod.oval:def:45660
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:1800993
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800995
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800999
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1600894
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:114590
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:114589
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:1700048
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:704107
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:114729
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114750
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114754
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:45898
The host is installed with Apple Mac OS 10.13.4, 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory or ...

oval:org.secpod.oval:def:204798
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:43639
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:502286
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:1502220
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502258
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502206
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502215
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502217
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1801005
A flaw was found in strongSwan VPN"s charon server prior to version 5.6.3. In stroke_socket.c, a missing packet length check could allow a integer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with local user credentials may ...

oval:org.secpod.oval:def:114595
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:114563
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:114642
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:603432
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ...

oval:org.secpod.oval:def:1502253
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600702
A remote code execution flaw was found in Samba. A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Sa ...

oval:org.secpod.oval:def:703802
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502082
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502089
The advisory is missing the security advisory description. For more information please visit the reference link

CVE    816
CVE-2016-9119
CVE-2016-3674
CVE-2016-5322
CVE-2016-5315
...
*CPE
cpe:/o:debian:debian_linux:8.0

© SecPod Technologies